Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 21 July 2023
Black Arrow Cyber Threat Briefing 21 July 2023:
-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals
-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
-Risk is Driving Medium-Sized Business Decisions
-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security
-Hybrid Work, Digital Transformation can Exploit Security Gaps
-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
-Pro-Russian Hacktivists Increase Focus on Western Targets
-Infosec Doesn't Know What AI Tools Orgs Are Using
-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.
A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.
https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/
MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals
The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.
The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.
https://www.theregister.com/2023/07/20/moveit_victim_count/
IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.
Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.
Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.
A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.
Risk is Driving Medium-Sized Business Decisions
Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.
In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.
Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security
For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.
However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.
This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.
Hybrid Work, Digital Transformation can Exploit Security Gaps
A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.
What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.
https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/
https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html
Pro-Russian Hacktivists Increase Focus on Western Targets
‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.
The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.
https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/
Infosec Doesn't Know What AI Tools Organisations Are Using
With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.
Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.
https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using
Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.
https://www.theregister.com/2023/07/19/google_cuts_internet/
Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.
The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023
Governance, Risk and Compliance
Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert
Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)
Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
CISOs are making cyber security a business problem - Help Net Security
Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)
Best practices for an effective cyber security strategy | CSO Online
Exploring the macro shifts in enterprise security - Help Net Security
Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro
Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)
Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)
SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)
New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek
Google’s Bard poses ransomware risk, say researchers | Cybernews
FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Ransomware Victims
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch
MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)
BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly
Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian
Russian medical lab suspends some services after ransomware attack (therecord.media)
Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Phishing & Email Based Attacks
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
BEC – Business Email Compromise
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent
Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)
AI models must be reconciled with data protection laws • The Register
1 in 4 Brits play with generative AI and some believe it too • The Register
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
AI must have better security, says top cyber official - BBC News
Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Google’s Bard poses ransomware risk, say researchers | Cybernews
Malware
Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)
Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs
Are Viruses Still a Threat to Cyber security? (makeuseof.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)
Mobile
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)
Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)
Botnets
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Denial of Service/DoS/DDOS
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop
Attackers intensify DDoS attacks with new tactics - Help Net Security
Internet of Things – IoT
How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)
US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)
Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)
Data Breaches/Leaks
MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek
Data compromises on track to set a new record - Help Net Security
Virustotal data leak exposed data of some registered customers - Security Affairs
What to do (and what not to do) after a data breach - Help Net Security
Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
LastPass: The lessons we learnt from our devastating breach | TechRadar
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)
FIA World Endurance Championship driver passports leaked - Security Affairs
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Colorado State University says data breach impacts students, staff (bleepingcomputer.com)
Organised Crime & Criminal Actors
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek
Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Former contractor accused of remotely accessing town's water treatment facility | Tripwire
Insider Risk Management Starts With SaaS Security (darkreading.com)
Fraud, Scams & Financial Crime
Growing scam activity linked to social media and automation - Help Net Security
A fresh look at the current state of financial fraud - Help Net Security
Tech support scammers now accepting cash via snail mail • The Register
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
AML/CFT/Sanctions
Insurance
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Dark Web
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
Supply Chain and Third Parties
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Supply chain executives unaware of growing customer trust issues - Help Net Security
Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)
Cloud/SaaS
Microsoft makes cloud security logs available for free • The Register
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Hybrid/Remote Working
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Securing The Hybrid Workforce Begins With Browsing (forbes.com)
Attack Surface Management
Identity and Access Management
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
The rise of hassle-free and secure authentication | CyberScoop
Encryption
Real-world examples of quantum-based attacks - Help Net Security
EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Signal president rejects ‘mass surveillance’ UK law | Fortune
API
Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)
API keys: Weaknesses and security best practices | TechTarget
