Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28th July 2023

Black Arrow Cyber Threat Briefing 28 July 2023:

-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions

-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500

-Why Cyber Security Should Be Part of Your ESG Strategy

-Lawyers Take Frontline Role in Business Response to Cyber Attacks

-Organisations Face Record $4.5M Per Data Breach Incident

-Cryptojacking Soars as Cyber Attacks Diversify

-Ransomware Attacks Skyrocket in 2023

-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

-Protect Your Data Like Your Reputation Depends on It (Because it Does)

-Why CISOs Should Get Involved with Cyber Insurance Negotiation

-Companies Must Have Corporate Cyber Security Experts, SEC Says

-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

  • Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

  • Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

  • Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

  • Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

  • Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

  • Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

  • Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

  • Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

  • Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

  • Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

  • Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Shadow IT

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Travel

Parental Controls and Child Safety

Regulations, Fines and Legislation

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities


Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 25 March 2022

Black Arrow Cyber Threat Briefing 25 March 2022:

-Morgan Stanley Client Accounts Breached in Social Engineering Attacks

-Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More

-Phishing Kits Constantly Evolve to Evade Security Software

-Ransomware Payments, Demands Rose Dramatically in 2021

-7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in UK

-Here's How Fast Ransomware Encrypts Files

-HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For

-The Cyber Warfare Predicted In Ukraine May Be Yet To Come

-The Three Russian Cyber Attacks The West Most Fears

-Do These 8 Things Now To Boost Your Security Ahead Of Potential Russian Cyber Attacks

-Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone

-Expanding Threat Landscape: Cyber Criminals Attacking from All Sides

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.

The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.

The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.

https://www.bleepingcomputer.com/news/security/morgan-stanley-client-accounts-breached-in-social-engineering-attacks/

  • Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More

Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).

The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.

Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.

BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.

https://www.zdnet.com/article/ransomware-is-scary-but-another-scam-is-costing-victims-much-much-more-says-fbi/#ftag=RSSbaffb68

  • Phishing Kits Constantly Evolve to Evade Security Software

Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.

Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.

Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.

https://www.bleepingcomputer.com/news/security/phishing-kits-constantly-evolve-to-evade-security-software/

  • Ransomware Payment Demands Rose Dramatically in 2021

Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.

IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."

Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.

https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021

  • 7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK

The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.

"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.

https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

  • Here's How Fast Ransomware Encrypts Files

Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.

The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.

Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.

https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files

  • HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For

Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.

This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

  • The Cyber Warfare Predicted in Ukraine May Be Yet to Come

In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.

The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.

https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca

  • The Three Russian Cyber Attacks the West Most Fears

The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.

Russia has previously stated that such accusations are "Russophobic".

However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.

Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.

"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.

This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.

https://www.bbc.co.uk/news/technology-60841924

  • Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks

The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:

The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:

  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats

  • Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors

  • Back up your data and ensure you have offline backups beyond the reach of malicious actors

  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack

  • Encrypt your data so it cannot be used if it is stolen

  • Educate your employees to common tactics that attackers will use over email or through websites

  • Work with specialists to establish relationships in advance of any cyber incidents.

https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks/

  • Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone

The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.

IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.

BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.

"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.

https://www.darkreading.com/attacks-breaches/fbi-cybercrime-victims-suffered-losses-of-over-6-9b-in-2021

  • Expanding Threat Landscape: Cyber Criminals Attacking from All Sides

Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.

“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.

“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”

Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.

Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.

https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/


Threats

Ransomware

Phishing & Email

Other Social Engineering

Malware

Mobile

IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain

Cloud

Passwords & Credential Stuffing

Spyware, Espionage & Cyber Warfare


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea






As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 18 March 2022

Black Arrow Cyber Threat Briefing 18 March 2022

-Guernsey Cyber Security Warning For Islanders And Businesses

-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime

-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine

-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents

-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead

-Cyber Crooks’ Political In-Fighting Threatens the West

-Cloud-Based Email Threats Surge 50% in 2021

-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups

-The Massive Impact of Vulnerabilities In Critical Infrastructure

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Guernsey Cyber Security Warning for Islanders and Businesses

There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.

The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."

The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.

