Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 19 April 2024
Black Arrow Cyber Threat Intelligence Briefing 19 April 2024:
-94% of Ransomware Victims Have Their Backups Targeted by Attackers
-Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
-Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
-Your Annual Cyber Security Is Not Working, but There is a Solution
-73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
-Russia and Ukraine Top Inaugural World Cyber Crime Index
-Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
-Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
-The Threat from Inside: 14% Surge in Insider Threats Compared to Previous Year
-Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
-Large Enterprises Experience Breaches, Despite Large Security Stacks - Report Finds 93% of Breaches Lead to Downtime and Data Loss
-Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
94% of Ransomware Victims Have Their Backups Targeted by Attackers
Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.
Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.
Source: [Tech Republic]
Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.
The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.
The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.
Sources: [The Banker] [IMF]
Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.
Source: [TechCrunch]
Your Annual Cyber Security Is Not Working, But There is a Solution
Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.
To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.
Source: [TechRadar]
73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.
Source: [Business Wire]
Russia and Ukraine Top Inaugural World Cyber Crime Index
The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.
Top ten Countries in full:
1. Russia
2. Ukraine
3. China
4. United States
5. Nigeria
6. Romania
7. North Korea
8. United Kingdom
9. Brazil
10. India
Source: [Infosecurity Magazine]
Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.
Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.
Sources: [ITPro] [The Guardian]
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.
The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.
Sources: [Claims Journal] [Inc.com]
The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).
Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.
Source: [Infosecurity Magazine] [TechRadar]
Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.
Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.
Sources: [Ars Technica] [Data Breach Today]
Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss
93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.
Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.
Sources: [Infosecurity Magazine] [Help Net Security]
Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.
Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.
Source: [TFN]
Governance, Risk and Compliance
Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Security breaches are causing more damage than ever before | TechRadar
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)
51% of enterprises experienced a breach despite large security stacks - Help Net Security
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)
Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)
What if we made ransomware payments illegal? | SC Media (scmagazine.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
A whole new generation of ransomware makers are attempting to shake up the market | TechRadar
Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly
Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)
Ransomware Victims
Change Healthcare’s ransomware attack costs reach nearly $1B • The Register
Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)
Ransomware attack compromises UN agency data | SC Media (scmagazine.com)
840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)
US think tank Heritage Foundation hit by cyber attack | TechCrunch
Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Cyber Attack Takes Frontier Communications Offline (darkreading.com)
Phishing & Email Based Attacks
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)
Artificial Intelligence
CISOs not changing priorities in response to AI threats (betanews.com)
92% of enterprises unprepared for AI security challenges - Help Net Security
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)
Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
2FA/MFA
Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Malware
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)
Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)
Mobile
Government spyware is another reason to use an ad blocker | TechCrunch
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Enterprises face significant losses from mobile fraud - Help Net Security
SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security
CISA warns of critical vulnerability in Chirp smart locks • The Register
New rules for security of connected products in the UK and EU - Lexology
Data Breaches/Leaks
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Panama Papers: Money laundering trial of 27 defendants begins
Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)
5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)
Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cloud/SaaS
What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Identity and Access Management
Linux and Open Source
Open source groups say more software projects may have been targeted for sabotage (yahoo.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Attackers are pummelling networks around the world with millions of login attempts | Ars Technica
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)
Social Media
Malvertising
Government spyware is another reason to use an ad blocker | TechCrunch
Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)
Training, Education and Awareness
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Cyber security training: How to make it more motivating (hrexecutive.com)
Regulations, Fines and Legislation
US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online
New rules for security of connected products in the UK and EU - Lexology
Congress votes to kick Uncle Sam’s data broker habit • The Register
Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
IT and security professionals demand more workplace flexibility - Help Net Security
National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)
Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)
Law Enforcement Action and Take Downs
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
China
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)
Risks are higher than ever for US- China cyber war | Responsible Statecraft
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
Singapore infosec boss: splinternet hinders interoperability • The Register
FBI says Chinese hackers preparing to attack US infrastructure | Reuters
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Russia
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Microsoft breach allowed Russia to steal Feds' emails • The Register
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch
Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes
Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget
Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register
Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)
Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)
Singapore infosec boss: splinternet hinders interoperability • The Register
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
Iran
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)
Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)
Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)
Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
How to conduct security patch validation and verification | TechTarget
Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack
The importance of the Vulnerability Operations Centre for cyber security | TechRadar
Vulnerabilities
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
“Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica
Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)
PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)
Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA
Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)
Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)
Juniper Networks Publishes Dozens of New Security Advisories - Security Week
Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)
Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)
Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard
Tools and Controls
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud
Dark Web Monitoring: What's the Value? (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
Cyber security training: How to make it more motivating (hrexecutive.com)
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
AI set to enhance cyber security roles, not replace them - Help Net Security
Stateful vs. stateless firewalls: Understanding the differences | TechTarget
Reports Published in the Last Week
Other News
Charities doing worse than private sector in staving off cyber attacks - TFN
The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)
Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)
Geopolitical tensions escalate OT cyber attacks - Help Net Security
Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg
The invisible seafaring industry that keeps the internet afloat (theverge.com)
Do we have a plan on how to deal with subsea cables sabotage? | Euronews
Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week
University chiefs to get security service Cobra briefing on hostile states | The Argus
SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week
Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 December 2023
Black Arrow Cyber Threat Intelligence Briefing 29 December 2023:
-UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
-Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
-The Most Popular Passwords of 2023 are Easy to Guess and Crack
-Dangerous Malware Pretends to be Some of Your Most Used Business Software
-MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
-Ransomware Leak Site Victims Reached Record-High in November
-MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
-Europol Warns 443 Online Shops Infected with Credit Card Stealers
-Physical Access Systems Open Door to IT Networks
-Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
-Daily Malicious Files Rise to 411,000 a day in 2023
-Android Malware Actively Infecting Devices to Take Full Control
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.
The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.
Source: [iNews]
Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.
Sources: [The Record] [Security Affairs]
The Most Popular Passwords of 2023 are Easy to Guess and Crack
NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.
Source: [gHacks]
Dangerous Malware Pretends to be Some of Your Most Used Business Software
Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.
