Executive summary

Microsoft’s May Patch Tuesday provides updates to address 61 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities. The zero-days include a security feature bypass and an elevation of privilege vulnerability. Among the updates provided by Microsoft were 1 critical vulnerability, allowing an attacker remote code execution.

In addition to the Microsoft updates this week also saw Adobe, Apple, Firefox, Google Chrome, SAP and VMware all provide updates for vulnerabilities in a variety of their products, including multiple zero-days and critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an unauthenticated attacker to gain code execution as well as elevating to system privileges, the highest available. Both of which compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have an available patch should be updated as soon as possible.

Technical Summary

Microsoft

CVE-2024-30040 – A security feature bypass, in which an unauthenticated attacker can gain code execution through convincing a user to open a malicious document. It is now known how this flaw was abused in attacks.

CVE-2024-30051- A flaw in Windows DWM Core Library which upon exploitation, allows an attacker to elevate to system privileges, the highest available.

Apple

Apple have addressed multiple vulnerabilities in its products, including 16 vulnerabilities on iPhone and iPads. This includes include one vulnerability which the company say “may have been exploited”.

Adobe

Adobe have addressed 37 vulnerabilities in its products, including 9 critical vulnerabilities in Adobe Acrobat and Reader, ,  2 critical vulnerabilities in Adobe Commerce, Adobe InDesign, Adobe Experience manager, 1 critical vulnerability in Adobe Media Encoder and Adobe Bridge, 3 critical vulnerabilities in Adobe Illustrator and 2 critical vulnerabilities in Adobe Animate. The company said it was not aware of any exploits in the wild for any of the documented issues.

Firefox

Firefox has upgraded to version 126. The new version addresses 16 unique security issues. None of the vulnerabilities are currently under active exploitation. The release also comes with some quality-of-life changes such as search telemetry changes and copy link without site tracking.

Google Chrome

Google Chrome released an emergency update to fix their 6th zero-day exploited this year, just one week after a previous one. Google are aware that an exploit for the vulnerability exists in the wild. Users are recommended to update as soon as possible.

SAP

This month, SAP has released 17 patches, which include 14 new fixes and 3 updates from previous releases. Two patches and one update have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including CSS Injection, Remote Code Execution, File Upload flaws, and Cross-Site Scripting (XSS).

VMWare

Multiple security flaws, including one critical vulnerability, have been addressed by VMware after their exploitation was demonstrated at a security event. Some of the vulnerabilities do not have a fix yet and as such, users are advised to disable Bluetooth support and 3D acceleration as temporary workarounds until patches are applied.

More info:

Microsoft

Further details on other specific updates within Microsoft’s May patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/

https://www.ghacks.net/2024/05/14/microsoft-releases-the-may-2024-security-updates-for-windows/

Apple

Further details of the vulnerabilities in Apple can be found here:

https://support.apple.com/en-gb/HT201222

Adobe

Further details of the vulnerabilities in Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Further details of the vulnerabilities in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities in Adobe Commerce can be found here:

https://helpx.adobe.com/uk/security/products/magento/apsb24-18.html

Further details of the vulnerabilities in Adobe InDesign can be found here:

https://helpx.adobe.com/uk/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities in Adobe Experience Manager can be found here:

https://helpx.adobe.com/uk/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities in Adobe Media Encoder can be found here:

https://helpx.adobe.com/uk/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities in Adobe Bridge can be found here:

https://helpx.adobe.com/uk/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities in Adobe Illustrator can be found here:

https://helpx.adobe.com/uk/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities in Adobe Animate can be found here:

https://helpx.adobe.com/uk/security/products/animate/apsb24-26.html

Firefox

Further details on the vulnerabilities addressed in the Firefox release can be found here:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

Google Chrome

Further details on the vulnerabilities addressed in the Google Chrome update can be found here:

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

SAP

Further details on the vulnerabilities addressed in SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html

VMware

Further details on the vulnerabilities addressed by VMware can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]

Governance, Risk and Compliance

• Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)

• Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• How threat intelligence data maximizes business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• More than half of organisations fall victim to cyber attacks (betanews.com)

• Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight | Business Wire

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Shareholders win when businesses do better at cyber | Computer Weekly

• Getting Security Remediation on the Boardroom Agenda (darkreading.com)

• New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)

• The cyber security skills shortage: A CISO perspective | CSO Online

• Cyber security essentials during M&A surge - Help Net Security

• Companies told cyber security has to be cross business concern (emergingrisks.co.uk)

• It's Time to Stop Measuring Security in Absolutes (darkreading.com)

• True Cost of a Cyber Security Breach for Your Business - Converge

• 35 cyber security statistics to lose sleep over in 2024 (techtarget.com)

• Changing role of CISO | Professional Security

• 3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)

• Cyber security plans should centre on resilience | MIT Sloan

• Debunking compliance myths in the digital era - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog

• 78% of organisations plan to increase ransomware protection | Security Magazine

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Building Resiliency in the Face of Ransomware  - Security Boulevard

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

• US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)

• Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay

• Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay

• Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay

Ransomware Victims

• Hackers threaten to publish huge cache of NHS Scotland data - BBC News

• Alleged sale of Communication Workers Union’s users data (marcoramilli.com)

• Scullion LAW becomes victim of cyber attack | Scottish Legal News

• Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)

• Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)

• Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru

• Western Isles council tax bills delayed due to cyber attack - BBC News

• Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)

Phishing & Email Based Attacks

• 'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

Artificial Intelligence

• Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Scammers exploit tax season anxiety with AI tools - Help Net Security

• Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)

• AI Regulation at a Crossroads - Security Boulevard

• Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru

• Beware of rogue chatbot hacking incidents (securityintelligence.com)

• The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)

• AI weaponisation becomes a hot topic on underground forums - Help Net Security

• AI bots hallucinate software packages and devs download them • The Register

• Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)

• Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)

2FA/MFA

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)

Malware

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• 39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek

• ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Hunter-killer malware: How to prevent it from undermining security controls | SC Media (scmagazine.com)

• Python devs are being targeted by this massive infostealing malware campaign | TechRadar

• TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)

• Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar

• New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

• DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

• AI bots hallucinate software packages and devs download them • The Register

Mobile

• In-app browsers still a privacy, security, and choice issue • The Register

• Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica

• Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)

Internet of Things – IoT

• Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Data Breaches/Leaks

• AT&T won’t say how its customers’ data spilled online | TechCrunch

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

Organised Crime & Criminal Actors

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

Insider Risk and Insider Threats

• The missing link: How criminals teamed up with bank employees to orchestrate cyber frauds. - The Economic Times (indiatimes.com)

Insurance

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Supply Chain and Third Parties

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (thehackernews.com)

• Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach (darkreading.com)

Cloud/SaaS

• Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

Identity and Access Management

• Tackling DORA Compliance With a Focus on PAM - IT Security Guru

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple With Identity Pain Points | Decipher (duo.com)

Encryption

• Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Apple users targeted by annoying 'Reset Password' attack | Mashable

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

• What is Managing Secrets? - Security Boulevard

Social Media

• If you watched certain YouTube videos, investigators demanded your data from Google | Mashable

Malvertising

• Study claims more than half of Americans use ad blockers • The Register

Training, Education and Awareness

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Regulations, Fines and Legislation

• Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)

• techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK

• AI Regulation at a Crossroads - Security Boulevard

• Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

Models, Frameworks and Standards

• Debunking compliance myths in the digital era - Help Net Security

Backup and Recovery

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

Careers, Working in Cyber and Information Security

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Almost half of IT teams are burnt out as a result of war rooms, as ‘blame game’ culture becomes the norm for most organisations | TechRadar

• The cyber security skills shortage: A CISO perspective | CSO Online

Law Enforcement Action and Take Downs

• UK Law Enforcers Arrest 400 in Major Fraud Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Security Threats In International Relations: Are We Prepared For A Digital Pearl Harbor? – OpEd – Eurasia Review

Nation State Actors

China

• China cyber attacks a reminder Beijing poses 'constant and sophisticated' threat to western cyber security | Science & Tech News | Sky News

• US and UK accuse China of cyber operations targeting domestic politics | CyberScoop

• UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)

• China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)

• New Zealand follows UK in accusing China of hacking its parliament | The Independent

• Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)

• China linked to UK cyber-attacks on voter data, Dowden to say - BBC News

• Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

• SNP MP claims Scottish universities 'overdependent' on Chinese money | The National

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)

• The Chinese government is phasing out Intel and AMD CPUs and Microsoft's Windows OS because they don't fit its new 'safe and reliable' guidelines | PC Gamer

• Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes

• China cyber-attacks explained: who is behind the hacking operation against the US and UK? | Hacking | The Guardian

• What to make of China’s massive cyber-espionage campaign (economist.com)

