Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.

It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.

“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”

https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/

• Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations

Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.

Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).

With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.

Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.

Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.

https://www.darkreading.com/vulnerabilities-threats/cybersecurity-resilience-emerges-as-top-priority-as-62-of-companies-say-security-incidents-impacted-business-operations

• Cyber Security Should Focus on Managing Risk

Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.

There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.

Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.

Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.

In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.

https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk

• Fear of Cyber Attacks Drives SMBs to Spend More on Software

Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.

Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:

• Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases

• Implementation concerns are SMBs’ biggest purchase barrier

• Most SMB software purchases are solely handled by IT, disregarding other important stakeholders

• Customer reviews sway purchase decisions, and verified reviews are critical

Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.

https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/

• Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.

“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).

BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.

Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.

Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.

https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/

• Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.

In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.

The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.

Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.

The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.

“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.

https://www.darkreading.com/threat-intelligence/ransomware-professionalization-grows-as-raas-takes-hold

• Automated Dark Web Markets Sell Corporate Email Accounts For $2

Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.

Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.

The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.

Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.

Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.

https://www.bleepingcomputer.com/news/security/automated-dark-web-markets-sell-corporate-email-accounts-for-2/

• Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.

"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."

Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

• Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)

• Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls

Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

• Security Concerns Scupper Deals for Two-Thirds of Firms

Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.

The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.

Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.

There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.

Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.

https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/

• Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.

"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."

In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.

The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."

https://www.pcgamer.com/microsoft-encourages-strong-cyber-hygiene-in-light-of-increasing-russian-cyberattacks/

Threats

Ransomware, Extortion and Destructive Attacks

• Rackspace customers rage following ransomware attack, as class-action lawsuits filed (bitdefender.com)

• Ransomware Professionalization Grows as RaaS Takes Hold (darkreading.com)

• Rackspace Admits Security Incident, Helps Customers Migrate to Microsoft 365 Accounts - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank share price slumps ahead of major shutdown and cyber security overhaul (fool.com.au)

• Rackspace confirms ransomware behind days-long email outage • The Register

• Vice Society: Profiling a Persistent Threat to the Education Sector (paloaltonetworks.com)

• Wiper, Disguised as Fake Ransomware, Targets Russian Orgs (darkreading.com)

• Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica

• Rackspace rocked by ‘security incident’ in hosted Exchange • The Register

• Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware (thehackernews.com)

• Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)

• New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security

• South Pacific vacations may be wrecked by ransomware • The Register

• Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks - IT Security Guru

• Intersport Data Posted On Hive Dark Web Blog - Information Security Buzz

• NZ Privacy Commissioner Investigates Mercury IT Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (thehackernews.com)

• Education sector hit by Hive ransomware in November | TechTarget

• Ransomware attack forces French hospital to transfer patients (bleepingcomputer.com)

• CommonSpirit Health ransomware attack exposed data of 623,000 patients (bleepingcomputer.com)

• Ransomware Gang Steals Employee and Customer Data From LJ Hooker (vice.com)

Phishing & Email Based Attacks

• Rackspace warns of phishing risks following ransomware attack (bleepingcomputer.com)

• Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)

• Phishing scammers impersonate WhatsApp by buying a top ad spot on Google | PC Gamer

• Man who lost $149k after clicking on phishing e-mail among at least 10 victims in Case cyber attack | The Straits Times

• How to Recognize Phishing Emails: Cyber security Experts Give Advice - WSJ

• Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Attacks Expand Beyond Email and Toward Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Christmas Warning: Threat Actors Impersonate your Favourite Brands to Attack, Finds CSC - Infosecurity Magazine (infosecurity-magazine.com)

• Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)

• Hardening Identities With Phish-Resistant MFA (darkreading.com)

• 'I had £8,000 stolen but Revolut won't refund it' - BBC News

Malware

• Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant (thehackernews.com)

• Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)

• Malware Authors Inadvertently Take Down Own Botnet (darkreading.com)

• New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm (thehackernews.com)

• Truebot Malware Activity Increases With Possible Evil Corp Connections - Infosecurity Magazine (infosecurity-magazine.com)

• Newly Discovered Trojan Steals 300,000 Facebook Users Details In 4 Year-Long Campaign - Information Security Buzz

• Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines (darkreading.com)

Mobile

• BEC Attacks Expand Beyond Email and Toward Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)

• 'Scattered Spider' Cyber crime Group Targets Mobile Carriers via Telecom, BPO Firms | SecurityWeek.Com

• Code of practice for app store operators and app developers - GOV.UK (www.gov.uk)