Source: [TechRadar]
MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.
Source: [Help Net Security]
Ransomware Leak Site Victims Reached Record-High in November
Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.
Source: [Infosecurity Magazine]
MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.
Source: [TechCrunch]
Europol Warns 443 Online Shops Infected with Credit Card Stealers
Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.
Source: [Bleeping Computer]
Physical Access Systems Open Door to IT Networks
Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.
Source: [Dark Reading]
Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.
Source: [Pymnts]
Daily Malicious Files Rise to 411,000 a day in 2023
Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.
Source: [Infosecurity Magazine]
Android Malware Actively Infecting Devices to Take Full Control
Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.
Source: [GBhackers]
Threats
Ransomware, Extortion and Destructive Attacks
Rethinking data security in the age of ransomware and AI - SiliconANGLE
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Do the casino ransomware attacks make the case to pay? • The Register
Windows CLFS and five exploits used by ransomware operators | Securelist
Cyber crime experts reveal how to infiltrate ransomware gangs • The Register
How ransomware operators try to stay under the radar | Malwarebytes
How many times are you going to think about ransomware in 2024? (betanews.com)
Ransomware Victims
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)
Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)
Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week
Indian IT services giant HCL Technologies hit by ransomware | TechRadar
LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops
Artificial Intelligence
Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Rethinking data security in the age of ransomware and AI - SiliconANGLE
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)
The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week
Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)
2FA/MFA
Malware
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)
This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)
Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)
Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)
How the new Instegogram threat creates liability for organisations | CSO Online
Mobile
TikTok makes users give iPhone passwords, reasons unclear (nypost.com)
Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)
Chameleon Android Malware Can Bypass Biometric Security - Security Week
SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Essential DDoS statistics for understanding attack impact - Help Net Security
How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)
In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)
Internet of Things – IoT
Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch
Physical Access Systems Open Door to IT Networks (darkreading.com)
Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru
Data Breaches/Leaks
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)
Real estate agency exposes details of 690k customers (securityaffairs.com)
Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx
Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week
Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)
Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian
Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)
CBS, Paramount owner National Amusements says it was hacked | TechCrunch
Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)
Customers warned after major car dealership group Eagers Automotive hacked | The West Australian
Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times
Organised Crime & Criminal Actors
Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon
3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)
Supply Chain and Third Parties
Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Cloud/SaaS
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Data security and cost are key cloud adoption challenges for financial industry - Help Net Security
The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)
Encryption
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Linux and Open Source
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Social Media
Regulations, Fines and Legislation
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
Europe classifies three adult sites as worthy of its toughest internet regulations • The Register
5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)
EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)
Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)
How leaders can look after information security professionals | ITPro
Building Mental Resilience: A CISO's Journey - GovInfoSecurity
What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Nation State Actors
China
Russia
Ukrainian remote workers targeted in new espionage campaign (therecord.media)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)
Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Iran
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
North Korea
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week
Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)
Windows CLFS and five exploits used by ransomware operators | Securelist
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)
Tools and Controls
Physical Access Systems Open Door to IT Networks (darkreading.com)
Even cyber security pros don't fully trust AI just yet | TechRadar
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Verification roadblocks cause frustration for digital nomads - Help Net Security
Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)
API security in 2024: Predictions and trends - Help Net Security
Other News
5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)
Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra
All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)
New insights into the global industrial cyber security landscape - Help Net Security
NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)
Unveiling the true cost of healthcare cyber security incidents - Help Net Security
Hackers see wealth of information to steal in kids' school records (cnbc.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 December 2023
Black Arrow Cyber Threat Intelligence Briefing 15 December 2023:
-MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
-Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
-Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
-81% of Companies had Malware, Phishing and Password Attacks in 2023
-Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
-Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
-Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
-Ransomware-as-a-Service: The Growing Threat You Can't Ignore
-66% of Employees Prioritise Daily Tasks Over Cyber Security
-Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
-Who Is Responsible for Cyber Security? You.
-Many Popular Websites Still Cling to Password Creation Policies From 1985
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.
Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.
Sources: [ITPro] [Emerging Risks Media Ltd]
Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.
The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.
Sources: [CIR Magazine] [Gartner]
Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.
So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.
Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.
Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]
81% of Companies had Malware, Phishing and Password Attacks in 2023
According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.
Source: [Security Magazine]
Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.
Sources: [Washington Times] [SiliconANGLE]
Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.
The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.
Sources: [NSA] [Dark Reading] [The Register]
Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.
However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.
Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.
Source: [Forbes]
Ransomware-as-a-Service: The Growing Threat You Can't Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.
Source: [Hacker News]
66% of Employees Prioritise Daily Tasks Over Cyber Security
According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.
The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.
Source: [Security Magazine]
Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.
Source: [Security Week]
Who Is Responsible for Cyber Security? You.
Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.
Source: [Forbes]
Many Popular Websites Still Cling to Password Creation Policies From 1985
Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.
The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.