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• PM says UK approach to China 'more robust' than allies, as senior Chinese diplomat summoned | ITV News

• UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)

• Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)

• Chinese hackers target family members to surveil hard targets | CyberScoop

Russia

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

Iran

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

North Korea

• Asian cuisine used to launder money for North Korea • The Register

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

Vulnerability Management

• Spyware vendors behind 75% of zero-days targeting Google | TechTarget

• Zero Days Surged by Over 50% Annually, Says Google - Infosecurity Magazine (infosecurity-magazine.com)

• On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)

• NVD slowdown leaves thousands of vulns without analysis data • The Register

• Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?  - Security Boulevard

Vulnerabilities

• Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)

• SQL injection vulnerability in Fortinet software under attack | TechTarget

• GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)

• Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (thehackernews.com)

• MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET

• Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)

• Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena

• A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

• Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Double trouble for DNSSEC though the devil is in the details • The Register

• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns - Help Net Security

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

Tools and Controls

• How threat intelligence data maximises business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• 78% of organisations plan to increase ransomware protection | Security Magazine

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• 10 Essential Measures to Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple with Identity Pain Points | Decipher (duo.com)

• Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)

• Cyber security plans should center on resilience | MIT Sloan

• Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Reports Published in the Last Week

• ThreatLabz 2023 Phishing Report | ITPro

Other News

• Why the World Needs a New Cyber Treaty for Critical Infrastructure - Carnegie Europe - Carnegie Endowment for International Peace

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro

• 8 cyber security predictions shaping the future of cyber defence - Help Net Security

• Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)

• Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)

• Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon

• How to Prevent Your Company from Being Hacked in 2024 - DevX

• Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs

• US and Japan plan biggest upgrade to security pact in over 60 years

• US must establish independent military cyber service to fix 'alarming' problems — report | DefenseScoop

• FTSE 100 Retailers showing signs of cyber security apathy, despite growing risks | Retail Bulletin (theretailbulletin.com)

• Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)

• French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Cyber Threat Briefing 26 January 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.

Sources: [Help Net Security] [Security Boulevard]

94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

A recent study found that while 94% of CISOs are concerned with third-party cyber security threats,  including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.

Sources: [Dark Reading]

Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.

Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]

81% of Security Professionals Say Phishing Is Top Threat

A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.

Sources: [ITPro] [Beta News] [Security Magazine]

Ransomware Attacks Cause Significant Psychological Harm

One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.

Sources: [The Record Media] [TechRadar]

Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.

Sources: [ITPro] [Business Wire] [Security Magazine]

NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.

Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]

Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.

One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations;  in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.

Sources: [ITPro] [Help Net Security] [ITPro]

Historic Data Leak Reveals 26 billion Records: Check What is Exposed

In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com

Source: [Security Affairs]

Boardroom Cyber Expertise Comes Under Scrutiny

Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.

Source: [Security Intelligence]

“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.

These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.

Source: [The Currency]

Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.

Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]

Governance, Risk and Compliance

• Treat cyber risk like financial or legal issue, says UK government | Computer Weekly

• New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda - Infosecurity Magazine (infosecurity-magazine.com)

• Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)

• Organisations face devastating financial consequences from cyber attacks (betanews.com)

• Cyber attacks more than doubled in 2023, so why are so many firms still not taking security seriously? | ITPro

• Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)

• Boardroom cyber expertise comes under scrutiny (securityintelligence.com)

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• 10 must-have security tips for digital nomads | Computerworld

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• The cost of cyber crime to reach over $12tn by 2025

• Why cyber attacks mustn’t be kept secret - Help Net Security

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• The best cyber defence needs more than tech - eCampus News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)

• Impact of Ransomware attacks take mental health toll on small business owners, report says (therecord.media)

• UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)

• Britons must 'strengthen defences' against growing threat of AI-assisted ransomware, cyber security chief warns | UK News | Sky News

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Ransomware recovery – the need for speed | TechRadar

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Organisations invest more in data protection but recover less - Help Net Security

• Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)

• Hackers target TeamViewer to try and get access to your company's network | TechRadar

• Ransomware Victims

• Major US, UK Water Companies Hit by Ransomware - SecurityWeek

• Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg

• Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)

• Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)

• loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)

• Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek

• Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)

• Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)

• Cyber attack in Merseyside as 'immediate steps taken' (msn.com)

• Housing association confirms 'cyber security incident' but can't confirm if tenants' data was lost | Shropshire Star

Phishing & Email Based Attacks

• Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks | ITPro

• 81 percent of security pros say phishing is the top threat (betanews.com)

• Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• Organisations need to switch gears in their approach to email security - Help Net Security

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security

• Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

• Is This a Phishing Email? 8 Warning Signs to Look Out For

• PHP-less phishing kits that can run on any website | Netcraft

• New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire

Artificial Intelligence

• AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger

• The near-term impact of AI on the cyber threat - NCSC.GOV.UK

• NCSC: AI to boost nation-states’ malware potency • The Register

• AI’s Efficacy is Limitless in Cyber Crime | MSSP Alert

• Top 4 LLM threats to the enterprise | CSO Online

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Battling Misinformation During Election Season (darkreading.com)

• Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Researchers Map AI Threat Landscape, Risks (darkreading.com)

• Misinformation and irresponsible AI: Experts forecast how technology may shape our near future (techxplore.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• More than 1 in 4 Organisations Banned Use of GenAI Over Privacy and Data Security Risks - New Cisco Study (prnewswire.com)

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

Malware

• NCSC: AI to boost nation-states’ malware potency • The Register

• MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• 'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)

• Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security

• SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Mobile

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)

• New method to safeguard against mobile account takeovers - Help Net Security

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News

Denial of Service/DoS/DDOS

• Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS pressure (therecord.media)

Internet of Things – IoT

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Data Breaches/Leaks

• Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)

• Data of 15 million Trello users scraped and offered for sale - Help Net Security

• Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Healthtech firm's cyber attack victim list keeps growing - Digital Journal

• VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek

• Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)

• loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• The growing threat of data breaches in the age of AI and data privacy | TechRadar

• Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

Organised Crime & Criminal Actors

• Winter is coming and so are the hackers (betanews.com)

• Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’

• Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471

• 'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)

• The cost of cyber crime to reach over $12tn by 2025

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• The sophistication of cyber criminals intensifies with emerging strategies for cashing in or causing chaos - IT Security Guru

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber criminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated (therecord.media)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

Insider Risk and Insider Threats

• Majority of companies not prepared for insider threats (betanews.com)

• Amid Rising Insider Threats, Most Companies are Vulnerable and Lack the Strategies to Protect Themselves, New Research Finds | Business Wire

• Fighting insider threats is tricky but essential work - Help Net Security

Insurance

• Insurance industry responds to evolving risks with innovation and collaboration: Allianz - Reinsurance News

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

Supply Chain and Third Parties

• Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures (darkreading.com)

• From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)

• Bolstering global supply chains: Enhancing resilience, digital logistics, and national security harmony (techuk.org)

• Supply chain security: Responding to emerging cyber threats (techuk.org)

• CISOs' role in identifying tech components and managing supply chains - Help Net Security

• Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)

Cloud/SaaS

• On premises vs. cloud pros and cons, key differences | TechTarget

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Identity and Access Management

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

Encryption

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Passwords, Credential Stuffing & Brute Force Attacks

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• There's no excuse for having a weak password in 2024

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• 88% of organisations use passwords as primary authentication method | Security Magazine

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Social Media

• Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)

• Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

Malvertising

• Intro to Digital Fingerprints: Understanding, Manipulating, and Defending Against Online Tracking | HackerNoon

• Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Regulations, Fines and Legislation

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

• Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update

Models, Frameworks and Standards

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Prioritising CIS Controls for effective cyber security across organisations - Help Net Security

Careers, Working in Cyber and Information Security

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Why we need more continuous hands-on training and fewer cyber security certifications | SC Media (scmagazine.com)

Law Enforcement Action and Take Downs

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

Misinformation, Disinformation and Propaganda

• Battling Misinformation During Election Season (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• NCSC: AI to boost nation-states’ malware potency • The Register

China

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)

• Michael Rogers on China's Cyber Threat - The Wire China

• China’s feared spy agency steps out of the shadows

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

Russia

• Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)

• Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes | ITPro

• Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)

• HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft (engadget.com)

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)

• Massive cyber attack targets Ukrainian online bank (kyivindependent.com)

• Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• Ukrainian energy giant, postal service, transportation agencies hit by cyber attacks (therecord.media)

• Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)

Iran

• Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers (darkreading.com)

• With Iran's cyber attacks on rise since Gaza war, Israel looks to private industry - Al-Monitor: Independent, trusted coverage of the Middle East

North Korea

• North Korea's ScarCruft Attackers Gear Up to Target Cyber Security Pros (darkreading.com)