• Android malware apps with 2 million installs spotted on Google Play (bleepingcomputer.com)

• Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian

• Android malware infected 300,000 devices to steal Facebook accounts (bleepingcomputer.com)

• Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps (thehackernews.com)

• Android December 2022 security updates fix 81 vulnerabilities (bleepingcomputer.com)

• Telcom and BPO Companies Under Attack by SIM Swapping Hackers (thehackernews.com)

• Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide (thehackernews.com)

• Eight Questions to Ask Your Aging Parents (and Yourself) to Keep Their Phones Safe From Hackers - WSJ

• SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)

• Compromised Android keys used to sign info-stealing malware • The Register

• Largest mobile malware marketplace identified by Resecurity in the Dark Web - Security Affairs

Internet of Things – IoT

• How IoT is changing the threat landscape for businesses - Help Net Security

• What's the Matter with digital trust in smart home devices? - Help Net Security

• Security Risks Found in Millions of XIoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com

• Eufy responds to camera security concerns | ZDNET

Data Breaches/Leaks

• Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

• Personal data of 10,000 Australians found for sale online | 7NEWS

• Stolen data of 600,000 Indians sold on bot markets so far - study | Reuters

Organised Crime & Criminal Actors

• Of Exploits and Experts: The Professionalization of Cyber Crime (darkreading.com)

• Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security

• Automated dark web markets sell corporate email accounts for $2 (bleepingcomputer.com)

• DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics (bleepingcomputer.com)

• BlackProxies proxy service increasingly popular among hackers (bleepingcomputer.com)

• Gen Z Internet Users "Normalize" Cyber crime - Report - Infosecurity Magazine (infosecurity-magazine.com)

• Chart: Cyber crime Expected To Skyrocket in Coming Years | Statista

• Metaparasites: The cyber criminals who rip each other off • Graham Cluley

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bitcoin ‘rarely’ used for legal transactions, on ‘road to irrelevance’, say European Central Bank officials | TechCrunch

• North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (thehackernews.com)

• Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: Hackers target cryptocurrency firms over Telegram (bleepingcomputer.com)

• UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)

• North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

Insider Risk and Insider Threats

• Insights into insider threats: Detecting and monitoring abnormal user activity - Help Net Security

Fraud, Scams & Financial Crime

• Even cyber criminals fall for online scams: $2.5m last year • The Register

• Why are Monzo, Revolut and Starling becoming scam targets? — Startup Europe, The Sifted Podcast | Sifted

• 'I had £8,000 stolen but Revolut won't refund it' - BBC News

• Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)

• Credit card skimming – the long and winding road of supply chain failure – Naked Security (sophos.com)

• Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)

• Cyber criminals are scamming each other, tipping off law enforcement - Help Net Security

• Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)

• SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)

• Metaparasites: The cyber criminals who rip each other off • Graham Cluley

• Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Thanks to AI, it’s probably time to take your photos off the Internet | Ars Technica

AML/CFT/Sanctions

• Santander UK fined £108m over anti-money laundering failings | Banco Santander | The Guardian

Insurance

• What you should know when considering cyber insurance in 2023 | CSO Online

• Cyber Insurance Policy Underwriting Explained (trendmicro.com)

Dark Web

• Dark web recruiting techniques: Malware, phishing, and carding - Help Net Security

Supply Chain and Third Parties

• Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (thehackernews.com)

• Antwerp's city services down after hackers attack digital partner (bleepingcomputer.com)

• Credit card skimming – the long and winding road of supply chain failure – Naked Security (sophos.com)

• Transport And Shipping Beware – Supply Chains Under Attack - Information Security Buzz

• Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

Software Supply Chain

• How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)

Denial of Service DoS/DDoS

• 3 Types Of DDoS Attack Types You Should Care About - Information Security Buzz

• Microsoft warning after DDoS attack disrupts Russian bank • The Register

Cloud/SaaS

• Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)

• How to get cloud migration right - Help Net Security

• 3 Ways Attackers Bypass Cloud Security (darkreading.com)

• How to implement least privilege access in the cloud | TechTarget

Hybrid/Remote Working

• Remote workers losing laptops are bigger threat to companies than hackers (telegraph.co.uk)

Encryption

• WhatsApp raises threat of UK shutdown in encryption row (telegraph.co.uk)

• Governments want to avert quantum's encryption apocalypse (axios.com)