Source: [Help Net Security]
Governance, Risk and Compliance
How C-Level Executives Can Increase Cyber Resilience (forbes.com)
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert
Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal
Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)
Threats
Ransomware, Extortion and Destructive Attacks
UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)
Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)
Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
The end of ransomware payments: how businesses fit into the fight | ITPro
OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
US reveals email addresses used to send ransomware demands • The Register
Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)
Ransomware Victims
Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE
Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)
Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)
BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)
Phishing & Email Based Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
39% of security leaders cite phishing as most feared cyber attack | Security Magazine
Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET
Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)
US reveals email addresses used to send ransomware demands • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Artificial Intelligence
SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
AI in 2024: More business use, more fraud risks | Premium | Compliance Week
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)
Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra
Responsibly Implementing AI, the Unstoppable Force (darkreading.com)
How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)
Malware
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)
Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers
Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)
Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)
Mobile
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Apple Testing New Stolen Device Protection Feature for iPhones - Security Week
Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena
Android barcode scanner app exposes user passwords (securityaffairs.com)
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)
Six of the most popular Android password managers are leaking data | ZDNET
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)
DNA companies should receive severe penalties for losing our data | TechCrunch
Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)
US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)
Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)
2.5m people's data lost in Norton hospital ransomware hit • The Register
Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)
Toyota Financial Services discloses data breach (securityaffairs.com)
DonorView exposes 1M records for unknown time frame • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Organised Crime & Criminal Actors
Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)
Interpol strikes slavers who force people to scam you online • The Register
Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE
Dark web forums reveal next year’s cyber security threats - Digital Journal
Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)
Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)
How cyber criminals are using Wyoming shell companies for global hacks | Reuters
Exploitation of the internet and the mind: How cyber criminals operate | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg
Ledger says attacker conducted phishing attack on former employee - Blockworks
Insider Risk and Insider Threats
66% of employees prioritize daily tasks over cyber security | Security Magazine
Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)
Employees are weaponizing private emails with colleagues | Fortune
Insurance
Supply Chain and Third Parties
UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine
Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)
Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)
Cloud/SaaS
Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)
SAP's attempt to migrate security tools to cloud failed • The Register
Cloud engineer wreaks havoc on bank's network after firing • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Android barcode scanner app exposes user passwords (securityaffairs.com)
Six of the most popular Android password managers are leaking data | ZDNET
Many popular websites still cling to password creation policies from 1985 - Help Net Security
Social Media
Regulations, Fines and Legislation
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
How European countries are implementing new cyber security framework – EURACTIV.com
Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure - Security Week
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch
Government plans to regulate to tackle datacentre threats | Computer Weekly
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Nation State Actors
China
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)
China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post
CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Security Week
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
China warns its geographic data breach puts industry at risk (techinformed.com)
Russia
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)
Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)
Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
Iran
Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
North Korea
Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Adobe Releases Security Updates for Multiple Products | CISA
Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)
Tools and Controls
Attacks abuse Microsoft DHCP to spoof DNS records • The Register
Balancing AI advantages and risks in cyber security strategies - Help Net Security
What is Cyber security threat intelligence sharing (att.com)
The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)
Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)
Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Are business cyber security measures really fit for purpose? - Digital Journal
Which cyber security controls are organisations struggling with? - Help Net Security
Other News
UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Is macOS as secure as its users think? | Kaspersky official blog
The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)
Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)
NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly
Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)
Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Polish train maker denies claims it geofenced trains • The Register
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Cyber criminals continue targeting open remote access products - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 October 2023
Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:
-More Companies Adopt Board-Level Cyber Security Committees
-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
-More Than 46 Million Potential Cyber Attacks Logged Every Day
-Fighting Cyber Attacks Requires Top-Down Approach
-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023
-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
-How Cyber Security Has Evolved in The Past 20 Years
-Rising Global Tensions Could Portend Destructive Hacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Companies Adopt Board-Level Cyber Security Committees
In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.
Source: [Decipher]
Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.
Sources: [Dark Reading] [SC Magazine] [Reinsurance News]
Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.
Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]
More Than 46 Million Potential Cyber Attacks Logged Every Day
New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.
Sources: [Evening Standard] [Proactive] [The Independent]
Fighting Cyber Attacks Requires Top-Down Approach
Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.
Source: [Chief Investment Officer]
Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023
The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.
Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [Security Magazine] [MSSP Alert] [TechRadar]
98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.
Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]
48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Security Magazine]
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.
We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.
Source: [Dark Reading]
How Cyber Security Has Evolved in The Past 20 Years
Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.
The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.
Source: [Forbes]
Rising Global Tensions Could Portend Destructive Hacks
Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.
Source: [Info Risk Today]
Governance, Risk and Compliance
Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
How to establish a great security awareness culture (att.com)
More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)
Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)
SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)
AI-related security fears drive 2024 IT spending - Help Net Security
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Threats
Ransomware, Extortion and Destructive Attacks
SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)
Ransomware is threatening more businesses than ever before | TechRadar
Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)
Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)
Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)
Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist
Five things organisations don’t consider before a ransomware attack | TechRadar
Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR
Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)
BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)
Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg
Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)
Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News
Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware Victims
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week
US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)
Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)
American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)
Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)
Cyber crims leak patient pics in low blow bid to win ransom • The Register
Phishing & Email Based Attacks
Over 200 million malicious emails were detected in Q3 2023 | Security Magazine
Watch out - that QR code could just be a phishing scam | TechRadar
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Email security threats are more dangerous than ever - here's what you need to know | TechRadar
What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert
The US released popular phishing techniques | Inquirer Technology
Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE
Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
AI-related security fears drive 2024 IT spending - Help Net Security
Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly
Governments, firms should spend more on AI safety, top researchers say | Reuters
Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)
Businesses ignorant to gen AI security threats suggests research (ship-technology.com)