Vulnerability Management

• 45% of critical CVEs left unpatched in 2023 - Help Net Security

• Patch management: Why firms ignore vulnerabilities at their own risk | ITPro

• What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard

• Security vendors are accused of bending CVE assignment rules • The Register

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The effect of omission bias on vulnerability management - Help Net Security

• 52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)

Vulnerabilities

• Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)

• CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)

• Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)

• Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)

• Chrome 121 ships with security updates and new AI tools - gHacks Tech News

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek

• Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek

• Patch Your Fortra GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin (thehackernews.com)

• Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)

• Security vendors are accused of bending CVE assignment rules • The Register

• Mozilla Releases Security Updates for Thunderbird and Firefox | CISA

• 5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)

• Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)

Tools and Controls

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Ransomware recovery – the need for speed | TechRadar

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Password Manager Statistics 2024 (coolest-gadgets.com)

• How to Shine in Your Next Cyber Security Audit - Security Boulevard

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The 9 best incident response metrics and how to use them | TechTarget

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

• We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

• Emerging trends and strategies in digital forensics - Help Net Security

• Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Reports Published in the Last Week

• Cloudflare Releases 2024 API Security and Management Report (infoq.com)

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Other News

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Threat actors are exploiting web applications - Security Boulevard

• Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru

• Cyber Security Challenges at the World Economic Forum (govtech.com)

• Much-Needed Cyber Security Help for Hospitals May Have Strings Attached | Corporate Counsel (law.com)

• The Threat Landscape Is Always Changing: What to Expect in 2024  | Proofpoint US

• What is Lateral Movement in Cyber Security? - Security Boulevard

• Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine

• US continues to be leading cyber threat target | SC Media (scmagazine.com)

• Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)

• Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)

• Government Security Vulnerabilities Surge By 151%, Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Groups Are Shifting Their Focus Away from Larger Targets

Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.

Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.

Sources: [Techcentral] [Helpnet Security]

Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.

The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.

Sources: [Computer Weekly] [InfoSecurity Magazine]

Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.

Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.

Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]

Attacks on SME’s Surged in The First Half of 2023

According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.

An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices.  Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.

Sources: [Inquirer] [HelpNet Security] [Insurance Times]

The CISO Carousel and Its Effect on Enterprise Cyber Security

The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.

In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.

Source: [Security Week]

Bermuda Struggles to Recover from Ransomware Attack

The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.

The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.

Sources: [Duo] [GovInfo Security] [Bleeping Computer]

Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.

Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.

Source: [Reinsurance News]

Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations

According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.

Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]

Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.

With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.

Sources: [BleepingComputer] [Inforsecurity Magazine]

Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.

AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.

Source: [Management Issues]

Boards Still Lack Cyber Security Expertise

A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]

4 Legal Surprises You May Encounter After a Cyber Security Incident

In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.

Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Governance, Risk and Compliance

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Boards Still Lack Cyber Security Expertise - WSJ

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• It's time to safeguard the financial sector: Navigate employee turnover to defend against escalating cyber attacks (betanews.com)

• Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• Cover-ups still the norm in the wake of a cyber incident | Computer Weekly

• Many firms aren't reporting breaches to the proper authorities | TechRadar

• Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs are struggling to get cyber security budgets: Report | CSO Online

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

• The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Essential guide to cyber security compliance | Intruder

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week

• Financial crime compliance costs exceed $206 billion - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware soars as enterprises struggle to respond - Verdict

• Ransomware groups are once again targeting smaller businesses for more lucrative payouts - TechCentral.ie

• Ransomware groups are shifting their focus away from larger targets - Help Net Security

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert

• ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• Current ransomware defencs efforts are not working - Help Net Security

• VMware users anxious about costs and ransomware threats - Help Net Security

• MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

• Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)

• Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)

• Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times

• Ransomware a threat to the trucking industry - FreightWaves

Ransomware Victims

• Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)

• Russian ransomware LockBit threatens to leak internal data from The Weather Network on dark web - The Globe and Mail

• City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack. (securityaffairs.com)

• Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com

• UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)

• Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars (securityaffairs.com)

• Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)

Phishing & Email Based Attacks

• This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar

• Booking.com Customers Targeted in Major Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Use of QR codes in email phishing | Securelist

• How Does Modern Phishing Work? | HackerNoon

• New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)

• Hackers Trick Outlook Into Showing Fake AV Scan | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

BEC – Business Email Compromise

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Rise in cyber criminals leveraging voice phishing and OTP theft for data breaches: Report | Tech News (hindustantimes.com)

Artificial Intelligence

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• No 10 worried AI could be used to create advanced weapons that escape human control | Artificial intelligence (AI) | The Guardian

• The Biggest AI Trends in Cyber Security - CNET

• Google is working to keep Bard chats out of Search • The Register

• Nuclear Brinkmanship in AI-Enabled Warfare: A Dangerous Algorithmic Game of Chicken - War on the Rocks

• New working group to probe AI risks and applications | CyberScoop

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• How should organisations navigate the risks and opportunities of AI? - Help Net Security

Malware

• Malware attacks on SMEs surged in H1 | Inquirer Business

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• 'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)

• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• A powerful new malware backdoor is targeting governments across the world | TechRadar

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• ZenRAT Malware Uncovered in Bitwarden Impersonation - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)

• Dangerous XenomorphAndroid malware is stealing from 100 banking apps — protect yourself now | Tom's Guide (tomsguide.com)

• Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

Botnets

• Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Denial of Service/DoS/DDOS

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Internet of Things – IoT

• If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

Data Breaches/Leaks

• Billions of usernames and passwords leaked online — how to see if you’re affected | Tom's Guide (tomsguide.com)

• ICO sees breach reports from FS firms triple - CIR Magazine

• UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine

• Reported cyber security breaches increase threefold for financial services firms (cityam.com)

• British charities warn supporters their personal data has been breached • Graham Cluley

• Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)

• National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)

• BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

• Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online

Organised Crime & Criminal Actors

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• NFT Hype Collapse Means 95% of The Digital Assets Are Now 'Worthless' | Tom's Hardware (tomshardware.com)

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Insider Risk and Insider Threats

• 75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

Fraud, Scams & Financial Crime

• Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)

• Beware: fraud and smishing scams targeting students | Bournemouth University

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Fraud prevention forces scammers to up their game - Help Net Security

• Why young people are more prone to online scams than boomers are (news5cleveland.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher warns of chilling effect after feds search phone at airport | TechCrunch

AML/CFT/Sanctions

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Financial crime compliance costs exceed $206 billion - Help Net Security

Insurance

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

Dark Web

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 3 phases of the third-party risk management lifecycle | TechTarget

Cloud/SaaS

• Guide: SaaS Offboarding Checklist - Help Net Security

Containers

• Kubernetes attacks in 2023: What it means for the future - Help Net Security

Encryption

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt

Open Source

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)

• Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)

Biometrics

• The multi-national push to ban facial recognition in public spaces | Biometric Update

Social Media

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Malvertising

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

Training, Education and Awareness

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

Travel

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Are we about to lose the last pillar of our digital security? | Euronews

• New working group to probe AI risks and applications | CyberScoop

• SEC Gives Finality on Cyber Security Disclosures for Public Companies | Sheppard Mullin Richter & Hampton LLP - JDSupra

• Why California's Delete Act matters for the whole country - Help Net Security

• Financial crime compliance costs exceed $206 billion - Help Net Security

Models, Frameworks and Standards

• MITRE ATT&CK project leader on why the framework remains vital for cyber security pros - Help Net Security

• Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)

• Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week

Careers, Working in Cyber and Information Security

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Demand for cyber security staff trebled since 2019 | Business Post

• Cyber security and staffing issues key risks for companies | Accountancy Daily

• Cyber security skills employers are desperate to find in 2023 - Help Net Security

• Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)

Law Enforcement Action and Take Downs

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• Western District of Washington | French cyber criminal pleads guilty to fraud and aggravated identity theft for hacking private information | United States Department of Justice

Misinformation, Disinformation and Propaganda

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)

• Russian hacking operations target Ukrainian law enforcement | CyberScoop

• Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet - Infosecurity Magazine (infosecurity-magazine.com)

• Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)

• Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)

• Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News

• Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (ukrinform.net)

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Examining the Activities of the Turla APT Group (trendmicro.com)

• Scottish Tory MSP has website hacked by 'hostile Russian group' | The National

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

• Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times

China

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• Chinese hackers stole 60,000 emails from US State Department in Microsoft hack, Senate staffer says (databreaches.net)

• Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week

• Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org | Symantec Enterprise Blogs (security.com)

• China’s national security minister lists top digital threats • The Register

Misc Nation State/Cyber Warfare

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Sophisticated APT Clusters Target Southeast Asia - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Another Chrome security issue is exploited in the wild (and affecting all Chromium-based browsers) - gHacks Tech News

• Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)

• Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week

• Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)

• High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)

• GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica

• Firefox 118 Patches High-Severity Vulnerabilities - Security Week

• Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• macOS 14 Sonoma Patches 60 Vulnerabilities - Security Week

Tools and Controls

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

• The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld

• The Biggest AI Trends in Cyber Security - CNET

• How SOAR helps improve MTTD and MTTR metrics | TechTarget

• What Is a Network Security Assessment and Why You Need It | MSSP Alert

• Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)

• The pitfalls of neglecting security ownership at the design stage - Help Net Security

• Guide: SaaS Offboarding Checklist - Help Net Security

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)

• The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies (thehackernews.com)

• Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek

• Cyber security budgets show moderate growth - Help Net Security

• Evaluating Security Outsourcing in the Wake of Recent High-Profile Cyber Attacks: Info-Tech Research Group Publishes New Resource (prnewswire.com)

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

Other News

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET

• Why aviation needs to prioritise cyber security – Airport World (airport-world.com)

• The key threats facing ICS/OT environments (betanews.com)

• Are Fire Departments Prepared for a Cyber Attack? | HackerNoon

• Fintechs must brace for rising cyber security challenges | Mint (livemint.com)

• Space Force chief says commercial satellites may need defending | Ars Technica

• UK Cyber Security Council CEO reflects on a year of progress | CSO Online

• Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)

• Cyber Hygiene: A First Line of  Against Evolving Cyber Attacks (darkreading.com)

• Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)

• KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)

• US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek

• Recommendations for Managing Cyber Security Threats in the Manufacturing Sector | Foley & Lardner LLP - JDSupra

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

A new actively exploited zero-day vulnerability in Google Chrome which can lead to remote code execution has been identified, with patches released. Also this week, Mozilla released updates for high-severity vulnerabilities in both Firefox and Thunderbird.

What’s the risk to me or my business?

The actively exploited vulnerability and high-severity vulnerabilities can allow an attacker to execute malicious code, compromising the confidentiality, integrity and availability of data.

What can I do?

Security updates are available for both browsers. The updates for Chrome are available in version  117.0.5938.132 and should be applied immediately. The updates for Firefox are available in version 118 and should be applied as soon as possible.

Technical Summary

CVE-2023-5217: an actively exploited zero-day heap-based buffer overflow which can lead to execution of arbitrary code.

The security advisory from Google Chrome can be found here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

The security advisory from Firefox can be found here:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive summary

A critical vulnerability in WebP has been identified as being actively exploited. The vulnerability impacts multiple browsers including Chrome, Edge, Firefox and Opera and any software using the libwebp library. Successful exploitation can lead to malicious code execution.

What’s the risk to me or my business?

The actively exploited vulnerability can allow an attacker to execute malicious code on vulnerable software, compromising the confidentiality, integrity and availability of data.

What can I do?

Security updates are available for browsers impacted; these should be applied immediately. It has been noted that other applications which use the libwebp library are also impacted and it is recommended that organisations check if the software they use is vulnerable.

Technical Summary

CVE-2023-4863: The actively exploited vulnerability allows an attacker to perform a heap buffer overflow attack, allowing them to execute malicious code.

Further details on the vulnerability can be found here:

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

The security advisory from Google Chrome can be found here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

The security advisory from Firefox can be found here:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

The security advisory from Microsoft can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-4863

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive summary

Microsoft’s September Patch Tuesday provides updates to address 59 security issues across its product range, including two actively exploited zero-day vulnerabilities. The exploited zero-days have both been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Of the 59 security issues addressed by Microsoft , 5 were rated critical.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to gain SYSTEM privileges or capture and relay hashes of user passwords to gain access to that users account. Both compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating.

Technical Summary

CVE-2023-36802: The actively exploited allows a local attacker to gain SYSTEM privileges.

CVE-2023-36761: This actively exploited vulnerability can allow an attacker to steal user password NTLM hashes of users who open a document, even if just in the preview plane.

Adobe

This month, Adobe released fixes for 5 vulnerabilities, including 1 critical vulnerability, across Adobe Acrobat & Reader (1), Adobe Connect (2) and Adobe Experience Manager (2).  The critical vulnerability, tracked as CVE-2023-26369, impacts both Windows and macOS versions of Adobe Acrobat & Reader and if exploited, can allow an attacker to execute malicious code.

Chrome

A new update for Google Chrome is available for Windows, Linux and macOS. The update addresses 16 security fixes, including one critical and actively exploited vulnerability which could cause for denial of service or allow code execution.

Mozilla

Mozilla released fixes for two critical vulnerabilities, impacting Firefox and Thunderbird. The vulnerabilities could allow an attacker to perform code execution.

SAP

Enterprise software vendor SAP has addressed 13 vulnerabilities in several of its products, including two critical-severity vulnerabilities that impact SAP BusinessObjects Business Intelligence Platform. 66Including remote execution and authentication bypass. A total of 5 vulnerabilities were given the “Hot News” priority, which is the highest priority according to SAP.

further details on other specific updates within this patch Tuesday can be found here:

https://www.ghacks.net/2023/09/12/the-windows-september-2023-security-updates-are-now-available/

Further information on Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

Further information on Adobe Connect can be found here:

https://helpx.adobe.com/security/products/connect/apsb23-33.html

Further information on Adobe Experience Manager can be found here:

https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html

Further information on the patches by SAP can be found here:

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Further information on Google Chrome can be found here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

Further information on Mozilla can be found here:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key

Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.

Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.

Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.

https://www.forbes.com/sites/deloitte/2023/04/20/navigating-the-future-of-cyber-business-strategy-cybersecurity-training-and-digital-transformation-are-key/?sh=1ab15c2c29c1

• Shadow IT, SaaS Pose Security Liability for Enterprises

There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.

A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.

To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.

https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises

• The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.

According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.

https://www.csoonline.com/article/3693754/the-strong-link-between-cyber-threat-intelligence-and-digital-risk-protection.html

• Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.

The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.

https://www.csoonline.com/article/3693260/weak-credentials-unpatched-vulnerabilities-malicious-oss-packages-causing-cloud-security-risks.html

• Over 70 Billion Unprotected Files Available on Unsecured Web Servers

A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.

The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.

Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.

https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/

• Cyber Thieves Are Getting More Creative

Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.

Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.

https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative

• Modernising Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.

Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.

As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.

https://thehackernews.com/2023/04/modernizing-vulnerability-management.html

• Two-thirds of Cyber Attacks Involve Ransomware

A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.

https://www.computerweekly.com/news/365535467/Almost-three-quarters-of-cyber-attacks-involve-ransomware

• Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).

Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.

https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/

• NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.

Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.

https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/

• Email Threat Report 2023: Key Takeaways

According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.

With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.

https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/

• 5 Most Dangerous New Attack Techniques

Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.

The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.

https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html  

• Many Public Salesforce Sites are Leaking Private Data

A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.

It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.

https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

Threats

Ransomware, Extortion and Destructive Attacks

• New coercive tactics used to extort ransomware payments - Help Net Security

• Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached - IT Governance UK Blog

• Russian hackers exfiltrated data from from Capita over a week before outage | by Kevin Beaumont | Apr, 2023 | DoublePulsar

• Almost three-quarters of cyber attacks involve ransomware | Computer Weekly

• #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

• Effects of the Hive Ransomware Group Takedown (darkreading.com)

• Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware | CyberScoop

• Tank storage company Vopak hacked, Ransomware groups report | NL Times

• Health insurer Point32Health suffered a ransomware attack-Security Affairs

• Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser

• US Navy Contractor Fincantieri Marine Group Hit by Cyber-attack - Infosecurity Magazine (infosecurity-magazine.com)

• Arnold Clark braced for cyber payout (thetimes.co.uk)

• RSAC speaker offers ransomware victims unconventional advice | TechTarget

• How ransomware victims can make the best of a bad situation | TechTarget

• Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)

• Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• CommScope employees left in the dark after ransomware attack | TechCrunch

Phishing & Email Based Attacks

• Email Threat Report 2023: Key Takeaways - IT Security Guru

• How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security

• The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)

BEC – Business Email Compromise

• WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)

2FA/MFA

• CrowdStrike details new MFA bypass, credential theft attack | TechTarget

• Phishing-resistant MFA shapes the future of authentication forms - Help Net Security

Malware

• Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)

• EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)

• Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)

• This evil malware disables your security software, then goes in for the kill | TechRadar

• Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)

• A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED

• Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity

• Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)

• Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

Mobile

• WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)

• 35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)

Botnets

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com)

Denial of Service/DoS/DDOS

• New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)

• Top 15 DDoS Protection Best Practices - Security Boulevard

• 'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)

