Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 14 July 2023
Black Arrow Cyber Threat Briefing 14 July 2023:
-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves
-Helping Boards Understand Cyber Risks
-Enterprise Risk Management Should Inform Cyber Risk Strategies
-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
-20% of Malware Attacks Bypass Antivirus Protection
-Ransomware Payments and Extortion Spiked Compared to 2022
-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
-Scam Page Volumes Surge 304% Annually
-Financial Industry Faces Soaring Ransomware Threat
-The Need for Risk-Based Vulnerability Management to Combat Threats
-Government Agencies Breached in Microsoft 365 Email Attacks
-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves
The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.
Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.
Helping Boards Understand Cyber Risks
A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.
It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.
Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.
https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/
Enterprise Risk Management Should Inform Cyber Risk Strategies
While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.
Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.
Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.
This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.
The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.
https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/
20% of Malware Attacks Bypass Antivirus Protection
In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).
Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.
https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/
Ransomware Payments and Extortion Spiked Compared to 2022
A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.
It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.
https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/
AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.
The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.
Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.
https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/
Scam Page Volumes Surge 304% Annually
Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.
It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.
https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/
Financial Industry Faces Soaring Ransomware Threat
The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.
https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.
By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.
Government Agencies Breached in Microsoft 365 Email Attacks
Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.
Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.
Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.
Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.
https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/
Governance, Risk and Compliance
CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security
Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)
AI, trust, and data security are key issues for finance firms and their customers | ZDNET
Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert
UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch
Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)
Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)
Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)
BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)
Ransomware Victims
Capita admits hackers also stole staff’s personal details (thetimes.co.uk)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Barts NHS hack leaves folks on tenterhooks over extortion • The Register
Scottish university cyber attack under investigation | The National
Phishing & Email Based Attacks
New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)
Number of email-based phishing attacks surges 464% - Help Net Security
Chinese hackers compromised emails of US Government agencies- -Security Affairs
Microsoft: Government agencies breached in email attacks | TechTarget
RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security
Top 10 Email Security Best Practices in 2023 (gbhackers.com)
Other Social Engineering; Smishing, Vishing, etc
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)
How hackers are now targeting your voice and how to protect yourself | Fox News
Artificial Intelligence
How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)
ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica
Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop
Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop
2FA/MFA
Malware
20% of malware attacks bypass antivirus protection - Help Net Security
Malware delivery to Microsoft Teams users made easy - Help Net Security
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)
Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)
Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)
Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld
BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
Mobile
Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs
The FCC aims to stop SIM swappers with new rules - The Verge
Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)
Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security
Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy
Internet of Things – IoT
Data Breaches/Leaks
So you gave personal info to a company caught in a data breach. Now what? | CBC News
HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)
US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Capita attackers reportedly stole data from pension fund • The Register
Twenty Manx public authorities reprimanded for data breach - BBC News
Bangladesh government website leaked data of millions of citizens-Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber security professional accused of stealing $9M in crypto | TechCrunch
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Insider Risk and Insider Threats
How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)
Former employee charged for attacking water treatment plant (bleepingcomputer.com)
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
Fraud, Scams & Financial Crime
E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)
The FCC aims to stop SIM swappers with new rules - The Verge
Insurance
Dark Web
Supply Chain and Third Parties
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Capita attackers reportedly stole data from pension fund • The Register
MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek
Cloud/SaaS
Only 45% of cloud data is currently encrypted - Help Net Security
Microsoft alleges China behind attack on Exchange Online • The Register
For stronger public cloud data security, use defence in depth | TechTarget
Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)
Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Encryption
API
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Open Source
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
The EU’s Product Liability Directive could kill open source | TechRadar
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)
Travel
Regulations, Fines and Legislation
How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)
A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek
The EU’s Product Liability Directive could kill open source | TechRadar
Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly
Models, Frameworks and Standards
How to map security gaps to the Mitre ATT&CK framework | TechTarget
Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Russia-based actor exploited unpatched Office zero day | TechTarget
SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)
Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)
Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)
Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)
Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert
Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
China
Chinese hackers compromised emails of US Government agencies-Security Affairs
UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent
Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)
Iran
North Korea
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Vulnerabilities
MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)
After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)
Russia-based actor exploited unpatched Office zero day | TechTarget
Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)
Raising concerns over Google Authenticator’s new features | TechRadar
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek
Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)
Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs
Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)
Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs
OT/ICS Vulnerabilities
Tools and Controls
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Infrastructure upgrades alone won't guarantee strong security - Help Net Security
What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget
Overcoming user resistance to passwordless authentication - Help Net Security
Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)
3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)
The history, evolution and current state of SIEM | TechTarget
Attack Surface Management: Identify and protect the unknown - Help Net Security
How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)
Intrusion Detection & Prevention Systems Guide (trendmicro.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Wi-Fi AP placement best practices and security policies | TechTarget
For stronger public cloud data security, use defence in depth | TechTarget
Other News
White House Urged to Quickly Nominate National Cyber Director (darkreading.com)
The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)
Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security
Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 November 2022
Black Arrow Cyber Threat Briefing 18 November 2022:
-Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
-Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
-Is Your Board Prepared for New Cyber Security Regulations?
