Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Overconfident Organisations Prone to Cyber Breaches

A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.

Source: [IT Security Guru]

Board Members Struggling to Understand Cyber Risks

Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.

Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.

Source: [Infosecurity Magazine]

Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.

These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.

Source: [Fortune]

Cyber Attacks Reach Fever Pitch in Q2 2023

A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022.  Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.

Source: [Data Centre & Network News]

Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.

Sources: [The Record] [The Fintech Times] [Financial Times]

Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.

Source: [Bleeping Computer]

Europol - Financial Crime Makes “Billions” and Impacts “Millions”

The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.

Source: [Infosecurity Magazine]

Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.

Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.

Source: [IT Security Guru]

Hackers are Dropping USB Drives Outside Buildings to Target Networks

A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?

Source: [Tech Republic]

Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.

Source: [Information Security Buzz]

If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.

Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.

Source: [Make Use Of]

Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.

IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.

Sources: [Infosecurity Magazine] [The Register] [TechTarget]

Governance, Risk and Compliance

• More UK companies failing to tackle cyber security, reveals new report - The Intermediary - Latest UK mortgage news

• Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Why Data Theft Is Now The #1 Cyber Security Threat Keeping IT Pros Awake At Night (informationsecuritybuzz.com)

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• Global companies to hike security spending as threats rise - survey | Reuters

• CISOs need to be forceful to gain leverage in the boardroom - Help Net Security

• Board Members Struggling to Understand Cyber Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Board And CISO Disconnect On Cyber Security Preparedness 'Rings Alarm Bells'– Expert Comments (informationsecuritybuzz.com)

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security

• CISOs and Board Reporting – an Ongoing Problem - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)

• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)

• Ransomware and the cyber crime ecosystem - NCSC.GOV.UK

• Ransomware in top three threats for 65% of organisations | Security Magazine

• The 10 biggest ransomware attacks in history | TechTarget

• Sophos on the State of Ransomware - GovInfoSecurity

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

• Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)

• Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)

Ransomware Victims

• Greater Manchester Police officers' details targeted in 'ransomware attack' | Breaking News News | Sky News

• A phone call to helpdesk was likely all it took to hack MGM | Ars Technica

• MGM Resorts cyber attack: Casinos warned to be on 'high alert' as £11bn firm remains crippled | Science & Tech News | Sky News

• MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)

• Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN

• Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• IT Systems Encrypted After UK School Hit By Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data - Infosecurity Magazine (infosecurity-magazine.com)

• Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)

• Ransomware crew claims to have hit Save The Children • The Register

• Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters

• Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com

• Cyber security incident affects services at The Weather Network | CFJC Today Kamloops

Phishing & Email Based Attacks

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• Journalists, authors, and other writers targeted by phishing emails | TechRadar

• Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• How should SMBs navigate the phishing minefield? - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Understanding the dangers of social engineering - Help Net Security

• How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)

Artificial Intelligence

• Cyber Criminals Feasting On Artificial Intelligence (forbes.com)

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud security in the era of artificial intelligence (securityintelligence.com)

• Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE

2FA/MFA

• Organisation Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

Malware

• Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Intel-based Macs under attack from new MetaStealer malware — how to stay safe | Tom's Guide (tomsguide.com)

• Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)

• 3 Strategies to Defend Against Resurging Infostealers (darkreading.com)

• New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• 'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)

• Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)

• Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com

• Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek

Mobile

• 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)

• France halts iPhone 12 sales over radiation levels - BBC News

Denial of Service/DoS/DDOS

• Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)

• Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News

Internet of Things – IoT

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Hackers Are Salivating Over Electric Cars - The Atlantic

• Hackers will hack anything — including your sex toys - The Hustle

Data Breaches/Leaks

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra

• Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)

• Lessons from the DuoLingo data breach – Digital Journal

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• Airbus data leaked via infected customer computer • The Register

• Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Organised Crime & Criminal Actors

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Europol: Financial Crime Makes “Billions” and Impacts “Million" - Infosecurity Magazine (infosecurity-magazine.com)

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life | Financial Times (ft.com)

• Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)

• Ransomware in the underworld. (thecyberwire.com)

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks (thehackernews.com)

• Top blockchain Cyber security threats to watch out for (att.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

• Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

Insider Risk and Insider Threats

• Human behaviour as both threat and defence | Professional Security

Fraud, Scams & Financial Crime

• Latest fraud schemes targeting the payments ecosystem - Help Net Security

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

• Glasgow firm issues warning following recent cyber attack | Glasgow Times

Impersonation Attacks

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Deepfakes

• Deepfake cyber threats keep rising. Here's how to prevent them - SiliconANGLE

AML/CFT/Sanctions

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

Insurance

• Insurance industry grapples with rising cyber crime threat, climate change concerns: PwC - Reinsurance News

• Cyber security is top insurance concern as global attacks increase - Insurance Post (postonline.co.uk)

Dark Web

• Dark Web Threats to Businesses - DevX

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

Supply Chain and Third Parties

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• The rise and evolution of supply chain attacks - Help Net Security

• A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)

Cloud/SaaS

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Finding Your Way in Cloud Security - SecurityWeek

• 7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)