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass: The lessons we learnt from our devastating breach | TechRadar
Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Social Media
Growing scam activity linked to social media and automation - Help Net Security
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
Training, Education and Awareness
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)
Digital Transformation
Travel
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
Regulations, Fines and Legislation
AI models must be reconciled with data protection laws • The Register
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Career Benefits of Learning Ethical Hacking (analyticsinsight.net)
Should You Be Using a Cyber security Careers Framework? (darkreading.com)
Law Enforcement Action and Take Downs
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Privacy, Surveillance and Mass Monitoring
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop
Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)
Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)
Ukraine innovates on cyber defence | Financial Times (ft.com)
China
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert
Xi wants to make the Great Firewall of China even greater • The Register
North Korea
JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)
North Korean hackers breached a US tech company to steal crypto | Reuters
Misc/Other/Unknown
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
APT Protection: The Key to Safeguarding Your Business (ts2.space)
How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
What is Vulnerability Assessment In Cyber security? (gbhackers.com)
Vulnerabilities
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)
Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)
OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs
Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)
5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)
Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek
Google says Apple employee found a zero-day but did not report it | TechCrunch
Tools and Controls
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)
A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)
Enterprise communication security a growing risk, priority | TechTarget
MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)
NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft's security roadmap: Protect Azure DevOps secrets • The Register
CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)
What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET
Insider Risk Management Starts With SaaS Security (darkreading.com)
67% of daily security alerts overwhelm SOC analysts - Help Net Security
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Microsoft makes cloud security logs available for free • The Register
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
API keys: Weaknesses and security best practices | TechTarget
Other News
Google restricting internet access to some employees for security (cnbc.com)
Enterprise communication security a growing risk, priority | TechTarget
Healthcare organisations in the crosshairs of cyber attackers - Help Net Security
Broadband consumers demand security and sustainability - Help Net Security
Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)
Cyber security measures SMBs should implement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 April 2023
Black Arrow Cyber Threat Briefing 14 April 2023:
-Almost Half of Former Employees Say Their Passwords Still Work
-Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets
-Printers Pose Persistent Yet Overlooked Threat
-Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents
-Over 90% of Organisations Find Threat Hunting a Challenge
-75% of Organisations Have Suffered a Cyber Security Breach
-Leak Shows Evolving Russian Cyber War Capabilities
-Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack
-When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?
-Insider Threat and Ransomware: A Growing Issue
-How LockBit Changed Cyber Security Forever
-Hybrid Work Environments Are Stressing CISOs
-Protect Your Data with a USB Condom
-Strategising Cyber Security: Why a Risk-based Approach is Key
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Almost Half of Former Employees Say Their Passwords Still Work
An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.
According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.
When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.
Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets
A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.
The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.
https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/
Printers Pose Persistent Yet Overlooked Threat
A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.
Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.
https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat
Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents
Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.
Over 90% of Organisations Find Threat Hunting a Challenge
Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.
In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.
Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.
75% of Organisations Have Suffered a Cyber Security Breach
Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:
97% of organisations indicated they are experiencing private cloud problems.
75% have experienced a cyber security breach, threat and/or theft of data.
75% said shadow IT “impairs their ability to keep data secure.”
60% allow employees to download sensitive data to their personal devices.
52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.
37% said they do not trust the public cloud to secure their sensitive data.
Leak Shows Evolving Russian Cyber War Capabilities
The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.
The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.
This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.
Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack
Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.
According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.
When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?
If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.
You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.
If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.
https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x
Insider Threat and Ransomware: A Growing Issue
Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.
Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.
https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/
How LockBit Changed Cyber Security Forever
LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.
https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/
Hybrid Work Environments Are Stressing CISOs
The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.
Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.
And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.
https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/
Protect Your Data with a USB Condom
USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.
https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/
Strategising Cyber Security: Why a Risk-based Approach is Key
By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.
Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level. In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.