-Unwanted Emails Steadily Creeping into Inboxes
-People Are Still Using the Dumbest Passwords Available
-Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
-44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
-MFA Fatigue Attacks Are Putting Your Organisation at Risk
-Cyber Security Training Boosts Risk Posture, Research Finds
-MI5 Chief: UK will have to tackle Russian Aggression ‘for Years to Come’
-Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
-Do Companies Need Cyber Insurance?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.
The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.
Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.
Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.
Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.
What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.
Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.
Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.
Is Your Board Prepared For New Cyber Security Regulations?
Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.
Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.
Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.
Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.
In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”
The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:
whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,
the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,
whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.
https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations
Unwanted Emails Steadily Creeping into Inboxes
A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.
This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.
HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.
New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.
For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
People Are Still Using the Dumbest Passwords Available
If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.
Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.
Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.
NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”
NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.
https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818
Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.
Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.
That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.
Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.
Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.
The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.
On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.
And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.
https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.
Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.
Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.
All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.
Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.
MFA Fatigue Attacks Are Putting Your Organisation at Risk
The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.
Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.
One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.
Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.
MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.
Cyber Security Training Boosts Risk Posture, Research Finds
Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.
The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.
The study’s key findings include:
73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.
62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.
Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.
67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.
53% invested in professional cyber security training due to a cyber security insurance audit.
48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.
41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.
Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.
MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’
Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.
Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.
The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.
Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.
McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.
Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.
Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.
Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.
Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.
Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.
However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.
Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.
The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.
While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”
Here are some macro highlights from the survey:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.
Do Companies Need Cyber Insurance?
Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.
Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.
This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.
A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.
Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.
Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.
https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance
Threats
Ransomware and Extortion
Ransomware is a global problem that needs a global solution | TechCrunch
FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)
The psychological fallout of a ransomware crisis - Help Net Security
New extortion scam threatens to damage sites’ reputation, leak data (bleepingcomputer.com)
Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data | SecurityWeek.Com
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
Hive Ransomware Has Made $100m to Date - Infosecurity Magazine (infosecurity-magazine.com)
LockBit Remains Most Prolific Ransomware in Q3 - Infosecurity Magazine (infosecurity-magazine.com)
DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog
Transportation sector targeted by both ransomware and APTs - Help Net Security
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Ransomware on Healthcare Organisations cost Global Economy $92 bn - IT Security Guru
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
Australia to ‘stand up and punch back’ against cyber crims • The Register
LockBit ransomware activity nose-dived in October (techtarget.com)
How to deal with the trauma of the Medibank cyber breach | Andrea Szasz | The Guardian
Researchers secretly helped decrypt Zeppelin ransomware for 2 years (bleepingcomputer.com)
Vanuatu: Hackers strand Pacific island government for over a week - BBC News
Canadian Supermarket Chain Sobeys Hit by Ransomware Attack | SecurityWeek.Com
Two public schools in Michigan hit by a ransomware attack - Security Affairs
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
Top enterprise email threats and how to counter them - Help Net Security
China-Based Sophisticated Phishing Campaign Uses 42,000 Domains - Information Security Buzz
Mass Email Extortion Campaign Claims Server Hack - Infosecurity Magazine (infosecurity-magazine.com)