• Cloud storage security: What's new in the threat matrix | Microsoft Security Blog

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

• Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget

• Cloud security in the era of artificial intelligence (securityintelligence.com)

Containers

• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

Identity and Access Management

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Encryption

• OpenSSL 1.1.1 reaches end of life... unless you can pay up • The Register

• When a Quantum Computer Is Able to Break Our Encryption, It Won’t Be a Secret | Lawfare (lawfaremedia.org)

API

• API Expanding Attack Surfaces: 74% Reporting Multiple Breaches – Approov Comments (informationsecuritybuzz.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating API security to reinforce cyber defence - Help Net Security

• Machine Learning is a Must for API Security - IT Security Guru

Open Source

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)

Passwords, Credential Stuffing & Brute Force Attacks

• If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)

• Wi-Fi radio signal data can be used 'to predict passwords' • The Register

• Cloud credentials are the hot ticket item on the dark web • The Register

• Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)

Social Media

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

Training, Education and Awareness

• How to Transform Security Awareness Into Security Culture (darkreading.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)

• Great security training is a real challenge - Help Net Security

Digital Transformation

• Was the digital transformation worth it security-wise? (securityintelligence.com)

Parental Controls and Child Safety

• Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security- IT Security Guru

• Parents, children and cyber security: Time for a big conversation – Digital Journal

Cyber Bullying, Cyber Stalking and Sextortion

• How To Answer The General Counsel’s Questions After A Cyber Incident (forbes.com)

Regulations, Fines and Legislation

• SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra

• Cyber risk is business risk, and the SEC knows it (fdd.org)

• What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra

• The International Criminal Court will now prosecute cyberwar crimes | Ars Technica

• Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)

• UK ICO and NCSC Set to Share Anonymized Threat Intelligence - Infosecurity Magazine (infosecurity-magazine.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Models, Frameworks and Standards

• Understanding the HITRUST CSF and its Benefits | UpGuard

Backup and Recovery

• How to develop a cloud backup ransomware protection strategy | TechTarget

• How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)

Data Protection

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Careers, Working in Cyber and Information Security

• Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)

• Three ways to overcome cyber security staff shortages (securitybrief.co.nz)

Privacy, Surveillance and Mass Monitoring

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Your Car Is Spying On You, From Your Sex Life To How Fast You Go | Carscoops

• Google Chrome just rolled out a new way to track you and serve ads. Here's what you need to know (theconversation.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

China

• Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget

• Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian

• Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)

• Microsoft, Apple versus China, spyware actors (techrepublic.com)

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cyber Crime - SecurityWeek

• Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• China caught with its malware in another nation's power grid • The Register

• China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)

• As China steps up cyber security enforcement, smaller businesses are feeling the heat | South China Morning Post (scmp.com)

• British and Chinese academic research collaborations quadruple despite security fears (telegraph.co.uk)

Iran

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• ‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors (thehackernews.com)

North Korea

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

Misc Nation State/Cyber Warfare

• ‘Cyber attacks lower warfare bar, rules key’ | Mint (livemint.com)

• Polish election questioned after Pegasus spyware used to smear opposition, investigation finds | Computer Weekly

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Cyber Attacks Are Transforming Warfare (thehackernews.com)

• OODA Loop - The ICC Will Now Investigate Cyber War Crimes

• The Double-Edged Sword of Cyber Espionage (darkreading.com)

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Vulnerability Management

• Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Vulnerabilities

• Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)

• Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security

• Severe vulnerability found in all browsers, and it's being attacked | PCWorld

• Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (thehackernews.com)

• After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek

• CISA Adds Critical RocketMQ Bug to Must-Patch List - Infosecurity Magazine (infosecurity-magazine.com)

• Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)

• Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

• Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Tools and Controls

• Global companies to hike security spending as threats rise - survey | Reuters

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• What Is XDR and Why It's Changing the Security Industry - ReadWrite

• Organisations Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

• Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE

• How CISOs Can Effectively Manage Firewall Vulnerabilities | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• Great security training is a real challenge - Help Net Security

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

• Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)

Reports Published in the Last Week

• Ransomware and the Cyber Crime ecosystem - NCSC.GOV.UK

• Sophos on the State of Ransomware - GovInfoSecurity

• The State of Pentesting 2023 Report | Cobalt

Other News

• Record number of cyber attacks targeting critical IT infrastructure reported to UK gov’t this year (therecord.media)

• The Weaponization of Operational Technology (securityintelligence.com)

• ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek

• Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)

• The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)

• Some of TOP universities wouldn’t pass cyber security exam: left websites vulnerable - Security Affairs

• The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)

• A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)

• Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)

• Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security

• Building cyber resiliency in public services | UKAuthority

• Brits happy to break cyber law if the price is right | Computer Weekly

• Chilling Lack of Cyber Experts in UK Government: Parliamentary Inquiry - Infosecurity Magazine (infosecurity-magazine.com)

• British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)

• Trustwave report on hospitality industry security threats | Cyber Magazine

• Cyber security impact on construction, engineering projects (csemag.com)

• Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)

• Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters

• Death by digital: attacks on healthcare put people at risk (synack.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.