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Oops! When tech innovations create new security threats | CSO Online
2FA/MFA
Malware
Hackers are using an incredibly sneaky trick to hide malware | Digital Trends
Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)
Dangerous new malware can crack encrypted USB drives | TechRadar
'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Mobile
Android trojan spotted in the wild can record audio and phone calls | ZDNET
Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News
Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)
Android adware apps on Google Play amass two million installs (bleepingcomputer.com)
Denial of Service/DoS/DDOS
This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)
Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Okta says hackers breached its support system and viewed customer files | Ars Technica
Okta support system breach highlights need for strong MFA policies | CSO Online
1Password suffers cyber security incident after latest Okta breach - Tech Monitor
Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)
Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)
City of Philadelphia discloses data breach after five months (bleepingcomputer.com)
500k Irish National Police records exposed by third party • The Register
The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)
Organised Crime & Criminal Actors
More than 500 potential cyber attacks logged every second, BT says | The Independent
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insider Risk and Insider Threats
Forget the outside hacker, the bigger threat is inside • The Register
Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Fraud, Scams & Financial Crime
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)
Online scammers target desperate loan seekers using online fraud | TechRadar
Christmas scams to watch out for this festive season (nationalworld.com)
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Deepfakes
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insurance
Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)
Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra
Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Passwords, Credential Stuffing & Brute Force Attacks
Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)
'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)
Social Media
Malvertising
Training, Education and Awareness
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Regulations, Fines and Legislation
Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
UK government finalises IoT cyber security requirements - Lexology
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)
Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
‘I’m looking for fewer ways to be traceable, not more’ | Financial Times
Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)
ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)
International Criminal Court attack was targeted and sophisticated (securityaffairs.com)
Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)
It's Time to Establish the NATO of Cyber Security (darkreading.com)
War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360
International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
Geopolitical Threats/Activity
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
China
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)
Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live
Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)
Russia
Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International
Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)
Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)
Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert
France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Ex-NSA techie admits to selling state secrets to Russia • The Register
Iran
North Korea
Vulnerability Management
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Vulnerabilities
Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)
Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly
Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs
Cisco hackers likely taking steps to avoid identification | Computer Weekly
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)
Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week
The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Apple Ships Major iOS, macOS Security Updates - Security Week
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica
ServiceNow quietly fixes 8-year-old data exposure flaw • The Register
Tools and Controls
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber attack response plans need to be in place to avoid chaos - FreightWaves
NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online
What is Network Segmentation? Virtual & Physical Segmentation | UpGuard
AI-related security fears drive 2024 IT spending - Help Net Security
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)
Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)
Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)
Cyber security concerns grow among physical security professionals | Security Magazine
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Other News
MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online
Strategies to overcome cyber security misconceptions - Help Net Security
UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online
5 important cyber security takeaways for law firms - Lawyers Weekly
How Cyber Security Has Evolved In The Past 20 Years (forbes.com)
Oops! When tech innovations create new security threats | CSO Online
Spooky Cyber Statistics And Trends You Need To Know (forbes.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Proactively preventing your company from becoming the next cyber attack headline (betanews.com)
Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon
Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review
OT cyber attacks proliferating despite growing cyber security spend - Help Net Security
Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)
What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)
Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 6 October 2023
Black Arrow Cyber Threat Intelligence Briefing 06 October 2023:
-Many Cyber Attacks Begin by Breaking Human Trust
-BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
-SME Cyber Security Knowledge Gap Widens
-UK Security Budgets Under Strain as Cyber Incidents Soar
-Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
-FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
-Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
-Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
-Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
-Evolving Conversations: Cyber Security as a Business Risk
-Threats in Cloud Top the List of Executive Cyber Concerns
-Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Cyber Attacks Begin by Breaking Human Trust
One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.
One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.
Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.
Sources: [GovTech] [Bloomberg] [Security Week]
BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.
Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.
Source: [The Register]
SME Cyber Security Knowledge Gap Widens
Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.
Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.
Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.
Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]
UK Security Budgets Under Strain as Cyber Incidents Soar
A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.
The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).
Sources: [Silicon] [Verdict] [CSO Online]
Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.
Source: [EY]
FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.
Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]
Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.
The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.
Sources: [Techradar] [Beta News] [HelpNet Security]
Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.
Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.
Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]
Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.
Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Global Reinsurance]
Evolving Conversations: Cyber Security as a Business Risk
According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.
By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.
Source: [HelpNet Security]
Threats in Cloud Top the List of Executive Cyber Concerns
A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.
The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CIO Dive]
Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.
The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.
Source: [Silicon Angle]
Governance, Risk and Compliance
Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)
Poor cyber security habits are common among younger employees - Help Net Security
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
People Still Matter in Cyber security Management (darkreading.com)
UK businesses face tightening cyber security budgets as incidents spike | CSO Online
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)
Evolving conversations: Cyber security as a business risk - Help Net Security
Cyber security preparedness pays big dividends for businesses - Help Net Security
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN
Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global
CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)
High-business-impact outages are incredibly expensive - Help Net Security
78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)
Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News
How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News
Threats
Ransomware, Extortion and Destructive Attacks
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)
Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)
Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)
Why the public sector is an easy target for ransomware | TechCrunch
Banks beware: Why one ransomware victim decided to pay up | American Banker
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
Feds hopelessly behind the times on ransomware trends • The Register
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
Ransomware reinfections on the rise from improper remediation (malwarebytes.com)
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)
Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)
Ransomware disrupts hospitality, healthcare in September | TechTarget
Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs
Lorenz ransomware embroiled in its own two-year data leak • The Register
Ransomware Victims
LockBit crime spree includes FDF and UK law firm (techmonitor.ai)
Motel One discloses data breach following ransomware attack (bleepingcomputer.com)
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ
Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)
South African insurance clients hit in massive global cyber attack (mybroadband.co.za)
Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)
Phishing & Email Based Attacks
Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Will generative AI really supercharge phishing attacks? - Tech Monitor
Other Social Engineering; Smishing, Vishing, etc
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg
Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
USPS Anchors Snowballing Smishing Campaigns (darkreading.com)