Netflix Phishing Emails Surge 78% - Infosecurity Magazine (infosecurity-magazine.com)
Earth Preta Spear-Phishing Governments Worldwide (trendmicro.com)
Email Security Best Practices for Phishing Prevention (trendmicro.com)
Malware
Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' (darkreading.com)
QBot phishing abuses Windows Control Panel EXE to infect devices (bleepingcomputer.com)
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper (darkreading.com)
Study: Almost 50% of macOS malware only comes from one app - Neowin
Notorious Emotet botnet returns after a few months off • The Register
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Google Wins Lawsuit Against Glupteba Botnet Operators | SecurityWeek.Com
Mobile
Internet of Things – IoT
Shocker: EV charging infrastructure is seriously insecure • The Register
Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com
Data Breaches/Leaks
Police published sexual assault victims' names and addresses on its website (bitdefender.com)
Whoosh confirms data breach after hackers sell 7.2M user records (bleepingcomputer.com)
Organised Crime & Criminal Actors
Long-Standing Chinese Cyber crime Campaign Spoofs Over 400 Brands | SecurityWeek.Com
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Australia's Hack-Back Plan Against Cyber attackers Raises Familiar Concerns (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
'Three quarters' of retail Bitcoin investors are in the red • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Massive adware campaign spoofs top brands to trick users | TechRadar
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON (darkreading.com)
UK Shoppers Lost £15m+ to Scammers Last Winter - Infosecurity Magazine (infosecurity-magazine.com)
How scammers are now exploiting cashless parking (telegraph.co.uk)
Experts Advice On International Fraud Awareness Week - Information Security Buzz
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
Impersonation Attacks
42,000 sites used to trap users in brand impersonation scheme (bleepingcomputer.com)
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
2022 holiday DDoS protection guide - Microsoft Security Blog
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Cloud/SaaS
Cloud data protection trends you need to be aware of - Help Net Security
Cyber security implications of using public cloud platforms - Help Net Security
Evolving Security for Government Multiclouds (darkreading.com)
Encryption
Why companies can no longer hide keys under the doormat - Help Net Security
Quantum Cryptography Apocalypse: A Timeline and Action Plan (darkreading.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Advertising giant warns clients to stay off Twitter (telegraph.co.uk)
Meta keeps booting small-business owners for being hacked on Facebook | Ars Technica
Guinness, Cadbury’s and Nissan told to avoid ‘toxic’ and ‘dangerous’ Twitter (telegraph.co.uk)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Electronics repair technicians snoop on your data - Help Net Security
Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location (thehackernews.com)
Security firms hijack New York trees to monitor workers • The Register
Governance, Risk and Compliance
Careers, Working in Cyber and Information Security
Cyber security jobs: Five ways to help you build your career | ZDNET
Google cloud wants CISOs to do more about diversity • The Register
Amazon poaches top National Cyber Security Centre exec Levy | Business News | Sky News
Law Enforcement Action and Take Downs
Zeus Botnet Suspected Leader Arrested in Geneva - Infosecurity Magazine (infosecurity-magazine.com)
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Police dismantle pirated TV streaming network with 500,000 users (bleepingcomputer.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Chinese hackers target government agencies and defence orgs (bleepingcomputer.com)
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
COP27 Delegates Given Burner Phones To Combat Spying - Information Security Buzz
Avast details Worok espionage group's compromise chain - Security Affairs
Biden set to approve expansive authorities for Pentagon to carry out cyber operations - CyberScoop
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Europe’s spyware scandal is a global wakeup call. (slate.com)
Koch-funded group sues US state over mobile 'spyware' • The Register
Nation State Actors
Nation State Actors – Russia
UK Banks Bolstering Defences As Russian Cyber Threat Rises - Information Security Buzz
EXCLUSIVE Russian software disguised as American finds its way into U.S. Army, CDC apps | Reuters
Pro-Russian hackers claim cyber attack on FBI website: Report | Fox News
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Nation State Actors – China
China playing ‘long game’ as it co-opts UK assets, warns MI5 chief | Financial Times (ft.com)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Chinese Cyber espionage Group 'Billbug' Targets Certificate Authority | SecurityWeek.Com
Previously undetected Earth Longzhi APT is a subgroup of APT41 - Security Affairs
Rishi Sunak to hold surprise meeting with Chinese president at G20 | Financial Times (ft.com)
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
State-sponsored hackers in China compromise certificate authority | Ars Technica
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide (thehackernews.com)
Reports of Chinese police stations in US worry FBI - BBC News
Nation State Actors – North Korea
Nation State Actors – Iran
US govt: Iranian hackers breached federal agency using Log4Shell exploit (bleepingcomputer.com)
CISA: Iranian APT actors compromised federal network (techtarget.com)
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j | SecurityWeek.Com
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Microsoft Office lets hackers execute arbitrary code, update now | TechRadar
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says (darkreading.com)
Exploit released for actively abused ProxyNotShell Exchange bug (bleepingcomputer.com)
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ (bleepingcomputer.com)
Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com
Firefox 107 Patches High-Impact Vulnerabilities | SecurityWeek.Com
Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data (darkreading.com)
Mastodon users vulnerable to password-stealing attacks | The Daily Swig (portswigger.net)
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (thehackernews.com)
Tools and Controls
Reports Published in the Last Week
Other News
Cyber Resilience: The New Strategy to Cope With Increased Threats | SecurityWeek.Com
The 4 horsemen of the cyber security apocalypse | Security Magazine
The Top Five Cyber security Trends of 2023: KnowBe4 Makes Its Predictions - MSSP Alert
Build a mature approach for better cyber security vendor evaluation | CSO Online
Almost half of customers have left a vendor due to poor digital trust: Report | CSO Online
Global 2000 companies failing to adopt key domain security measures | CSO Online
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Repair technicians caught snooping on customer data • The Register
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.