Internet of Things – IoT

• Government Agencies Release Blueprint for Secure Smart Cities - Infosecurity Magazine (infosecurity-magazine.com)

• TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)

Data Breaches/Leaks

• Over 70 billion unprotected files available on unsecured web servers - Help Net Security

• Many Public Salesforce Sites are Leaking Private Data – Krebs on Security

• American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)

• CFPB Employee Sends 256,000 Consumers' Data to Personal Email - Infosecurity Magazine (infosecurity-magazine.com)

• American Bar Association (ABA) suffered a data breach-Security Affairs

• Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)

• Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)

• Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)

• Vantage Travel Experiences Data Security Incident (darkreading.com)

Organised Crime & Criminal Actors

• The IRS is sending four investigators across the world to fight cyber crime | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

Insider Risk and Insider Threats

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

Fraud, Scams & Financial Crime

• The IRS is sending four investigators across the world to fight cyber crime | TechCrunch

• How Startups Can Take Steps To Prevent Syphoning & Fraud

• US deploys more cyber forces abroad to help fight hackers | Reuters

• The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)

• The true numbers behind deepfake fraud - Help Net Security

• Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

AML/CFT/Sanctions

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

Insurance

• The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)

Dark Web

• Metaverse Version of the Dark Web Could be Nearly Impenetrable (darkreading.com)

Supply Chain and Third Parties

• Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached - IT Governance UK Blog

• Russian hackers exfiltrated data from from Capita over a week before outage | by Kevin Beaumont | Apr, 2023 | DoublePulsar

• At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack - -Security Affairs-Security Affairs

• The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED

• That 3CX supply chain attack keeps getting worse • The Register

• NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop

• North Korean hackers breach software firm in significant cyber attack | CNN Politics

• SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)

• A third-party’s perspective on third-party InfoSec risk management - Help Net Security

Software Supply Chain

• Securing Software Supply Chains Requires Outside-the-Box Thinking - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• 14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

• GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)

• Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)

• How CISOs navigate security and compliance in a multi-cloud world - Help Net Security

• Cloud Complexity Means Bugs Are Missed in Testing - Infosecurity Magazine (infosecurity-magazine.com)

• Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free! (thehackernews.com)

• Security experts found a major bug in Google Cloud | TechRadar

• Most SaaS adopters exposed to browser-borne attacks - Help Net Security

• Cloud-native security metrics for CISOs | TechTarget

• Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)

• Google accounts attacked and hijacked by this devious security flaw | TechRadar

Containers

• Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)

• Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs

• Combating Kubernetes — the Newest IAM Challenge (darkreading.com)

Attack Surface Management

• Over 70 billion unprotected files available on unsecured web servers - Help Net Security

• Study of past cyber attacks can improve organisations' defence strategies - Help Net Security

Shadow IT

• Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)

Identity and Access Management

• Rethinking the effectiveness of current authentication initiatives - Help Net Security

• Combating Kubernetes — the Newest IAM Challenge (darkreading.com)

Open Source

• The double-edged sword of open-source software - Help Net Security

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

• Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security

• The War on Passwords Enters a Chaotic New Phase | WIRED

• A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)

Social Media

• Thousands of Social Media Takedowns Hit People Smugglers - Infosecurity Magazine (infosecurity-magazine.com)

• Metaverse Version of the Dark Web Could be Nearly Impenetrable (darkreading.com)

• Vietnamese Hackers Linked to 'Malverposting' Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)

• 35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)

Training, Education and Awareness

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

Digital Transformation

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Cyber security in Finance: Protecting Your Digital Transformation | CSO Online

Parental Controls and Child Safety

• Tech giants and government have failed to stop child sex abuse online, says Sajid Javid (telegraph.co.uk)

Regulations, Fines and Legislation

• (ISC)2 Urges Countries to Strengthen Collaboration on Cyber security Regulation - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business

• The Tangled Web of IR Strategies (darkreading.com)

• The strong link between cyber threat intelligence and digital risk protection | CSO Online

• Cyber Thieves Are Getting More Creative (hbr.org)

• Organisations are stepping up their game against cyber threats - Help Net Security

• CISOs: unsupported, unheard, and invisible - Help Net Security

• The Relationship Between Security Maturity and Business Enablement | CSO Online

• CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)

• UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)

• Good, Better And Best Security (informationsecuritybuzz.com)

• #RSAC: Organisations Warned About the Latest Attack Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)

• Cloud-native security metrics for CISOs | TechTarget

Models, Frameworks and Standards

• Small Business is a Big Priority: NIST Expands Outreach to the Small Business Community | NIST

• Are you ready for PCI DSS 4.0? - Help Net Security

Careers, Working in Cyber and Information Security

• UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)

• How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)

Law Enforcement Action and Take Downs

• To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop

• US to focus on stifling cyber attacks, not convictions • The Register

• US deploys more cyber forces abroad to help fight hackers | Reuters

• Effects of the Hive Ransomware Group Takedown (darkreading.com)

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Hackers can find your home on Strava even if you use privacy settings, researchers find | Cycling Weekly

• Major US CFPB Data Breach Caused by Employee (darkreading.com)

Artificial Intelligence

• The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)

• From pope’s jacket to napalm recipes: how worrying is AI’s rapid growth? | Artificial intelligence (AI) | The Guardian

• Cyber security Survival: Hide From Adversarial AI (darkreading.com)

• AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)

• 5 most dangerous new attack techniques | CSO Online

• NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED

• The New Risks ChatGPT Poses to Cyber security (hbr.org)

• From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)

• ChatGPT fans need 'defensive mindset' to avoid scammers • The Register

• DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)

• The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)

• Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch

• Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)

• The good, the bad and the generative AI • The Register

• Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• BCS Policy Jam : Cyberwar and Ukraine one year on | BCS

• FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop

• NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop

• #RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official - Infosecurity Magazine (infosecurity-magazine.com)

• UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent

• Eurocontrol says website 'under attack' by pro-Russia crew • The Register

• Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online

• Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)

• CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert

Nation State Actors

• APT Groups Expand Reach to New Industries and Geographies - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek

• North Korean hackers breach software firm in significant cyber attack | CNN Politics

• Western cyber security must advance to counter China's cyber space progress, says NCSC director (computing.co.uk)

• China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)

• NCSC raises alert on cyber threat to infrastructure | UKAuthority

• Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online

• DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)

• At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack - -Security Affairs-Security Affairs

• North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)

• APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)

• Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

• Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor (thehackernews.com)

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)

• US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek

• Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)

• Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline-Security Affairs

• Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)

• Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online

• A component in Huawei network appliances could be used to take down Germany’s telecoms networks-Security Affairs

• Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

• CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert

• Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)

Vulnerability Management

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• Modernizing Vulnerability Management: The Move Toward Exposure Management (thehackernews.com)

• GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch

• Microsoft: Windows 10 22H2 is the final version of Windows 10 (bleepingcomputer.com)

Vulnerabilities

• New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)

• Flaw in Microsoft Process Explorer under active attack • The Register

• Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites (thehackernews.com)

• APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)

• Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)

• Security experts found a major bug in Google Cloud | TechRadar

• TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)

• Mozilla confirms memory leak in Firefox - gHacks Tech News

• SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek

• VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)

• Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks (thehackernews.com)

• Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)

• Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)

• PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek

• New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) | Bitsight

Tools and Controls

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security

• The Tangled Web of IR Strategies (darkreading.com)

• 14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)

• Six Key Considerations When Choosing a Web Application Firewall  - Security Boulevard

• The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)

• Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online

• GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch

• Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge

• The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)

• Rethinking the effectiveness of current authentication initiatives - Help Net Security

• Attack Surface Management Strategies (trendmicro.com)

• Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)

• Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)

• Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators | CSO Online

• CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security

• Generative AI and security: Balancing performance and risk - Help Net Security

• #RSAC: GPT-4 Empowers Cyber security Leaders to Make Smarter Risk Decisions - Infosecurity Magazine (infosecurity-magazine.com)

• SSL vs TLS: Which Should You Be Using? (trendmicro.com)

• CISA aims to reduce email threats with serial CDR prototype | TechTarget

• Top 15 DDoS Protection Best Practices - Security Boulevard

• Threat Actor Names Proliferate, Adding Confusion (darkreading.com)

• AI Dominates RSA as Excitement and Questions Surround its Potential in Cyber security Tooling - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

• Email Threats - Discover the latest trends and stay one step ahead - VIPRE

Other News

• Falling Dwell Time May Be Down to Faster Threat Activity - Infosecurity Magazine (infosecurity-magazine.com)

• The threat from commercial cyber proliferation - NCSC.GOV.UK

• Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)

• Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)