It encouraged vigilance, as the islands are not immune to these attacks.

A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."

Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."

https://www.bbc.co.uk/news/world-europe-guernsey-60763398

CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime

As some nations turn a blind eye, defence becomes life-or-death matter

With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.

"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way. 

"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."

It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.

https://www.theregister.com/2022/03/18/ciso_security_storm/

Four Key Risks Exacerbated by Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.

“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”

There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk

https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/

These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents

Any ransomware is a cyber security issue, but some strains are having more of an impact than others.

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice. 

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/

Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.

The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.

Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.

https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/

Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

An expanding threat landscape is testing the limits of cyber insurance coverage.

The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.

A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.

https://www.techtarget.com/searchsecurity/news/252514592/Cyber-insurance-war-exclusions-loom-amid-Ukraine-crisis

Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead

Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.

Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.

https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/

Cyber Crooks’ Political In-Fighting Threatens the West

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.

According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”

“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”

What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

Cloud-Based Email Threats Surge 50% in 2021

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.

The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.

It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.

The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.

https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/

Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/millions-of-new-mobile-malware-strains-blitzed-enterprises-in-2021/

UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.

The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.

The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.

The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.

https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

The Massive Impact of Vulnerabilities in Critical Infrastructure

Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?

In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.

Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.

https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/


Threats

Ransomware

Phishing & Email

Malware

Mobile

IoT

Organised Crime & Criminal Actors

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain

DoS/DDoS

Cloud

Privacy

Passwords & Credential Stuffing

Regulations, Fines and Legislation

Spyware, Espionage & Cyber Warfare


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – Iran






As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 December 2021

Black Arrow Cyber Threat Briefing 10 December 2021

-Beware Of Ransomware Attacks Between Christmas and New Year’s!

-Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

-Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool

-SolarWinds Attackers Spotted Using New Tactics, Malware

-Cyber Crime Supply Chain: Fueling The Rise In Ransomware

-Weak Passwords Caused 30% Of Security Breaches

-Work-from-Anywhere Requires "Work-from-Anywhere Security"

-Just 3% of UK Firms Escaped a Supply Chain Breach in 2021

-Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild

-New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security

-UK’s Poor Cyber Risk Planning Could “Wreak Havoc”

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

Beware Of Ransomware Attacks Between Christmas And New Year’s!

Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.

The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.

https://www.helpnetsecurity.com/2021/12/09/ransomware-attacks-holiday/

Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.

So how can you take precautions to protect your organisation during these times?

Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.

https://thehackernews.com/2021/12/why-holidays-put-your-company-at-risk.html

Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool

Security experts are sounding the equivalent of a five-alarm fire on a critical new zero-day vulnerability in Log4j, a logging framework that is ubiquitously present in Java software.

The flaw (CVE-2021-44228) could allow remote attackers to run arbitrary code on any application that uses Log4j and is already being actively exploited. Some vendors have observed mass scanning activity — presumably by threat actors — for vulnerable applications, and there are some reports of exploit activity against organisations. Attacks against the flaw take little skill to execute and are being fueled by proof-of-concept code in the wild.

https://www.darkreading.com/vulnerabilities-threats/security-experts-sound-alarm-on-zero-day-in-widely-used-log4j-tool

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.

https://threatpost.com/solarwinds-attackers-new-tactics-malware/176818/

Cyber Crime Supply Chain: Fuelling The Rise In Ransomware

Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.

https://www.helpnetsecurity.com/2021/12/06/cybercrime-supply-chain/

Weak Passwords Caused 30% Of Security Breaches

A recent survey assessed the risk factors associated with password management and how to safeguard them from attacks or breaches. The results revealed that 30% of respondents reported password leaks and security breaches as a result of poor password practices. Respondees admitted to making poor password choices, such as sharing them with colleagues, family members or friends; writing them on sticky notes, papers, planners; re-using passwords across multiple sites and only changing them when prompted.

Consequently, researchers revealed some of the best password practices to create unhackable passwords. These practices include using secure VPNs, two-factor authentication, using a password management software and creating unique passwords that aren’t easily deduced .

https://www.itsecurityguru.org/2021/12/10/weak-passwords-caused-30-of-security-breaches/

Work-from-Anywhere Requires "Work-from-Anywhere Security"

Securing today's expanding networks often includes adding additional technologies to an already overburdened security environment. With organisations already struggling to manage an average of 45 security tools, with each incident requiring coordination across 19 different devices, adding new technologies to the mix may be the straw that breaks the camel's back.