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com
Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security
The top AI cyber crime threats and solutions | Inquirer Technology
Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
LLMs lower the barrier for entry into cyber crime - Help Net Security
Will generative AI really supercharge phishing attacks? - Tech Monitor
Are we doomed to make the same security mistakes with AI? (securityintelligence.com)
AI facial recognition: Campaigners and MPs call for ban - BBC News
Malware
Hackers are spreading malware through Indeed job messages | Digital Trends
Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
North Korea's Lazarus Group upgrades its main malware • The Register
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)
Mobile
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Are executives adequately guarding their gadgets? - Help Net Security
Botnets
Denial of Service/DoS/DDOS
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)
Royal Family's official website targeted in cyber attack | UK News | Sky News
Global events fuel DDoS attack campaigns - Help Net Security
BYOD
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Are executives adequately guarding their gadgets? - Help Net Security
Internet of Things – IoT
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security
FDA cyber mandates for medical devices goes into effect | CyberScoop
Data Breaches/Leaks
European Telecommunications Standards Institute Discloses Data Breach - Security Week
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)
DNA testing service 23andMe investigating theft of user data | CyberScoop
Organised Crime & Criminal Actors
Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)
People Still Matter in Cyber security Management (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
The crypto market bears the scars of FTX's collapse | Reuters
Insider Risk and Insider Threats
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar
Younger employees more likely to have unsafe cyber security habits (betanews.com)
Addressing the People Problem in Cyber security - Security Week
Fraud, Scams & Financial Crime
Online fraud can cost you more than money - Help Net Security
The crypto market bears the scars of FTX's collapse | Reuters
How to deal with your brand's doppelgangers | Kaspersky official blog
Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)
Impersonation Attacks
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
AML/CFT/Sanctions
Insurance
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Software firms under cyber attack | Microscope (computerweekly.com)
Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
Cloud/SaaS
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)
Hybrid/Remote Working
Encryption
API
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
AI facial recognition: Campaigners and MPs call for ban - BBC News
The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE
Social Media
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger
Malvertising
Training, Education and Awareness
Addressing the People Problem in Cyber security - Security Week
How to Improve Cyber security Awareness and Training (trendmicro.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly
Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Models, Frameworks and Standards
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)
Careers, Working in Cyber and Information Security
UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online
Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post
Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews
Soft skills continue to challenge the cyber security sector - Help Net Security
Law Enforcement Action and Take Downs
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
UK student found guilty of 3D printing 'kamikaze' drone • The Register
Privacy, Surveillance and Mass Monitoring
Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro
AI facial recognition: Campaigners and MPs call for ban - BBC News
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State, Cyber Warfare and Cyber Espionage
Espionage fuels global cyber attacks - Microsoft On the Issues
Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly
The sixth domain: The role of the private sector in warfare - Atlantic Council
How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)
Russia
Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities
Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)
Russia-Ukraine war: Cyber space is the latest frontline | Semafor
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)
China
Iran
North Korea
North Korea's Lazarus Group upgrades its main malware • The Register
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
North Korea goes phishing in South’s shipyards • The Register
Vulnerability Management
Vulnerabilities
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA
Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)
Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica
Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)
Mass exploitation attempts against WS_FTP have begun • The Register
Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)
Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security
Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)
Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch
Companies Address Impact of Exploited Libwebp Vulnerability - Security Week
Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security
Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)
Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)
Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica
Tools and Controls
Does your security program suffer from piecemeal detection and response? (securityintelligence.com)
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
5 common browser attacks and how to prevent them | TechTarget
Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)
Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Is your threat protection giving you a false sense of cyber security? | The Independent
Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)
How to Improve Cyber security Awareness and Training (trendmicro.com)
Reports Published in the Last Week
Other News
Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)
The trust deficit in CNI: How to address a growing concern | Computer Weekly
10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN
Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)
10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)
NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)
Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live
Making Sense of Today's Payment Cyber security Landscape (darkreading.com)
GAO tears into State Department's cyber security management • The Register
First pan-European cyber analysis centre opens (airportsinternational.com)
Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online
Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 September 2023
Black Arrow Cyber Threat Intelligence Briefing 22 September 2023:
-New Ransomware Victims Surge by 47% as Small Businesses Targeted
-MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
-SMEs Overestimate Their Cyber Security Preparedness
-China’s Hacking Power Bigger Than Rest of World Combined
-Cyber Insurance Claims for Ransomware Reach Record High
-Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
-Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
-Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
-Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
-Half of Executives Expect Supply Chain Challenges
-How Social Engineering Takes Advantage of Your Kindness
-Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Ransomware Victims Surge by 47% as Small Businesses Targeted
Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.
Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.
Source [Infosecurity Magazine]
MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.
The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens.
Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]
SMEs Overestimate Their Cyber Security Preparedness
According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.
The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Helpnet Security] [Security Magazine]
China’s Hacking Power Bigger Than Rest of World Combined
In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.
This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.
Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]
Cyber Insurance Claims for Ransomware Reach Record High
A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.
The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.
Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]
Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).
C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.
This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.
Sources: [MSSP Alert] [Tech Radar]
Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.
One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.
Source: [Synack]
Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.
The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?
Sources [PC Mag]
Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.
The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.
Sources: [Computer Weekly] [CSO Online]
Half of Executives Expect Supply Chain Challenges
With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.
One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.
Sources [PRnewswire] [SiliconANGLE]
How Social Engineering Takes Advantage of Your Kindness
Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.
Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.
Source: [Engadget]
Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.
Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.
Source: [Information Security Buzz]
Governance, Risk and Compliance
Cyber security still remains the greatest concern for many executives | TechRadar
Cyber attacks are constant and test even the best | Newsroom
Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)
SMEs overestimate their cyber security preparedness - Help Net Security
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Organisations failing to proactively address insider cyber risk | Computer Weekly
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert
Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)
How to Get Your Board on Board With Cyber security (darkreading.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Poor digital experience a blocker for cyber resilience | Computer Weekly
What is Governance, Risk and Compliance (GRC)? | TechTarget Definition
How to prevent and prepare for a cyber catastrophe (securityintelligence.com)
2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)
Why more security doesn’t mean more effective compliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com
Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)
‘Top’ ransomware gangs favour smaller businesses | Computer Weekly
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Ransomware group's evolving tactics pose growing threat - Nextgov/FCW
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian
NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)
Scattered Spider, Alphv, and the MGM hack, explained - The Hustle
Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)
What is Extortionware? How is it Different from Ransomware? (techtarget.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Cyber insurance claims for ransomware reach record high (betanews.com)
