Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 01 September 2023
Black Arrow Cyber Threat Intelligence Briefing 01 September 2023:
-66 Percent of Businesses Don't Understand Their Cyber Risks
-Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked
-Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up
-Survey Finds In-house Counsel Cyber Anxiety Skyrocketing
-58% of Malicious Emails Contained Spoofed Content
-Cyber Attacks Remain a Top Concern for Organisations Across All Industries
-BYOD Security Gap: Survey Finds 49% of European Firms Unprotected
-13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend
-Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report
-Kroll’s Breach Highlights SIM-Swapping Risk
-Reducing The Risk of AI, What Can You Do?
-Debunking Popular Cyber Security Myths
-3 Malware Loaders Responsible for 80% of Intrusions
-MOVEit Hack Shows Attackers Still Use Old Tricks
-Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
66 Percent of Businesses Don't Understand Their Cyber Risks
A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.
83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.
Source: [Beta News]
Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked
All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.
The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.
Sources [Data Breaches] [UKAuthority]
Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up
Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.
As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.
Sources [Dark Reading] [The Record] [Security Magazine]
Survey Finds In-house Counsel Cyber Anxiety Skyrocketing
In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.
There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.
Source: [Law.com]
58% of Malicious Emails Contained Spoofed Content
According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.
The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.
Source: [Security Magazine]
Cyber Attacks Remain a Top Concern for Organisations Across All Industries
Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.
With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.
Source: [Business Wire]
BYOD Security Gap: Survey Finds 49% of European Firms Unprotected
A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.
The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.
Source: [Infosecurity Magazine]
13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend
In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.
It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.
Source: [Security Magazine]
Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report
In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.
Source: [The Hacker News]
Kroll’s Breach Highlights SIM-Swapping Risk
A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.
In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.
Source [Dark Reading]
Reducing The Risk of AI, What Can You Do?
Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.
Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.
Sources: [CSO Online] [UKTech News]
Debunking Popular Cyber Security Myths
At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?
When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.
So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.
Sources: [Forbes] [Trend Micro]
3 Malware Loaders Responsible for 80% of Intrusions
Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.
Sources: [The Register] [Infosecurity Magazine]
MOVEit Hack Shows Attackers Still Use Old Tricks
SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.
The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?
Source: [Dark Reading]
Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.
In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.
Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.
Source: [Ars Technica]
Governance, Risk and Compliance
66 percent of businesses don't understand their cyber risks (betanews.com)
Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com
Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)
Cyber Security Enters Conversation About Executive Pay - WSJ
Cyber defence makes up majority of cyber security budgets | Security Magazine
How international cyber security frameworks can help CISOs | CSO Online
Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online
SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget
Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
80% of organisations expect ransomware spending to increase | Security Magazine
Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)
MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)
Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek
Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)
Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)
Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)
LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)
Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar
Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)
Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)
Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)
Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)
How Ransomware Groups Respond to External Pressure (inforisktoday.com)
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)
Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)
8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)
Black Basta Besting Your Network? (securityintelligence.com)
Ransomware Victims
Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)
Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)
St Helens Council still dealing with suspected cyber-attack - BBC News
Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)
University of Michigan shuts down network after cyber attack (bleepingcomputer.com)
Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)
Phishing & Email Based Attacks
Phishing as a service continues to plague business users - SiliconANGLE
58% of malicious emails contained spoof content | Security Magazine
13% of employees admit to falling for phishing attacks working at home | Security Magazine
New phishing attacks target FTX users following Kroll data breach – Cryptopolitan
Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)
Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)
US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)
Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)
Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)
How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US
Other Social Engineering; Smishing, Vishing, etc
Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)
New phishing attacks target FTX users following Kroll data breach – Cryptopolitan
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek
Artificial Intelligence
Cyber security agency gives AI chatbot warning (uktech.news)
Why generative AI is a double-edged sword for the cyber security sector | VentureBeat
IT leaders alarmed by generative AI's SaaS security implications - Help Net Security
Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)
Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)
Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)
Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)
Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online
How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat
Google launches tool to identify AI-generated images - Help Net Security
2FA/MFA
AITM/MITM
Malware
These 3 loaders were behind 80% of intrusions this year • The Register
20+ Malware Statistics You Need to Know in 2023 (techreport.com)
'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)
Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)
Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)
Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)
DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)
Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)
SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)
Mobile
Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)
Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)
New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)
What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)
New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)
China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)
Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week
Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)
8 Ways To Boost Your Android Phone's Security (slashgear.com)
Botnets
Denial of Service/DoS/DDOS
BYOD
Internet of Things – IoT
Data Breaches/Leaks
Metropolitan Police reports supplier cyber breach | UKAuthority
Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)
American Express admits APAC employees' data leak, blames a third-party payroll service
Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)
French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs
Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week
Paramount discloses data breach following security incident (bleepingcomputer.com)
Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)
Organised Crime & Criminal Actors
Moscow helping cyber criminals operate with 'near impunity': report | The Province
Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)