The most recent example of the rapid expansion of the network's attack surface has been remote work. The COVID-19 pandemic accelerated the need for a work-from-anywhere (WFA) strategy. And now, as workers begin to return to the office, a hybrid approach to work has become the new status quo. According to Accenture, 83% of workers prefer a hybrid work model that allows them to work remotely between 25% and 75% of the time. And businesses are listening. 63% of high-revenue growth companies have already enabled productivity anywhere workforce models.

One of the biggest security challenges of a hybrid workforce is that employees need to move seamlessly between the corporate office, their home network, and other remote locations. Applications, whether deployed in the data centre, SaaS, or cloud, not only need to be available from anywhere, but user experience—and security—needs to be consistent from any location as well.

https://www.securityweek.com/work-anywhere-requires-work-anywhere-security

Just 3% of UK Firms Escaped a Supply Chain Breach in 2021

Some 97% of UK organisations suffered a supply chain breach over the past year, up from 82% in 2020 and the second highest figure globally, according to BlueVoyant.

The security firm polled 1200 C-level executives with responsibility for managing risk in supply chains, across the UK, US, Singapore, Canada, Germany and the Netherlands.

UK firms also experienced a higher-than-average percentage of breaches: 59% suffered between two and five supply chain incidents compared to an overall average of 49%. The average number of breaches in the country grew from 2.64 in 2020 to 3.57 in 2021.

Perhaps unsurprisingly given these figures, only a quarter (27%) of UK respondents said they consider third-party cyber risk a key priority versus a 42% global average.

https://www.infosecurity-magazine.com/news/just-3-uk-firms-escaped-supply/

Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild

News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.

News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.

https://www.csoonline.com/article/3643928/critical-flaw-in-manageengine-desktop-central-msp-tool-exploited-in-the-wild.html

New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security

Continuity™, the first dedicated storage and backup security provider, this week announced findings from its Security Intelligence Report: Analysis of Storage and Backup Security in the Financial Services & Banking Sector. This extensive study – the first of its kind – explores the security posture of storage and backup environments in the global financial services industry.

The survey of 200 financial services firms and banks from 45 countries revealed that most of these organisations have not yet reached a satisfactory level of storage and backup maturity. Notably, more than half (52%) of the respondents were not strongly confident about their storage and backup security, and a quarter (25%) noted they were significantly concerned (low or no confidence).

https://www.darkreading.com/attacks-breaches/new-financial-services-industry-report-reveals-major-gaps-in-storage-and-backup-security

UK’s Poor Cyber Risk Planning Could “Wreak Havoc”

The UK’s long-term risk planning is under-powered and could expose the nation if it is struck by a serious cyber-threat, a new House of Lords (HoL) report has found.

The study, Preparing for Extreme Risks: Building a Resilient Society, was produced by the upper chamber’s Select Committee on Risk Assessment and Risk Planning after interviews with 85 expert witnesses.

It claimed that the government spends too much of its time reacting to crises and emergencies, neglecting the kind of long-term planning which would have prepared the country better for the COVID-19 pandemic.

“The UK’s unpreparedness to manage the outbreak of the COVID-19 virus was and is clear. More broadly, our inquiry has analyzed the UK’s risk assessment process and found that our current system is deficient at assessing and addressing future threats and hazards,” it argued.

“However, pandemics are only one of a number of extreme risks facing the UK. Severe space weather events could render smart technologies on which much of society relies inoperable for weeks or longer; this would include GPS, the internet, communications systems and power supplies. A cyber or physical attack on our critical national infrastructure could wreak havoc.”

https://www.infosecurity-magazine.com/news/uks-poor-cyber-risk-planning-could/


Threats

Ransomware

Phishing

Malware

Mobile

IOT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Insider Risk and Insider Threats

Fraud & Financial Crime

Dark Web

OT, ICS, IIoT and SCADA

Nation State Actors

Cloud





As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More