https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/
Threats
Ransomware, Extortion and Destructive Attacks
Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)
Microsoft patches vulnerability used in Nokoyawa ransomware attacks | CSO Online
How LockBit Changed Cyber security Forever (securityintelligence.com)
Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)
Rorschach ransomware deployed by misusing a security tool - Help Net Security
Medusa ransomware claims attack on Open University of Cyprus (bleepingcomputer.com)
Cyble — New Cylance Ransomware with Power-Packed CommandLine Options
Taiwanese PC Company MSI Falls Victim to Ransomware Attack (thehackernews.com)
KFC, Pizza Hut owner discloses data breach after ransomware attack (bleepingcomputer.com)
7 Things Your Ransomware Response Playbook Is Likely Missing (darkreading.com)
Cyber crime group exploits Windows zero-day in ransomware attacks-Security Affairs
Windows zero-day vulnerability exploited in ransomware attacks (bleepingcomputer.com)
Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop
Latitude Financial Refuses to Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Superyacht-Maker Hit by Easter Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Phishing & Email Based Attacks
Microsoft: Phishing attack targets accountants as Tax Day approaches (bleepingcomputer.com)
Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)
Phishing Campaign Targeting YouTube Content Creators, Malware Hitting Charging Stations - MSSP Alert
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Comparing enabled and enforced MFA in Microsoft 365 | TechTarget
Rilide browser extension steals MFA codes - Help Net Security
Malware
New Mirai Variant Employs Uncommon Tactics to Distribute Malware (darkreading.com)
Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques (thehackernews.com)
BlackGuard Stealer Extends its Capabilities in New Variant - MSSP Alert
Check Point Software Technologies: Qbot Top Malware in March 2023 - MSSP Alert
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)
Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)
Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks (bleepingcomputer.com)
Microsoft, Fortra Gains Legal Rights Against Cobalt Strike Abuse (informationsecuritybuzz.com)
Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users (darkreading.com)
WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)
Mobile
FBI warns about dangers of public USB charging ports | Popular Science (popsci.com)
Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)
Android phones vulnerable to remote hacking — update right now | Tom's Guide (tomsguide.com)
Burglars tunnel through Apple Store’s neighbour, allegedly steal $500K in iPhones | Ars Technica
5G connections set to rise past 5.9 billion by 2027 - Help Net Security
Cyber criminals To Add Android Malware On Google Play Up To $20,000 (informationsecuritybuzz.com)
WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Hackers Flood NPM with Bogus Packages Causing a DoS Attack (thehackernews.com)
DDoS attacks shifting to VPS infrastructure for increased power (bleepingcomputer.com)
DDoS alert traffic reaches record-breaking level of 436 petabits in one day - Help Net Security
DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)
Internet of Things – IoT
Printers Pose Persistent Yet Overlooked Threat (darkreading.com)
There’s a new form of keyless car theft that works in under 2 minutes | Ars Technica
Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters
Default static key in ThingsBoard IoT platform can give attackers admin access | CSO Online
5G connections set to rise past 5.9 billion by 2027 - Help Net Security
Zigbee PRO 2023 introduces new security mechanisms, feature enhancements - Help Net Security
Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek
Data Breaches/Leaks
Samsung employees unwittingly leaked company secret data by using ChatGPT-Security Affairs
Cloud accounting firm in a pickle after researchers find admin login data | TechRadar
Service NSW breach exposes personal data affecting thousands of customers | 7NEWS
Military Intel Leak Investigated By US Officials (informationsecuritybuzz.com)
Hyundai data breach exposes owner details in France and Italy (bleepingcomputer.com)
Organised Crime & Criminal Actors
Criminal businesses adopt corporate behaviour as they grow - Help Net Security
Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online
Breached shutdown sparks migration to ARES data leak forums (bleepingcomputer.com)
FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Sentiment DeFi Hacker Makes Amends by Returning 90% of Funds (beincrypto.com)
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)
Insider Risk and Insider Threats
Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent
Cyber criminals use simple trick to obtain personal data - Help Net Security
Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)
Fraud, Scams & Financial Crime
FBI warns of companies exploiting sextortion victims for profit (bleepingcomputer.com)
Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera
‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)
When Banking Laws Don't Protect Consumers From Cybertheft (darkreading.com)
AI clones child’s voice in fake kidnapping scam | The Independent
Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)
Stolen Card Numbers Plummet 94% Globally - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain and Third Parties
3CX confirms North Korean hackers behind supply chain attack (bleepingcomputer.com)
Capita: IT outsourcer reels from being locked out of its own IT (thetimes.co.uk)
Cloud/SaaS
Western Digital struggles to fix massive My Cloud outage, offers workaround (bleepingcomputer.com)
Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse - SecurityWeek
Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online
Cloud accounting firm in a pickle after researchers find admin login data | TechRadar
Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek
Hybrid/Remote Working
Hybrid work environments are stressing CISOs - Help Net Security
‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)
Attack Surface Management
How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)
The new weakest link in the cyber security chain - Help Net Security
Shadow IT
Identity and Access Management
Identity Management Day: 3 Things MSSPs Need to Know - MSSP Alert
Centralized vs. decentralized identity management explained | TechTarget
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)
Encryption
API
Google launches dependency API and curated package repository with security metadata | CSO Online
Why Shadow APIs are More Dangerous than You Think (thehackernews.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Almost Half of Former Employees Say Their Passwords Still Work (darkreading.com)
Why it's time to move towards a passwordless future - Help Net Security
AI can crack most password in less than a minute | TechRadar
How an AI tool could crack your passwords in seconds | ZDNET
Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype | Ars Technica