Microsoft weighs in on Russian-led UN cyber crime treaty • The Register
‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)
Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)
Cyber Criminals use research contests to create new attack methods - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fraud, Scams & Financial Crime
Impersonation Attacks
Deepfakes
Insurance
Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK
Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)
Understand the fine print of your cyber insurance policies - Help Net Security
Supply Chain and Third Parties
American Express admits APAC employees' data leak, blames a third-party payroll service
Met should thoroughly investigate cyber security practices, say experts | Evening Standard
Cloud/SaaS
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget
Better SaaS Security Goes Beyond Procurement (darkreading.com)
Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)
Hybrid/Remote Working
Identity and Access Management
Encryption
Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat
How Quantum Computing Will Impact Cyber Security - Security Week
Passwords, Credential Stuffing & Brute Force Attacks
Four common password mistakes hackers love to exploit (bleepingcomputer.com)
Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)
LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)
Biometrics
Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update
Elon Musk's X to collect biometric data, work and school history - The Japan Times
Home Office and MoD seeking new facial-recognition tech | Computer Weekly
Social Media
ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)
EU safety laws start to bite for TikTok, Instagram and others - BBC News
Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)
X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)
Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News
Training, Education and Awareness
Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)
Cyber awareness education is a change-management initiative | CSO Online
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)
New law could turn UK into a hacker's playground | Computerworld
Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)
EU safety laws start to bite for TikTok, Instagram and others - BBC News
Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra
Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online
Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)
Models, Frameworks and Standards
What are the Cyber Security Standards of Basel III? | UpGuard
Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)
Is the new OWASP API Top 10 helpful to defenders? - Help Net Security
How international cyber security frameworks can help CISOs | CSO Online
Data Protection
ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)
Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra
Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra
Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra
Careers, Working in Cyber and Information Security
Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)
Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com
How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update
Expert shares stark safety warning over Twitter updates | Tech News | Metro News
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop
New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)
NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro
Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times
Microsoft weighs in on Russian-led UN cyber crime treaty • The Register
Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week
Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News
China
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica
China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)
Barracuda flaw: FBI warns customers over ineffective patch | ITPro
Almost a third of compromised Barracuda ESGs were govt owned • The Register
James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)
Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)
China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)
Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)
North Korea
North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online
Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)
Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review
North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)
North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)
Vulnerability Management
New law could turn UK into a hacker's playground | Computerworld
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
How did Clop get its hands on the MOVEit zero day? (therecord.media)
Vulnerabilities
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)
Microsoft Teams attack exposes collab platform security gaps | TechTarget
Barracuda flaw: FBI warns customers over ineffective patch | ITPro
Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)
Google Chrome 116's second point update addresses a security issue - gHacks Tech News
Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)
Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)
Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)
Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week
This WordPress plugin with 5 million users could have a serious security flaw | TechRadar
Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)
Tools and Controls
Why generative AI is a double-edged sword for the cyber security sector | VentureBeat
Cyber defence makes up majority of cyber security budgets | Security Magazine
Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)
Think twice before accepting notifications on Chrome: threats on the rise | Cybernews
Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)
Enterprise dark web monitoring: Why it's worth the investment | TechTarget
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Is the new OWASP API Top 10 helpful to defenders? - Help Net Security
Here's What Your Breach Response Plan Might Be Missing (darkreading.com)
Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)
Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)
Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)
Detecting the Undetected: The Risk to Your Info (securityintelligence.com)
National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)
Other News
Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)
Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt
When lives rely on equipment, cyber security is essential | Healthcare IT News
Think twice before accepting notifications on Chrome: threats on the rise | Cybernews
Rising cyber incidents challenge healthcare organisations - Help Net Security
Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)
Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)
Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)
69% of educational organisations suffered cyber attack in the past year - Netwrix survey
Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)
Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)
Cyber Attacks Targeting E-commerce Applications (thehackernews.com)
Industrial networks need better security as attacks gain scale | ZDNET
National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 July 2023
Black Arrow Cyber Threat Briefing 21 July 2023:
-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals
-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
-Risk is Driving Medium-Sized Business Decisions
-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security
-Hybrid Work, Digital Transformation can Exploit Security Gaps
-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
-Pro-Russian Hacktivists Increase Focus on Western Targets
-Infosec Doesn't Know What AI Tools Orgs Are Using
-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.
A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.
https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/
MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals
The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.
The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.
https://www.theregister.com/2023/07/20/moveit_victim_count/
IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.
Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.
Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.
A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.
Risk is Driving Medium-Sized Business Decisions
Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.
In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.
Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security
For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.
However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.
This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.
Hybrid Work, Digital Transformation can Exploit Security Gaps
A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.
What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.
https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/
https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html
Pro-Russian Hacktivists Increase Focus on Western Targets
‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.