API

• 68% of IT leaders are worried about API sprawl - Help Net Security

Open Source

• Ping of death! FreeBSD fixes crashtastic bug in network tool – Naked Security (sophos.com)

• Research reveals where 95% of open source vulnerabilities lie - Help Net Security

• Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)

• Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Password Reset Calls Are Costing Your Org Big Money (bleepingcomputer.com)

Social Media

• Taiwan bans state-owned devices from running TikTok • The Register

• Critical Vulnerabilities Force Twitter Alternative Hive Social Offline | SecurityWeek.Com

• Does Hive's Security Problem Make It Unsafe to Use? (lifehacker.com)

• Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)

• US States label TikTok a malicious and menacing threat • The Register

Training, Education and Awareness

• Making Cyber-awareness Training And Spoofing Protection Mandatory In The Digital Workplace - Information Security Buzz

• Engage your employees with better cyber security training - Help Net Security

• Lack of Cyber security Expertise Poses Threat for Public-Safety Orgs (darkreading.com)

• 4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat

Parental Controls and Child Safety

• US Sues TikTok Over Child Safety and Data Security Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Are Parents Feeding Kids’ Data To Threat Actors? Expert Comments - Information Security Buzz

Regulations, Fines and Legislation

• Five companies fined over £400,000 for targeting over-60s with illegal marketing calls | UK News | Sky News

• UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)

• What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)

Governance, Risk and Compliance

• Cyber security Risk Management In The Real World - Information Security Buzz

• Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security

• Cyber security Plan: 3 Keys for CISOs (trendmicro.com)

Models, Frameworks and Standards

• Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)

• PCI Secure Software Standard 1.2 released - Help Net Security

• How compliance leaders can encourage employees to report misconduct - Help Net Security

• The changing role of the MITRE ATT@CK framework | CSO Online

• Don't Wait to Become CMMC Compliant - Information Security Buzz

• Three Ways to Improve Defence Readiness Using MITRE D3FEND | SecurityWeek.Com

Data Protection

• Remote workers losing laptops are bigger threat to companies than hackers (telegraph.co.uk)

• How companies time data leak disclosures - Help Net Security

• What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)

Careers, Working in Cyber and Information Security

• 5 top qualities you need to become a next-gen CISO | CSO Online

Law Enforcement Action and Take Downs

• Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)

• Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The Privacy War Is Coming (darkreading.com)

• Apple Faces Critics Over Its Privacy Policies | SecurityWeek.Com

• Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian

• Apple announces new security and privacy measures amid surge in cyber-attacks | Apple | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• NATO Readies for Cyber War: Simulation Shows Unified Front Against Attack - MSSP Alert

• Microsoft warns of Russian cyber attacks throughout the winter (bleepingcomputer.com)

• Microsoft warning after DDoS attack disrupts Russian bank • The Register

• Lessons from Russia’s cyber-war in Ukraine | The Economist

• Russian Espionage APT Callisto Focuses on Ukraine War Support Organisations | SecurityWeek.Com

• Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs (darkreading.com)

• Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict (substack.com)

• Russian Hackers Use Western Networks to Attack Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Pegasus spyware was used to hack reporters’ phones. I’m suing its creators | Nelson Rauda Zablah | The Guardian

Nation State Actors

Nation State Actors – Russia

• Microsoft encourages 'strong cyber hygiene' in light of increasing Russian cyber attacks | PC Gamer

• Russian Hackers Spotted Targeting US Military Weapons and Hardware Supplier (thehackernews.com)

• The surprising ineffectiveness of Russia’s cyber-war | The Economist

Nation State Actors – China

• Chinese Government Linked Hackers Swiped $20M in Targeted Pandemic Funds, Secret Service Says - MSSP Alert

• Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities (thehackernews.com)

• Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks (thehackernews.com)

• Chinese hackers stole millions worth of US COVID relief money, Secret Service says | Reuters

• Amnesty International Canada breached by suspected Chinese hackers (bleepingcomputer.com)

• China Operates More Than 100 Secret 'Police Stations' Globally: Report (businessinsider.com)

• US Congress rolls back proposal to restrict use of Chinese chips | Computerworld

Nation State Actors – North Korea

• North Korean tech freelancers' earnings fund nukes, missiles • The Register

• North Korean Hackers Spread AppleJesus Malware Disguised as Cryptocurrency Apps (thehackernews.com)

• Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com

• APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)

• Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)

• North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

Nation State Actors – Iran

• Iranian APT Targets US With Drokbk Spyware via GitHub (darkreading.com)

• Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (thehackernews.com)

• Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics (thehackernews.com)

• UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives | CNN

• Iran Arrests News Agency Deputy After Reported Cyber attack | SecurityWeek.Com

Vulnerabilities

• Attackers take over expired domain to deliver web skimming scripts - Help Net Security

• Google discovers Windows exploit framework used to deploy spyware (bleepingcomputer.com)

• Cisco discloses high-severity IP phone bug with exploit code (bleepingcomputer.com)

• Google Chrome emergency update fixes 9th zero-day of the year (bleepingcomputer.com)

• Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com

• For Cyber attackers, Popular EDR Tools Can Turn into Destructive Data Wipers (darkreading.com)

• A new Linux flaw can be chained with other two bugs to gain full root privileges - Security Affairs

• Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com

• Google Chrome Flaw Added to CISA Patch List (darkreading.com)

• Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS | SecurityWeek.Com

• Research reveals where 95% of open source vulnerabilities lie - Help Net Security

• Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)

• Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)

• Multiple Zero Days Discovered In Leading Antivirus And Endpoint Solutions (informationsecuritybuzz.com)

• APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)

• WAFs of Several Major Vendors Bypassed With Generic Attack Method | SecurityWeek.Com

• Google Chrome zero-day exploited in the wild (CVE-2022-4262) - Help Net Security

• Sophos fixed a critical flaw in its Sophos Firewall version 19.5 - Security Affairs

Tools and Controls

• Security pros feel threat detection and response workloads have increased - Help Net Security

• Single Sign-on: It's Only as Good as Your Ability to Use It (darkreading.com)

• Leveraging the full potential of zero trust - Help Net Security

• Understanding malware analysis and its challenges | TechTarget

• Using XDR to Consolidate and Optimize Cyber security Technology (thehackernews.com)

Reports Published in the Last Week

• The promise of Open Everything (axway.com)

• Security Outcomes Report, Volume 3 - Cisco

• ENISA Threat Landscape 2022 — ENISA (europa.eu)

Other News

• Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet | SecurityWeek.Com

• Where Advanced Cyber attackers Are Heading Next: Disruptive Hits, New Tech (darkreading.com)

• 43 Trillion Security Data Points Illuminate Our Most Pressing Threats (darkreading.com)

• 7 reasons why you must embed trust into the core of your business - Help Net Security

• Most convicted terrorists radicalised online, finds MoJ-backed study | UK security and counter-terrorism | The Guardian

• Risky online behaviour ‘almost normalised’ among young people, says study | Internet | The Guardian

• Top 7 factors boosting enterprise cyber security resilience - Help Net Security

• Machine Learning Models: A Dangerous New Attack Vector (darkreading.com)

• Microsoft's rough 2022 security year in review | CSO Online

• Consumers want convenience without sacrificing security - Help Net Security

• 4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat

• 3 of the Worst Data Breaches in the World That Could Have Been Prevented  - Security Affairs

• Removing the Barriers to Security Automation Implementation | SecurityWeek.Com

• Cyber security Should Focus on Managing Risk (darkreading.com)

• Deal with sophisticated bot attacks: Learn, adapt, improve - Help Net Security

• Want to detect Cobalt Strike? Look to process memory • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates

Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.

Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.

"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.

Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.

https://www.reuters.com/technology/britain-warns-cyberattacks-russia-ukraine-crisis-escalates-2022-02-22/

Ransomware Extortion Doesn't Stop After Paying The Ransom

A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.

This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.

The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:

• 18% of victims who paid the ransom still had their data exposed on the dark web.

• 8% refused to pay the ransom, and the attackers tried to extort their customers.

• 35% of victims paid the ransom but were still unable to retrieve their data.

As for the ransomware actor extortion tactics, these are summarized as follows:

• 83% of all successful ransomware attacks featured double and triple extortion.

• 38% of ransomware attacks threatened to use stolen data to extort customers.

• 35% of ransomware attacks threatened to expose stolen data on the dark web.

• 32% of attacks threatened to directly inform the victim's customers of the data breach incident.

https://www.bleepingcomputer.com/news/security/ransomware-extortion-doesnt-stop-after-paying-the-ransom/

Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces

The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.

Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."

The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link.  The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.

According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.

https://www.bitdefender.com/blog/hotforsecurity/ukraine-calls-for-volunteer-hackers-to-protect-its-critical-infrastructure-and-spy-on-russian-forces/

Study: UK Firms Most Likely To Pay Ransomware Hackers

Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.