• Attackers are logging in instead of breaking in - Help Net Security

• NCSC unveils data driven cyber security model | UKAuthority

• Hacker Group Names Are Now Absurdly Out of Control | WIRED

• 38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek

• Quad Countries Prepare For Info Sharing on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)

• Threat Actor Names Proliferate, Adding Confusion (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

• The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

• Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

• Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

• Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

• Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

• Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

• EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

• Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

• How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

• Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

• 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

• Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

• US, UK slap sanctions on Russians linked to Conti and more • The Register

• Threat Analysis: VMware ESXi Attacks Soared in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• December ransomware attack leads to massive data breach from California health network - The Record from Recorded Future News

• Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs

• New ESXi ransomware strain spreads, foils decryption tools | TechTarget

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure-Security Affairs

• US Warns Critical Sectors Against North Korean Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cisco Talos spots new MortalKombat ransomware attacks | TechTarget

• Ion: after the hack, the clean-up - Risk.net

• Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS

• City of Oakland systems offline after ransomware attack (bleepingcomputer.com)

• MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)

• MTU data appears on dark web after cyber attack – The Irish Times

• Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)

• LockBit spree hits three large companies (techmonitor.ai)

• Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch

• City of Oakland issued state of emergency after ransomware attack-Security Affairs

• Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland

• LockBit and Royal Mail Ransomware Negotiation Leaked - Infosecurity Magazine (infosecurity-magazine.com)

• No relief in sight for ransomware attacks on hospitals | TechTarget

• Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)

• Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)

Phishing & Email Based Attacks

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security GuruCyber

• Venmo Phishing Abusing LinkedIn "slink"

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC Groups Target Firms With Multilingual Impersonation Attacks - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Malware

• Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Npm Package Uses Typosquatting, Downloads Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft OneNote Abuse for Malware Delivery Surges - Security Week

• New TA886 group targets companies with Screenshotter malware-Security Affairs

• Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security Guru

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Pepsi distributor blames info-stealing malware for breach • The Register

• Malware that can do anything and everything is on the rise - Help Net Security

• Lokibot, AgentTesla Grow in January 2023's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)

• Thousands of WordPress sites have been infected by a mystery malware | TechRadar

• Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)

• Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)

• Hackers Targeting US and German Firms Monitor Victims' Desktops with Screenshotter (thehackernews.com)

• Malware authors leverage more attack techniques that enable lateral movement | CSO Online

Mobile

• RedEyes hackers use new malware to steal data from Windows, phones (bleepingcomputer.com)

Botnets

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)

• 87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)

• The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs

Internet of Things – IoT

• Digital burglaries: The threat from your smart home devices | Fox News

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Data Breaches

• MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

• 4 misconceptions about data exfiltration | VentureBeat

• Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI

• Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)

• Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

• After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop

• Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

• Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk

• A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

• Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• 451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)

• DeFi exploits and access control hacks cost crypto investors billions in 2022: Report (cointelegraph.com)

• Using the blockchain to prevent data breaches | VentureBeat

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump - Infosecurity Magazine (infosecurity-magazine.com)

Insider Risk and Insider Threats

• A former Credit Suisse employee leaked employees' historic bonus data (efinancialcareers.com)

Fraud, Scams & Financial Crime

• Russian IT biz owner made $90M from stolen financial info • The Register

• Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)

• MoneyGram Fraud Victims Get $115m in Compensation - Infosecurity Magazine (infosecurity-magazine.com)

• 'Pig butchering' scams on the rise, luring victims with promises of relationships and riches | CyberScoop

• Cyber security Experts Warn Against Valentine's Day Romance Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Romance scam targets security researcher, hilarity ensues • The Register

• 10 signs that scammers have you in their sights | WeLiveSecurity

• Hackers Leverage PayPal to Send Malicious Invoices - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US, UK slap sanctions on Russians linked to Conti and more • The Register

Insurance

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

Dark Web

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

Supply Chain and Third Parties

• How to manage third-party cyber security risks that are too costly to ignore | TechCrunch

• 5 biggest risks of using third-party services providers | CSO Online

Cloud/SaaS

• Reimagining zero trust for modern SaaS - Help Net Security

• Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat

• Application and cloud security is a shared responsibility - Help Net Security

Attack Surface Management

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLine

Open Source

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)

• Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag

• Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

Social Media

• Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic

• Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies • Graham Cluley

• Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)

• Venmo Phishing Abusing LinkedIn "slink"

Malvertising

• AdSense fraud campaign relies on 10,890 sites that were infected since September 2022-Security Affairs

Training, Education and Awareness

• High-risk users may be few, but the threat they pose is huge - Help Net Security

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Regulations, Fines and Legislation

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• The Online Safety Bill: An attack on encryption (element.io)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

Governance, Risk and Compliance

• Security buyers lack insight into threats, attackers, report finds | Computer Weekly

• Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

• Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think - MSSP Alert

• Actionable intelligence is the key to better security outcomes - Help Net Security

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLineT

• Majority of Firms Make Cyber security Decisions Without Attacker Insight - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations - MSSP Alert

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online

• Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

• Storage security for compliance and cyberwar in 2023 • The Register

Backup and Recovery

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

Careers, Working in Cyber and Information Security

• Get hired in cyber security: Expert tips for job seekers - Help Net Security

• 3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)

• Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)

Law Enforcement Action and Take Downs

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The FBI’s most controversial surveillance tool is under threat | Ars Technica

Artificial Intelligence

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters

Misinformation, Disinformation and Propaganda

• Revealed: the hacking and disinformation team meddling in elections | Technology | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week

• SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi

• US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian

• Six companies join US entity list after Chinese spy balloon • The Register

• How Alan Turing still casts his genius in the age of cyberwar | Metro News

• US warns its citizens in Russia to get out immediately over security fears | Euronews

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• ‘Significant’ debris from China spy balloon retrieved, says US military | US national security | The Guardian

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)

• A.I. in the military could be a game changer in warfare | Fortune

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• The Lessons From Cyberwar, Cyber-in-War and Ukraine  - security Week

• Storage security for compliance and cyberwar in 2023 • The Register

Nation State Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week

• MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• North Korean Hackers Are Attacking US Hospitals | WIRED

• Six companies join US entity list after Chinese spy balloon • The Register

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Group-IB Blocks Attack By Chinese Tonto Team Hackers - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese ship accused of using ‘military-grade laser’ against Philippine vessel | Philippines | The Guardian

• Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)

• A new operating system has been released in Russia! (gizchina.com)

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries (thehackernews.com)

• SideWinder APT Attacks Regional Targets in New Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

Vulnerabilities

• Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)

• Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week

• Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week

• Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch

• Intel issues patches for SGX vulnerabilities • The Register

• Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week

• Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (thehackernews.com)

• Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)

• Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)

• Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week

• Dozens of Vulnerabilities Patched in Intel Products - Security Week

• High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)

• Critical Vulnerability Patched in Cisco Security Products - Security Week

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Tools and Controls

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

• SOAR vs. SIEM: What's the difference? | TechTarget

• PAM is failing - IT Security Guru

• Combining identity and security strategies to mitigate risks - Help Net Security

• Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online

• Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)

• Attack surface management (ASM) is not limited to the surface - Help Net Security

• How to filter Security log events for signs of trouble | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.

"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."

Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.

"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."

https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/

• Cost of Data Breaches to Global Businesses at Five-Year High

Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:

• Since 2018 the median IT budgets for cyber security more than tripled.

• Between 2020 and 2022 cyber-attacks increased by over a quarter.

• Businesses are increasing their cyber security budgets year-on-year.

In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).

Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.

Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.

https://www.itsecurityguru.org/2023/01/18/cost-of-data-breaches-to-global-businesses-at-five-year-high/

• European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.

Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).

The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.

https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_news

• PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."

PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.

According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

• Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.

Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.

A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”

Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.

Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.

https://www.telegraph.co.uk/business/2023/01/13/royal-mail-boss-face-mps-questions-russian-ransomware-attack/

• Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.

In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.

As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.

Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.

It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.

As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.

Remember always that cyber security should be a non-negotiable feature of all business transactions.

https://informationsecuritybuzz.com/third-party-risk-management-why-2023-could-be-the-perfect-time-to-overhaul-your-tprm-program/

• EU Cyber Resilience Regulation Could Translate into Millions in Fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.

According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.

“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.

The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.

Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.

https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/

• Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.

Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”

They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.

Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.

More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.

https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

• New Report Reveals CISOs Rising Influence

Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence

• ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.

One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.

Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.

ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.

https://www.calcalistech.com/ctechnews/article/sj0lfp11oi

• Mailchimp Discloses a New Security Breach, the Second One in 6 Months

The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.

Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”

The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.

https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html

Threats

Ransomware, Extortion and Destructive Attacks

• Yum Brands says nearly 300 restaurants in UK impacted due to cyber attack | Reuters

• Royal Mail boss to face MPs’ questions over Russian ransomware attack (telegraph.co.uk)

• What is LockBit ransomware and how does it operate? | Royal Mail | The Guardian

• How cyber-attack on Royal Mail has left firms in limbo - BBC News

• Royal Mail restarts limited overseas post after cyber-attack - BBC News

• How Royal Mail’s hacker became the world’s most prolific ransomware group | Financial Times (ft.com)

• Ransomware Trends In Q4 2022: Key Findings And Recommendations (informationsecuritybuzz.com)

• Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw (bleepingcomputer.com)

• Microsoft retracts its report on Mac ransomware (techrepublic.com)

• Royal Mail operations hub in Mallusk hit by ‘cyber attack’ as printer spurts out ransom demands - BelfastTelegraph.co.uk

• Ransomware Dips During 2022: Are Cyber attacks Slowing or Just a Blip? - MSSP Alert

• Up to 1,000 ships affected by DNV ransomware attack - Splash247

• Avast releases free BianLian ransomware decryptor (bleepingcomputer.com)

• Vice Society ransomware leaks University of Duisburg-Essen’s data (bleepingcomputer.com)

• Ransomware attack cuts 1,000 ships off from on-shore servers • The Register

• Royal Mail promises ‘workarounds’ to restore services after ransomware attack | Computer Weekly

• Cyber-crime gangs' earnings slide as victims refuse to pay - BBC News

• Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (bleepingcomputer.com)

Phishing & Email Based Attacks

• How AI chatbot ChatGPT changes the phishing game | CSO Online

• The big risk in the most-popular, and aging, big tech email programs (cnbc.com)

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• Is it your bank or a scam? How to deal with phishing attacks | Economy and Business | EL PAÍS English Edition

• Fake DHL emails allow hackers to breach Microsoft 365 accounts (msn.com)

Other Social Engineering; Smishing, Vishing, etc

• Techniques that attackers use to trick victims into visiting malicious content - Help Net Security

• Mailchimp slips up again, suffers security breach after falling on social engineering banana skin • Graham Cluley

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

2FA/MFA

• CircleCI's hack caused by malware stealing engineer's 2FA-backed session (bleepingcomputer.com)

• The Importance of Multi-Factor Authentication (MFA) - MSSP Alert

Malware

• Qbot Overtakes Emotet in December 2022's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (thehackernews.com)

• New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild (thehackernews.com)

• CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop - Infosecurity Magazine (infosecurity-magazine.com)

• Experts spotted a backdoor that borrows code from CIA's Hive malware - Security Affairs

• ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• Malicious ‘Lolip0p’ PyPi packages install info-stealing malware (bleepingcomputer.com)

• Hackers exploit Cacti critical bug to install malware, open reverse shells (bleepingcomputer.com)

• Hackers can use GitHub Codespaces to host and deliver malware (bleepingcomputer.com)

• Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks (trendmicro.com)

• Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)

• How to spot a cyberbot – five tips to keep your device safe (theconversation.com)

Mobile

• New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)

• Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers (bleepingcomputer.com)

Botnets

• How to spot a cyberbot – five tips to keep your device safe (theconversation.com)

Denial of Service/DoS/DDOS

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

Internet of Things – IoT

• Smart appliances could stop working after two years, says Which? - BBC News

Data Breaches/Leaks

• 6,000+ Customer Accounts Breached, NortonLifeLock Alert Users (informationsecuritybuzz.com)

• 1.7 TB of data from digital intelligence firm Cellebrite leaked online - Security Affairs

• CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop - Infosecurity Magazine (infosecurity-magazine.com)

• LastPass faces mounting criticism over recent breach | TechTarget

• Mailchimp Suffers Another Security Breach Compromising Some Customers' Information (thehackernews.com)

• Mailchimp discloses a new incident, the second one in 6 months - Security Affairs

• Timeline of the latest LastPass data breaches | CSO Online

• PayPal Breach Exposed PII of Nearly 35K Accounts (darkreading.com)

• T-Mobile US says hacker accessed personal data of 37 million customers • TechCrunch

• Twitter says leaked emails not hacked from its systems - BBC News

• Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET

• Twitter sued over data leak that it denied was caused by a flaw | Business

• Nissan North America data breach caused by vendor-exposed database (bleepingcomputer.com)

• 18k Nissan Customers Affected by Data Breach at Third-Party Software Developer | SecurityWeek.Com

• Third-party administrator hack leads to theft of patient data for over 251K | SC Media (scmagazine.com)

Organised Crime & Criminal Actors

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto exchanges freeze accounts tied to North Korea • The Register

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

• FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)

• Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)

• Bitcoin is a ‘hyped-up fraud’, says JP Morgan chief (telegraph.co.uk)

• International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com

Fraud, Scams & Financial Crime

• A $175 Million Dollar Blunder: How A 30-Year-Old Entrepreneur Allegedly Defrauded JP Morgan With 4 Million Fake Email Accounts | Celebrity Net Worth

• Opinion: These online scams to steal your money will shock you -- even if you think you've seen them all - MarketWatch

• Young people warned not to be exploited as ‘money mules’ for UK criminal gangs | Crime | The Guardian

• Hacker stole credit cards from Canada alcohol retailer LCBO - Security Affairs

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

• New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)

• FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)

• The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)

• The threat of location spoofing and fraud - Help Net Security

• HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert

• International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com

Insurance

• Millions of Insurance Customers Compromised Via Supplier - Infosecurity Magazine (infosecurity-magazine.com)

Dark Web

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)

• Illegal Solaris darknet market hijacked by competitor Kraken (bleepingcomputer.com)

Supply Chain and Third Parties

• CircleCI, LastPass, Okta, and Slack: Cyber attackers Pivot to Target Core Enterprise Tools (darkreading.com)

• Third-Party Risk Management: Why 2023 Could Be The Perfect Time To Overhaul Your TPRM Program (informationsecuritybuzz.com)

Cloud/SaaS

• The Dangers of Default Cloud Configurations (darkreading.com)

• Report: Cloud-based networks under growing attack • The Register

• Data Security in Multicloud: Limit Access, Increase Visibility (darkreading.com)

Hybrid/Remote Working

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

Encryption

• Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security

• teiss - Cyber Threats - Managing the treat from quantum computers

• Threats Of Quantum: The Solution Lies In Quantum Cryptography (informationsecuritybuzz.com)

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• TLS Connection Cryptographic Protocol Vulnerabilities (trendmicro.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Compromise of employee device, credentials led to CircleCI breach | SC Media (scmagazine.com)

• PayPal accounts breached in large-scale credential stuffing attack (bleepingcomputer.com)

• Timeline of the latest LastPass data breaches | CSO Online

• NortonLifeLock: threat actors breached Norton Password Manager accounts - Security Affairs

Social Media

• Twitter says leaked emails not hacked from its systems - BBC News

• Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET

• French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs

Malvertising

• Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)

• Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)

• HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert

Training, Education and Awareness

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

Regulations, Fines and Legislation

• GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online

• State of data privacy laws in 2023 | TechTarget

• How data protection is evolving in a digital world - Help Net Security

• EU cyber resilience regulation could translate into millions in fines - Help Net Security

• UN Hearing On Proposed Cyber Crime Treaty: Legal Measures To Tackle Cyber Crimes (informationsecuritybuzz.com)

• Online safety bill: Attempt to jail tech bosses ‘could backfire’ | News | The Times

• Culture secretary examines plans to punish tech bosses over online harms | Financial Times (ft.com)

• French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• How Would the FTC Rule on Noncompetes Affect Data Security? (darkreading.com)

• The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)

• What are International Traffic in Arms Regulations and Export Administration Regulations? (techtarget.com)

Governance, Risk and Compliance

• Technology is a fragile machine that seems to power everything | Android Central

• Third-Party Risk Management: Why 2023 Could Be The Perfect Time To Overhaul Your TPRM Program (informationsecuritybuzz.com)

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)

• Cost of data breaches to global businesses at five-year high- IT Security Guru

• Experts at Davos 2023 sound the alarm on cyber security | World Economic Forum (weforum.org)

• Why Mean Time to Repair Is Not Always A Useful Security Metric (darkreading.com)

• Why are there so many cyber attacks lately? An explainer on the rising trend | Globalnews.ca

• How To Build A Network Of Security Champions In Your Organisation (forbes.com)

• EU cyber resilience regulation could translate into millions in fines - Help Net Security

• What is Business Attack Surface Management? (trendmicro.com)

• How to build a cyber-resilience culture in the enterprise | TechTarget

• Why Businesses Need to Think Like Hackers This Year (darkreading.com)

• How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)

• #WEF23: Geopolitical Instability Means a Cyber “Catastrophe” is Imminent - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber-attack contributes to major Harrogate district firm posting £4.1m loss - The Stray Ferret