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Lagging regulations frustrate protecting data from cyber attacks (themandarin.com.au)
Battle could be brewing over new FCC data breach reporting rules | CSO Online
When Banking Laws Don't Protect Consumers From Cyber Theft (darkreading.com)
Governance, Risk and Compliance
Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent
Skyhigh Security Report: 75% of Organizations Have Suffered a Cyber security Breach - MSSP Alert
Strategising cyber security: Why a risk-based approach is key | World Economic Forum (weforum.org)
Outcome-based cyber security paves way for organizational goals - Help Net Security
Why reporting an incident only makes the cyber security community stronger | CSO Online
6 common challenges facing cyber security teams and how to overcome them | TechCrunch
Top 10 Cyber security Trends for 2023: From Zero Trust to Cyber Insurance (thehackernews.com)
Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert
Threat hunting programs can save organizations from costly security breaches - Help Net Security
Gartner: Human-Centric Design Is Top Cyber Security Trend for 2023 (darkreading.com)
Law Enforcement Action and Take Downs
Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online
Spanish cops arrest teenage 'Robin Hood hacker' • The Register
Australia Is Scouring the Earth for Cyber criminals — the US Should Too (darkreading.com)
Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera
Dutch Police mails RaidForums members to warn they’re being watched (bleepingcomputer.com)
Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Tesla Sued Over Workers' Alleged Access to Car Video Imagery - SecurityWeek
Consumers take data control into their own hands amid rising privacy concerns - Help Net Security
Artificial Intelligence
Samsung employees unwittingly leaked company secret data by using ChatGPT - Security Affairs
Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian
US cyber chiefs warn of threats from China and AI • The Register
When you're talking to a chatbot, who's listening? | CNN Business
Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)
AI can crack most password in less than a minute | TechRadar
‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)
AI clones child’s voice in fake kidnapping scam | The Independent
European privacy watchdog creates ChatGPT task force | Reuters
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian hackers linked to widespread attacks targeting NATO and EU (bleepingcomputer.com)
NTC Vulkan leak shows evolving Russian cyberwar capabilities | CSO Online
The Discord servers at the center of a massive US intelligence leak | CyberScoop
Cisco trashed offices and destroyed spares as it quit Russia • The Register
Another zero-click Apple spyware biz shows up in town again • The Register
Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)
DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)
Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)
Russia's Joker DPR Claims Access to Ukraine Troop Movement Data (darkreading.com)
Spyware Offered to Cyber attackers via PyPI Python Repository (darkreading.com)
Russian hackers ‘target security cameras inside Ukraine coffee shops’ | Ukraine | The Guardian
Nation State Actors
Russia-linked APT29 is behind recent attacks targeting NATO and EU-Security Affairs
North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack (thehackernews.com)
US cyber chiefs warn of threats from China and AI • The Register
Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)
Google is on a crusade against cyber security threats from North Korea | TechRadar
Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)
Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online
FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register
Vulnerability Management
Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert
Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop
Vulnerabilities
Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)
Windows admins warned to patch critical MSMQ QueueJumper bug (bleepingcomputer.com)
Nokoyawa ransomware attacks with Windows zero-day | Securelist
Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)
Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek
Cisco Patches Code and Command Execution Vulnerabilities in Several Products - SecurityWeek
CISA orders agencies to patch Backup Exec bugs used by ransomware gang (bleepingcomputer.com)
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips • The Register
Twitter 'Shadow Ban' Bug Gets Official CVE (darkreading.com)
Exploit available for critical bug in VM2 JavaScript sandbox library (bleepingcomputer.com)
Microsoft finally gets around to fixing half-decade-old Firefox CPU bug | TechRadar
SAP releases security updates for two critical-severity flaws (bleepingcomputer.com)
Adobe Plugs Gaping Security Holes in Reader, Acrobat - SecurityWeek
Limit Login Attempts Plugin Patches Severe Unauthenticated Stored XSS Vulnerability – WP Tavern
Fortinet Patches Critical Vulnerability in Data Analytics Solution - SecurityWeek
How Microsoft’s Shared Key authorization can be abused and how to fix it | CSO Online
Microsoft shares fix for Outlook issue blocking access to emails (bleepingcomputer.com)
Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek
Tools and Controls
Threat hunting programs can save organizations from costly security breaches - Help Net Security
Stopping criminals from abusing security tools - Microsoft On the Issues
Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert
The Pope's Security Gets a Boost With Vatican's MDM Move (darkreading.com)
Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)
Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian
Detailed Analysis Of The Best Password Managers In 2023 (informationsecuritybuzz.com)
How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments (darkreading.com)
Centralized vs. decentralized identity management explained | TechTarget
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)
What is an Intrusion Prevention System (IPS)? (techtarget.com)
Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek
How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)
4 strategies to help reduce the risk of DNS tunnelling | CSO Online
Reports Published in the Last Week
Other News
MSI Confirms Cyber Attack, Issues Firmware Download Guidance - SecurityWeek
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)
Western Digital restores service; attack details remain unclear | TechTarget
Rapid7 Has Good News for UK Security Posture - Infosecurity Magazine (infosecurity-magazine.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 March 2022
Black Arrow Cyber Threat Briefing 04 March 2022
-Cyber Criminals Exploit Invasion of Ukraine
-UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
-Phishing - Still a Problem, Despite All The Work
-Phishing Attacks Hit All-Time High In December 2021
-Ransomware Infections Top List Of The Most Common Results Of Phishing Attacks
-Social Media Phishing Attacks Are at An All Time High