Ransomware gang targeting defence firms, FBI warns - Defence One
Scattered Spider snares 100+ victims, moves into ransomware • The Register
BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)
Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week
Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)
Ransomware vs. resources: A higher education dilemma - eCampus News
Ransomware Victims
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k
Clorox products in short supply after cyber attack disrupts operations | CNN Business
Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel
UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)
UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)
Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)
Major trucking software provider confirms ransomware incident (therecord.media)
Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)
Phishing & Email Based Attacks
HR phishing: self-evaluation questionnaire | Kaspersky official blog
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
How social engineering takes advantage of your kindness (engadget.com)
Artificial Intelligence
Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag
NSA Report: Deepfakes Threaten National Security | MSSP Alert
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)
Companies still don’t know how to handle generative AI risks - Help Net Security
85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)
McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)
Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)
2FA/MFA
Malware
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)
Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Mobile
Dangerous permissions detected in top Android health apps (securityaffairs.com)
Android security updates: Everything you need to know | Android Central
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Botnets
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)
No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)
Data Breaches/Leaks
Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Police data breach: 20,000 data points 'at risk' (computing.co.uk)
CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)
Pizza Hut Australia hack: data breach exposes customer information and order details | Australia
Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)
T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK
TransUnion says dump of customer data came from third party • The Register
US govt IT worker accused of leaking top secrets • The Register
Organised Crime & Criminal Actors
Europol lifts the lid on cyber crime tactics (malwarebytes.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
India's biggest tech centres named as cyber crime hotspots • The Register
Scattered Spider snares 100+ victims, moves into ransomware • The Register
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Insider Risk and Insider Threats
Organisations failing to proactively address insider cyber risk | Computer Weekly
HR’s role in cyber security and insider threat mitigation - Hindustan Times
Fraud, Scams & Financial Crime
Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)
Court sentences pair for India-based robocall scam • The Register
Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK
Singapore to detail fraud liability split for bank & victim • The Register
Deepfakes
Insurance
Cyber insurance claims for ransomware reach record high (betanews.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Dark Web
Supply Chain and Third Parties
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
Software Supply Chain
Cloud/SaaS
Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)
IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World
Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)
Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
EU's quest to fix the internet could become a privacy nightmare | TechRadar
UK Minister Warns Meta Over End-to-End Encryption - Security Week
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)
Open Source
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)
Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)
Social Media
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)
UK Minister Warns Meta Over End-to-End Encryption - Security Week
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK Minister Warns Meta Over End-to-End Encryption - Security Week
EU's quest to fix the internet could become a privacy nightmare | TechRadar
TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Models, Frameworks and Standards
How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
Data Protection
Careers, Working in Cyber and Information Security
Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
IT pros told to accept burnout as normal part of their job - Help Net Security
Wanted: another 3mn cyber professionals | Financial Times (ft.com)
Law Enforcement Action and Take Downs
How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)
Court sentences pair for India-based robocall scam • The Register
Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
EU's quest to fix the internet could become a privacy nightmare | TechRadar
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
International Criminal Court hacked amid Russia probe • The Register
Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)
Russian allegedly smuggled US weapons electronics to Moscow • The Register
China
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
FBI chief says China has bigger hacking program than the competition combined | Reuters
EU warns China on Ukraine disinformation and cyber attacks – POLITICO
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)
Iran
Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)
Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)
North Korea
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)
Misc Nation State/Cyber Warfare
Vulnerability Management
KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned | CISA
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)
Vulnerabilities
Fortinet Releases Security Updates for Multiple Products | CISA
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac
If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar
GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)
Microsoft releases firmware update for all Surface devices | TechSpot
Tools and Controls
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)
Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)
Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Shadow IT: Security policies may be a problem - Help Net Security
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
How Choosing Authentication Is a Business-Critical Decision (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Reports Published in the Last Week
Other News
Why automakers are worried your car is the next target for cyber attacks - CityAM
Consumers are being bombarded with billions of threats every year | TechRadar
Bad torts: Law firms feel the heat from rising cyber threats (synack.com)
SME Cyber Security – Time for a New Approach? - IT Security Guru
Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)
Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online
Home Office sets up cyber security for Emergency Services Network | UKAuthority
Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)
Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)
Cyber on the battlefield is about more than IT - Nextgov/FCW
Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week
Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week
Singapore's retail banks take steps to enhance cyber security (finextra.com)
Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)
Strong compliance management is crucial for fintech-bank partnerships - Help Net Security
Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)
Dairy industry teams with cyber security group to beef up defences | Food Dive
Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)
GCHQ chief takes job in private security company | The Independent
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 May 2022
Black Arrow Cyber Threat Briefing 27 May 2022
-How Confident Are Companies in Managing Their Current Threat Exposure?
-'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
-Paying Ransom Doesn’t Guarantee Data Recovery
-Report: Frequency of Cyber Attacks in 2022 Has Increased by Almost 3M
-New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
-VMware, Airline Targeted as Ransomware Chaos Reigns
-Crypto Hacks Aren't a Niche Concern; They Impact Wider Society
-State of Cyber Security Report 2022 Names Ransomware and Nation-State Attacks as Biggest Threats
-Vishing (Voice Phishing) Cases Reach All Time High
-DeFi (Decentralised Finance) Is Getting Pummelled by Cyber Criminals
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How Confident Are Companies In Managing Their Current Threat Exposure?
Crossword Cybersecurity has released a report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. The paper reveals companies are more concerned and exposed to cyber threats than ever before, with 61 percent describing themselves as at best only “fairly confident” at managing their current cyber security threat exposure, which should raise some eyebrows around the boardroom.
Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 percent of organisations believe their existing cyber strategy will be outdated in two years, and a further 37 percent within three years. Additional investment is needed to address longer term planning, with 44 percent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.
https://www.helpnetsecurity.com/2022/05/26/organizations-cyber-strategy/
'There's No Ceiling': Ransomware's Alarming Growth Signals A New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so professional, that traditional monetisation of stolen data may be on its way out.
The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.
That's the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.
The 15th annual DBIR analysed 23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cyber criminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.
"Everything in cyber crime has become so commoditised, so much like a business now, and it's just too darn efficient of a methodology for monetising their activity," he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game.
"Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end," he explains. "In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it's so much simpler to reach the same goal of getting money."
https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir
Paying Ransom Doesn’t Guarantee Data Recovery
A Veeam report has found that 72% of organisations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom.
Additionally, 76% of organisations admitted to paying the ransom. But while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data.
https://www.helpnetsecurity.com/2022/05/24/paying-ransom-recover-data-video/
Report: Frequency Of Cyber Attacks in 2022 Has Increased By Almost 3M
Kaspersky has released a new report revealing a growing number of cyber attacks on small businesses in 2022 so far. Researchers compared the period between January and April 2022 to the same period in 2021, finding increases in the numbers of Trojan-PSW detections, internet attacks and attacks on Remote Desktop Protocol.
In 2022, the number of Trojan-PSW (Password Stealing Ware) detections increased globally by almost a quarter compared to the same period in 2021 一 4,003,323 to 3,029,903. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the company network and steal sensitive information.