The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.

Phishing attacks remain the key way criminals access networks, it found.

Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.

https://www.bbc.co.uk/news/business-60478725

Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.

Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.

https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/

91% of UK Organisations Compromised by an Email Phishing Attack in 2021

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.

The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.

The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.

Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.

https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/

Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021

Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.

As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.

Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.

This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.

https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/

Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion

A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.

“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.

The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.

The Russian Government’s portal, and the websites of other ministries are running very slow.

The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.

Anonymous pointed out that it is not targeting Russian citizens, but only their government.

“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”

https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html

Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds

If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.

The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.

Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.

What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”

https://www.msspalert.com/cybersecurity-news/email-remains-go-to-method-for-cyberattacks-phishing-research-report-finds/

The Future of Cyber Insurance

In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.

At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.

If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.

https://www.darkreading.com/risk/the-future-of-cyber-insurance

Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices

Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.

The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.

https://www.darkreading.com/risk/businesses-are-at-significant-risk-of-cybersecurity-breaches-due-to-immature-security-hygiene-and-posture-management-practices

Microsoft Teams Is The New Frontier For Phishing Attacks

Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.

One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.

“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.

Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.

However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.

https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/

Threats

Ransomware

• Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters

• Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com

• Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online

• TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)

• Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)

• Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security

• Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)

• Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs

• Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)

BEC – Business Email Compromise

• BEC-as-a-Service Campaigns Drive Surge in Email Fraud - Infosecurity Magazine

Phishing & Email

• Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost

• New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)

• Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)

Other Social Engineering

• Social Media Attacks Surged In 2021, Financial Institutions Targeted The Most - Help Net Security

Malware

• Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today

• Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)

• Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin

• Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs

• New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)

• Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)

• Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)

Mobile

• New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)

• Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost

• Beware of ‘Zero-Click’ Hacks That Exploit Security Flaws in Phones’ Operating Systems (insurancejournal.com)

• Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register

Data Breaches/Leaks

• Revealed: Credit Suisse Leak Unmasks Criminals, Fraudsters And Corrupt Politicians | Credit Suisse | The Guardian

Organised Crime & Criminal Actors

• Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs

• Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking

• North Korean Hackers Launder Crypto Using Sophisticated Techniques: Report (cryptopotato.com)

Insider Risk and Insider Threats

• Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security

• Insider Threats Are More Than Just Malicious Employees (darkreading.com)

• 83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security

• Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online

Fraud, Scams & Financial Crime

• Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today

• Sextortion Rears Its Ugly Head Again | Threatpost

• French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)

• Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine

Supply Chain

• Hackers Tried To Shatter The Spine Of Global Supply Chains In 2021 | ZDNet

Nation State Actors

• NCSC Advises Organisations to Act Following Russia’s Further Violation of Ukraine’s Territorial Integrity - NCSC.GOV.UK

• Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian

• Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com

• Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs

• Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED

• China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs

• Iran's Hackers Are Using These Tools To Steal Passwords And Deliver Ransomware, say FBI and CISA | ZDNet

• US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs

Privacy

• What Is Browser Fingerprinting and How Does It Track You? | WIRED

Spyware, Espionage & Cyber Warfare

• CISOs, Beware Of Spyware Tools For Illicit Competitive Intelligence | CSO Online

Vulnerabilities

• Cisco Firewall Customers Warned Of Need For Rapid Updates • The Register

• New Flaws Discovered in Cisco's Network Operating System for Switches (thehackernews.com)

• CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform (thehackernews.com)

Sector Specific

Financial Services Sector

• CrowdStrike CEO: Bank Execs ‘Very Concerned’ About Russia Cyber Attacks (cnbc.com)

Defence

• New "SockDetour" Fileless, Socketless Backdoor Targets US Defense Contractors (thehackernews.com)

Health/Medical/Pharma Sector

• Massive Ransomware Attack Could Cost Irish Health Exec €100m - Infosecurity Magazine

Construction

• Construction Companies Receive Cyber Security Guidance - IT Security Guru

Reports Published in the Last Week

• 2022 State of the Phish Report - Stats, Trends & More | Proofpoint

Other News

• The Threat of Cyber War Has Finally Arrived - The Atlantic

• War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)

• Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)

• 22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat

• Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security

• 50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert

• ‘Betamax’ Police Forces Failing To Recognise The Digital ‘Crime Challenges Of Today’ (telegraph.co.uk)

• How Much Can You Trust Your Printer? - Help Net Security

• Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)

• How To Keep Pace With Rising Data Protection Demands - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.