-Insurance Giant AON Hit by a Cyber Attack
-How Prepared Are Organisations To Face Email-Based Ransomware Attacks?
-The Most Impersonated Brands in Phishing Attacks
-As War Escalates In Europe, It’s ‘Shields Up’ For The Cyber Security Industry
-2022 May Be The Year Cyber Crime Returns Its Focus To Consumers
-Kaspersky Neutral Stance In Doubt As It Shields Kremlin
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Criminals Exploit Invasion of Ukraine
Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.
In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.
Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.
Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.
Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.
https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/
UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.
Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.
John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.
Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.
Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”
Phishing - Still a Problem, Despite All The Work
Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.
Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?
https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work
Phishing Attacks Hit All-Time High in December 2021
The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.
In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.
Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.
The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.
“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.
https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/
Ransomware Infections Top List of The Most Common Results of Phishing Attacks
A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.
Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.
Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.
Social Media Phishing Attacks Are at An All Time High
Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.
As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.
Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.
Insurance Giant AON Hit by a Cyber Attack
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.
AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.
AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.
In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.
AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.
The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.
In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.
How Prepared Are Organisations to Face Email-Based Ransomware Attacks?
Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities
This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.
Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.
https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/
The Most Impersonated Brands in Phishing Attacks
Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.
The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.
Key findings:
· Financial services is the most impersonated industry
· Microsoft is the most impersonated cloud brand and the top corporate brand
· Facebook dominates social media phishing
· 35% of all phishing pages impersonated financial services brands
· Mondays and Tuesdays are the top days for phishing
· 78% of phishing attacks occur on weekdays
· Monday and Thursday are the top days for Facebook phishing
· Thursday and Friday are the top days for Microsoft phishing
https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/
As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”
The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.
Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.
2022 May Be The Year Cyber Crime Returns Its Focus to Consumers
Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.
This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.
ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.
Kaspersky Neutral Stance in Doubt As It Shields Kremlin
Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.
The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”
Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.
"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.
https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/
Threats
Ransomware
Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)
Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register
Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet
Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica
Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)
Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine
Phishing & Email
Other Social Engineering
'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet
Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)
Malware
TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)
Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)
Mobile
How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security
TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet
SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)
Data Breaches/Leaks
Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)
NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)
250,000-Plus Lawyer Disciplinary Records Leak • The Register
Swiss Bank Requests Destruction of Documents - Infosecurity Magazine
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar
Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Fraud, Scams & Financial Crime
DoS/DDoS
DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica
DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet
Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Nation State Actors
Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant
Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)
Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com
Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet
Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica
IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs
Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)
Chinese Malware Targeted Multiple Governments • The Register
Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters
Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop
How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review
Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO
Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)
Vulnerabilities
Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet
Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com
Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)
Sector Specific
Financial Services Sector
Health/Medical/Pharma Sector
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz
The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)
Multifactor Authentication Is Being Targeted by Hackers – The New Stack
Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)
Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz
Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security
Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.