Internet attacks grew from 32,500,000 globally in the analysed period of 2021 to almost 35,400,000 in 2022. These can include web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet command & control centres and more.
The number of attacks on Remote Desktop Protocol grew in the U.S. (while dropping slightly globally), going from 47.5 million attacks in the first trimester of 2021 to 51 million in the same period of 2022. With the widespread shift toward remote work, many companies have introduced Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.
With small business owners typically handling numerous responsibilities at the same time, cyber security is often an afterthought. However, this disregard for IT security is being exploited by cyber criminals. The Kaspersky study sought to assess the threats that pose an increasing danger to entrepreneurs.
New Zoom Flaws Could Let Attackers Hack Victims Just By Sending Them A Message
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.
With Zoom's chat functionality built on top of the XMPP standard, successful exploitation of the issues could enable an attacker to force a vulnerable client to masquerade a Zoom user, connect to a malicious server, and even download a rogue update, resulting in arbitrary code execution stemming from a downgrade attack.
https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html
VMware, Airline Targeted As Ransomware Chaos Reigns
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline.
Meanwhile, an oddball "GoodWill" variant purports to help the needy.
The Cheerscrypt ransomware variant was uncovered by Trend Micro and relies on the double-extortion scheme to coerce victims to pay the ransom – i.e., stealing data as well and threatening to leak it if victims don’t pay up.
Because of the popularity of ESXi servers for creating and running multiple virtual machines (VMs) in enterprise settings, the Cheerscrypt ransomware could be appealing to malicious actors looking to rapidly distribute ransomware across many devices.
Meanwhile, low-cost carrier SpiceJet faced a ransomware attack this week, causing flight delays of between two and five hours as well as rendering unavailable online booking systems and customer service portals.
While the company’s IT team announced on Twitter that it had successfully prevented the attempted attack before it was able to fully breach all internal systems and take them over, customers and employees are still experiencing the ramifications.
https://www.darkreading.com/attacks-breaches/vmware-airline-targeted-as-ransomware-chaos-reigns
Crypto Hacks Aren't A Niche Concern; They Impact Wider Society
Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.
The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.
This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cyber security communities to bring the security of cryptocurrencies into line.
The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.
However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cyber criminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.
There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people.
State Of Cyber Security Report 2022 Names Ransomware And Nation-State Attacks As Biggest Threats
Ransomware is the biggest concern for cyber security professionals, according to results of the Infosecurity Group’s 2022 State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine.
Cyber Security Professionals' Number One Concern: Ransomware.
This attack vector was voted as the biggest cyber security trend (28%) by the survey respondents (including CISOs, CTOs, CIOs and academics), marking a significant change from the previous report in 2020, where ransomware did not break the top three. This follows surging ransomware incidents in 2021, with ransom demands and payments growing significantly last year. A number of these attacks have also impacted critical industries, for example, taking down the US’ largest fuel pipeline.
The survey respondents also highlighted the evolving tactics and capabilities of ransomware attackers. This includes threat actors becoming more sophisticated as they evolve into loosely coupled service-based operations.
A number of cyber security professionals believe that cyber-criminal groups will become more guarded in their approach due to new initiatives by governments and law enforcement to tackle these activities.
Cyber Security Professionals' Number Two Concern: Nation-State Attacks.
The second biggest concern for survey respondents was geopolitics/nation-state attacks (24%), particularly the shifting hostilities from the Russia-Ukraine conflict into cyberspace. Russia already had a reputation for conducting offensive cyber operations prior to the conflict, and the Ukrainian government and critical services have experienced numerous attacks both before and since the war began.
https://www.infosecurity-magazine.com/news/2022-state-industry-report/
Vishing (Voice Phishing) Cases Reach All Time High
Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2021 to Q1 2022), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.
In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.
According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.
https://www.helpnetsecurity.com/2022/05/24/vishing-cases-increased/
DeFi (Decentralised Finance) Is Getting Pummelled By Cyber Criminals
Decentralised finance lost $1.8 billion to cyber attacks last year — and 80% of those events were the result of vulnerable code, analysts say.
Decentralised finance (DeFi) platforms — which connect various cryptocurrency blockchains to create a decentralised infrastructure for borrowing, trading, and other transactions — promise to replace banks as a secure and convenient way to invest in and spend cryptocurrency. But in addition to attracting hordes of new users with dreams of digital fortune, cyber criminals have discovered them to be an easy target, wiping out wallets to zero balances in a moment, tanking whole markets while profiting, and more, according to a new report.
Analysts with Bishop Fox found that DeFi platforms lost $1.8 billion to cyber attacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the lax cyber security practices of the sector.
DeFi averaged five attacks per week last year, with most of them (51%) coming from the exploitation of "smart contracts" bugs, the analysts found. Smart contracts are essentially records of transactions, stored on the blockchain.
Other top DeFi attack vectors include cryptowallets, protocol design flaws, and so-called "rug-pull" scams (where investors are lured to a new cryptocurrency project that is then abandoned, leaving targets with a worthless currency). But taken together, 80% of all events were caused by the use (and re-use) of buggy code, according to the report.