The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.
https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/
Infosec Doesn't Know What AI Tools Organisations Are Using
With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.
Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.
https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using
Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.
https://www.theregister.com/2023/07/19/google_cuts_internet/
Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.
The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023
Governance, Risk and Compliance
Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert
Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)
Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
CISOs are making cyber security a business problem - Help Net Security
Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)
Best practices for an effective cyber security strategy | CSO Online
Exploring the macro shifts in enterprise security - Help Net Security
Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro
Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)
Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)
SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)
New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek
Google’s Bard poses ransomware risk, say researchers | Cybernews
FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Ransomware Victims
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch
MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)
BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly
Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian
Russian medical lab suspends some services after ransomware attack (therecord.media)
Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Phishing & Email Based Attacks
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
BEC – Business Email Compromise
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent
Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)
AI models must be reconciled with data protection laws • The Register
1 in 4 Brits play with generative AI and some believe it too • The Register
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
AI must have better security, says top cyber official - BBC News
Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Google’s Bard poses ransomware risk, say researchers | Cybernews
Malware
Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)
Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs
Are Viruses Still a Threat to Cyber security? (makeuseof.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)
Mobile
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)
Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)
Botnets
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Denial of Service/DoS/DDOS
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop
Attackers intensify DDoS attacks with new tactics - Help Net Security
Internet of Things – IoT
How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)
US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)
Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)
Data Breaches/Leaks
MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek
Data compromises on track to set a new record - Help Net Security
Virustotal data leak exposed data of some registered customers - Security Affairs
What to do (and what not to do) after a data breach - Help Net Security
Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
LastPass: The lessons we learnt from our devastating breach | TechRadar
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)
FIA World Endurance Championship driver passports leaked - Security Affairs
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Colorado State University says data breach impacts students, staff (bleepingcomputer.com)
Organised Crime & Criminal Actors
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek
Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Former contractor accused of remotely accessing town's water treatment facility | Tripwire
Insider Risk Management Starts With SaaS Security (darkreading.com)
Fraud, Scams & Financial Crime
Growing scam activity linked to social media and automation - Help Net Security
A fresh look at the current state of financial fraud - Help Net Security
Tech support scammers now accepting cash via snail mail • The Register
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
AML/CFT/Sanctions
Insurance
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Dark Web
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
Supply Chain and Third Parties
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Supply chain executives unaware of growing customer trust issues - Help Net Security
Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)
Cloud/SaaS
Microsoft makes cloud security logs available for free • The Register
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Hybrid/Remote Working
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Securing The Hybrid Workforce Begins With Browsing (forbes.com)
Attack Surface Management
Identity and Access Management
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
The rise of hassle-free and secure authentication | CyberScoop
Encryption
Real-world examples of quantum-based attacks - Help Net Security
EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Signal president rejects ‘mass surveillance’ UK law | Fortune
API
Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)
API keys: Weaknesses and security best practices | TechTarget
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass: The lessons we learnt from our devastating breach | TechRadar
Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Social Media
Growing scam activity linked to social media and automation - Help Net Security
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
Training, Education and Awareness
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)
Digital Transformation
Travel
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
Regulations, Fines and Legislation
AI models must be reconciled with data protection laws • The Register
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Career Benefits of Learning Ethical Hacking (analyticsinsight.net)
Should You Be Using a Cyber security Careers Framework? (darkreading.com)
Law Enforcement Action and Take Downs
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Privacy, Surveillance and Mass Monitoring
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop
Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)
Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)
Ukraine innovates on cyber defence | Financial Times (ft.com)
China
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert
Xi wants to make the Great Firewall of China even greater • The Register
North Korea
JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)
North Korean hackers breached a US tech company to steal crypto | Reuters
Misc/Other/Unknown
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
APT Protection: The Key to Safeguarding Your Business (ts2.space)
How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
What is Vulnerability Assessment In Cyber security? (gbhackers.com)
Vulnerabilities
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)
Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)
OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs
Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)
5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)
Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek
Google says Apple employee found a zero-day but did not report it | TechCrunch
Tools and Controls
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)
A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)
Enterprise communication security a growing risk, priority | TechTarget
MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)
NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft's security roadmap: Protect Azure DevOps secrets • The Register
CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)
What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET
Insider Risk Management Starts With SaaS Security (darkreading.com)
67% of daily security alerts overwhelm SOC analysts - Help Net Security
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Microsoft makes cloud security logs available for free • The Register
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
API keys: Weaknesses and security best practices | TechTarget
Other News
Google restricting internet access to some employees for security (cnbc.com)
Enterprise communication security a growing risk, priority | TechTarget
Healthcare organisations in the crosshairs of cyber attackers - Help Net Security
Broadband consumers demand security and sustainability - Help Net Security
Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)
Cyber security measures SMBs should implement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.