https://www.darkreading.com/attacks-breaches/defi-pummeled-by-cybercriminals
Threats
Ransomware
Ransomware Attacks Increasing at “Alarming” Rate - Infosecurity Magazine
VMware, Airline Targeted as Ransomware Chaos Reigns (darkreading.com)
Clop ransomware gang is back, hits 21 victims in a single month (bleepingcomputer.com)
Link Found Connecting Chaos, Onyx and Yashma Ransomware | Threatpost
Ransomware demands three good demands to restore files • The Register
Ransomware Cheerscrypt targets VMware ESXi systems • The Register
New Chaos Malware Variant Ditches Wiper for Encryption (darkreading.com)
Industrial Spy data extortion market gets into the ransomware game (bleepingcomputer.com)
BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state (bleepingcomputer.com)
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups (thehackernews.com)
Suspected phishing email crime boss arrested in Nigeria • The Register
BEC – Business Email Compromise
Interpol arrests alleged leader of the SilverTerrier BEC gang (bleepingcomputer.com)
Cyber security breach at the city of Portland led to fraudulent $1.4M transaction | KATU
Phishing & Email Based Attacks
Intuit warns of QuickBooks phishing threatening to suspend accounts (bleepingcomputer.com)
Suspected phishing email crime boss arrested in Nigeria • The Register
Other Social Engineering
Malware
BPFDoor malware uses Solaris vulnerability to get root privileges (bleepingcomputer.com)
New Windows Subsystem for Linux malware steals browser auth cookies (bleepingcomputer.com)
This Windows malware uses PowerShell to subvert Chrome • The Register
Hackers have found a new way to smuggle malware onto your device | TechRadar
Cyber Security Community Warned of Fake PoC Exploits Delivering Malware | SecurityWeek.Com
Popular Python and PHP libraries hijacked to steal AWS keys (bleepingcomputer.com)
New Attack Shows Weaponized PDF Files Remain a Threat (darkreading.com)
Mobile
Microsoft finds severe bugs in Android apps from large mobile providers (bleepingcomputer.com)
Google warns Android smartphones targeted by dangerous Predator spyware | TechRadar
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps (bleepingcomputer.com)
BYOD
Data Breaches/Leaks
GM Discloses Data Breach of Cars' Locations, Mileage, Service (gizmodo.com)
MGM Resorts' customer data now leaked on Telegram for free • The Register
Organised Crime & Criminal Actors
REvil prosecutions reach a 'dead end,' Russian media reports - CyberScoop
Scammer Behind $568M International Cyber Crime Syndicate Gets 4 Years (darkreading.com)
Multi-Continental Operation Leads to Arrest of Cyber Crime Gang Leader - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Insider Risk and Insider Threats
68% of Legal Sector Data Breaches Caused by Insider Threats - Infosecurity Magazine
Verizon Report: Ransomware, Human Error Among Top Security Risks | Threatpost
Dark Web
Military cyber weapons could become available on dark web: Interpol (cnbc.com)
Darknet market Versus shuts down after hacker leaks security flaw (bleepingcomputer.com)
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Cybergang Claims REvil is Back, Executes DDoS Attacks | Threatpost
DDoS Extortion Attack Flagged as Possible REvil Resurgence (darkreading.com)
Anatomy of a DDoS amplification attack - Microsoft Security Blog
Cloud/SaaS
Attack Surface Management
Open Source
Privacy
Passwords & Credential Stuffing
Strong Password Policy Isn't Enough, Study Shows (darkreading.com)
Verizon DBIR: Stolen credentials led to nearly 50% of attacks (techtarget.com)
Regulations, Fines and Legislation
GDPR Anniversary, Expert Insight On What Lead To GDPR Fines – Information Security Buzz
Indian stock markets given ten day deadline to file reports • The Register
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine - CyberScoop
Predator spyware uses in Chrome, Android zero-day exploits • The Register
Unknown APT group is targeting Russian government entities - Security Affairs
Hackers target Russian govt with fake Windows updates pushing RATs (bleepingcomputer.com)
Remote bricking of Ukrainian tractors raises agriculture security concerns | CSO Online
Anonymous Declares Cyber-War On Pro-Russian Hacker Gang Killnet – Information Security Buzz
Ex-spymaster and fellow Brexiteers' emails stolen, leaked • The Register
Nation State Actors
Nation State Actors – Russia
Russian Hackers Believed to Be Behind Leak of Hard Brexit Plans - Infosecurity Magazine
Russian Gamaredon APT could fuel a new round of DDoS attacks - Security Affairs
Putin aimed cyber attack at me, says former MI6 chief Sir Richard Dearlove | News | The Times
Nation State Actors – China
Trend Micro Patches Vulnerability Exploited by Chinese Cyber Spies | SecurityWeek.Com
Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes (thehackernews.com)
Nation State Actors – Iran
Vulnerabilities
CISA ‘Strongly Urges’ You To Patch 75 Actively Exploited Security Bugs (forbes.com)
CISA adds 41 vulnerabilities to list of bugs used in cyber attacks (bleepingcomputer.com)
Exploit released for critical VMware auth bypass bug, patch now (bleepingcomputer.com)
Zyxel addresses four flaws affecting APs, AP controllers, and firewalls - Security Affairs
Critical New Google Chrome Security Warning For All Users, Update Now (forbes.com)
Patching the latest Active Directory vulnerabilities is not enough | CSO Online
Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021 (darkreading.com)
Sector Specific
SMBs – Small and Medium Businesses
Legal
Health/Medical/Pharma Sector
teiss - News - American healthcare tech giant Omnicell suffers a major ransomware attack
Web app attacks on the rise in healthcare as insider challenges remain (scmagazine.com)
Retail/eCommerce
Microsoft: Credit card stealers are getting much stealthier (bleepingcomputer.com)
Microsoft warns of new highly evasive web skimming campaigns - Security Affairs
Transport and Aviation
Hundreds Stranded After Ransomware Attack on Indian Airline | SecurityWeek.Com
SpiceJet airline passengers stranded after ransomware attack (bleepingcomputer.com)
CNI, OT, ICS, IIoT and SCADA
Taking the Danger Out of IT/OT Convergence (darkreading.com)
Critical Flaws in Popular ICS Platform Can Trigger RCE | Threatpost
Energy & Utilities
Oil, Gas and Mining
Education and Academia
Other News
IP and cyber security disputes are top legal concerns for tech companies | TechCrunch
Verizon DBIR: Stolen credentials led to nearly 50% of attacks (techtarget.com)
Managed Detection and Response (MDR): Who's Responsible for the R? - MSSP Alert
Survey Evidences Leaders Lack Confidence in Cyber-Risk Management - Infosecurity Magazine
Flaw in PayPal can allow attackers to steal money from users' account - Security Affairs
Most organisations do not follow data backup best practices - Help Net Security
Why are current cyber security incident response efforts failing? - Help Net Security
Nation-state malware will be a commodity on dark web soon, Interpol warns - Security Affairs
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.