Data Protection

• GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online

• How data protection is evolving in a digital world - Help Net Security

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• European Businesses Admit Major Privacy Skills Gap - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)

• IT Burnout may be Putting Your Organisation at Risk (bleepingcomputer.com)

• Sophos Joins List of Cyber security Companies Cutting Staff | SecurityWeek.Com

Law Enforcement Action and Take Downs

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

Privacy, Surveillance and Mass Monitoring

• AI and privacy: Experts worry users may have already ‘traded a lot’ for services - National | Globalnews.ca

• State of data privacy laws in 2023 | TechTarget

• How data privacy and automation offer both challenges and opportunities in a fintech future | Kyndryl: The Heart of Progress | The Guardian

• UK supermarket uses facial recognition tech to track shoppers - Coda Story

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• European Businesses Admit Major Privacy Skills Gap - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• How AI chatbot ChatGPT changes the phishing game | CSO Online

• ChatGPT Opens New Opportunities for Cyber criminals: 5 Ways for Organisations to Get Ready (darkreading.com)

• ChatGPT and its perilous use as a "Force Multiplier" for cyber attacks | Ctech (calcalistech.com)

• AI and privacy: Experts worry users may have already ‘traded a lot’ for services - National | Globalnews.ca

• Potential threats and sinister implications of ChatGPT - Help Net Security

• Criminals seek OpenAI guardrail bypass, use ChatGPT for evil • The Register

• ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Is ChatGPT a cyber security threat? | TechCrunch

Misinformation, Disinformation and Propaganda

• Over Four Billion People Affected By Internet Censorship in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times

• From phishing scams to propaganda: How Russia, rogue nations utilize cyber capabilities against the US | Fox News

• Industrial espionage: How China sneaks out America's technology secrets - BBC News

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters

• Cyber  attacks have tripled in past year, says Ukraine’s cyber security agency | Ukraine | The Guardian

• Pro-Russian Hacktivist Group Targets Czech Presidential Election - Infosecurity Magazine (infosecurity-magazine.com)

• Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware (thehackernews.com)

• Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)

• Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)

• Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)

• Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

• Myanmar Acquired Spyware From Israeli Cyber-intelligence Firm Cognyte, New Docs Reveal - National Security & Cyber - Haaretz.com

Nation State Actors

Nation State Actors – Russia

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times

• From phishing scams to propaganda: How Russia, rogue nations utilize cyber capabilities against the US | Fox News

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters

• Cyber attacks have tripled in past year, says Ukraine’s cyber security agency | Ukraine | The Guardian

• Pro-Russian Hacktivist Group Targets Czech Presidential Election - Infosecurity Magazine (infosecurity-magazine.com)

• Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)

• Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

• Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)

• Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)

• Russians say they can download software from Intel again • The Register

• Nation State Actors – China

• Industrial espionage: How China sneaks out America's technology secrets - BBC News

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• China wants 30 percent CAGR for its infosec industry • The Register

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

Nation State Actors – North Korea

• Crypto exchanges freeze accounts tied to North Korea • The Register

Nation State Actors – Iran

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

Nation State Actors – Misc

• Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• The Top 10 Vulnerabilities of 2022: Mastering Vulnerability Management - Security Boulevard

• Why you don’t have to fix every vulnerability | CSO Online

• 3 Lessons Learned in Vulnerability Management (darkreading.com)

Vulnerabilities

• Cisco won’t fix critical flaw in small business routers • The Register

• Unpatched Zoho ManageEngine Products Under Active Cyber attack (darkreading.com)

• Oracle's First Security Update for 2023 Includes 327 New Patches | SecurityWeek.Com

• Why it's time to review your on-premises Microsoft Exchange patch status | CSO Online

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability (thehackernews.com)

• PoC exploits released for critical bugs in popular WordPress plugins (bleepingcomputer.com)

• Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security

• Microsoft: Exchange Server 2013 reaches end of support in 90 days (bleepingcomputer.com)

• AMD Revealed 31 Vulnerabilities Within Its Processor Lines, Ryzen & EPYC CPUs Included (wccftech.com)

• Hackers are using this old trick to dodge security protections | ZDNET

• Attackers deploy sophisticated Linux implant on Fortinet network security devices | CSO Online

• Researchers to release PoC exploit for critical Zoho RCE bug, patch now (bleepingcomputer.com)

• MSI accidentally breaks Secure Boot for hundreds of motherboards (bleepingcomputer.com)

• Git security vulnerabilities announced | The GitHub Blog

• Microsoft fixes SSRF vulnerabilities found in Azure services | TechTarget

• Over 4,000 Sophos Firewall devices vulnerable to RCE attacks (bleepingcomputer.com)

• Mozilla Releases Security Updates for Firefox | CISA

• Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers (thehackernews.com)

• Exploited Control Web Panel Flaw Added to CISA 'Must-Patch' List | SecurityWeek.Com

• Two critical flaws discovered in Git system - Security Affairs

• Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability | SecurityWeek.Com

• Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM | SecurityWeek.Com

• CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog

• Critical Microsoft Azure RCE flaw impacted multiple services - Security Affairs

• New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks (thehackernews.com)

• Cross-site forgery bug would facilitate remote code execution in Microsoft Azure services | SC Media (scmagazine.com)

Tools and Controls

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

• Zero trust network access for Desktop as a Service - Help Net Security

• How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Lloyd's to Exclude Certain Nation-State Attacks from Cyber Insurance Policies

Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.

In a memo sent to the company's 76-plus insurance syndicates, underwriting director Tony Chaudhry said Lloyd's remains "strongly supportive" of cyber attack coverage. However, as these threats continue to grow, they may "expose the market to systemic risks that syndicates could struggle to manage," he added, noting that nation-state-sponsored attacks are particularly costly to cover.

Because of this, all standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyber attack," Chaudhry wrote. These changes will take effect beginning March 31, 2023 at the inception or renewal of each policy.

At a minimum (key word: minimum) these policies must exclude losses arising from a war, whether declared or not, if the policy doesn't already have a separate war exclusion. They must also at least exclude losses from nation-state cyber attacks that "significantly impair the ability of a state to function or that significantly impair the security capabilities of a state."

Policies must also "set out a robust basis" on which to attribute state-sponsored cyber attacks, according to Chaudhry – and therein lies the rub.

Attributing a cyber attack to a particular crime group or nation-state with 100 percent confidence "is absolutely hard," NSA director of cybersecurity Rob Joyce said at this year's RSA Conference.

Threat analysts typically attribute an attack to a nation-state from its level of sophistication, but as advanced persistent crime groups become more sophisticated – and have more resources at their disposal to buy zero-day exploits and employ specialists for each stage of an attack – differentiating between nation-states and cyber crime gangs becomes increasingly difficult, he explained.

There are times when nation-states will act like criminals, using their tools and infrastructure, and sometimes vice versa. The clear line of sophistication and stealth that many have used as a common sense delineation has blurred. Yet, If you are going to pay out money you are likely going to look for something that is more ironclad and likely related to forensic evidence.

https://www.theregister.com/2022/08/24/lloyds_cybersecurity_insurance/

• Cyber Security Top Risk for Enterprise C-Suite Leaders, PwC Study Says

Cyber security is now firmly on the agenda of the entire C-suite, consultancy PricewaterhouseCoopers (PwC) reports in a new survey of more than 700 business leaders across a variety of industries.

Of key enterprise issues, cyber security ranks at the top of business risks, with nearly 80% of the respondents considering it a moderate to serious risk. The warning isn’t confined to just chief information security officers, but ranges from chief executives to chief financial officers, chief operating officers, chief technology officers, chief marketing officers and includes corporate board members. Virtually all roles ranked cyber attacks high on their list of risks, PwC said.

Overall, 40% of business leaders ranked cyber security as the top serious risk facing their companies, and 38% ranked it a moderate risk.

Here are six steps businesses can take to address cyber security concerns:

1. View cyber security as a broad business concern and not just an IT issue.

2. Build cyber security and data privacy into agendas across the C-suite and board.

3. Increase investment to improve security.

4. Educate employees on effective cyber security practices.

5. For each new business initiative or transformation, make sure there’s a cyber plan in place.

6. Use data and intelligence to regularly measure cyber risks. Proactively look for blind spots in third-party relationships and supply chains.

https://www.msspalert.com/cybersecurity-research/cybersecurity-top-risk-for-enterprise-c-suite-leaders-pwc-study-says/

• Apathy Is Your Company's Biggest Cyber Security Vulnerability — Here's How to Combat It

Human error continues to be the leading cause of a cyber security breach. Nearly 60% of organisations experienced a data loss due to an employee's mistake on email in the last year, while one in four employees fell for a phishing attack.

Employee apathy, while it may not seem like a major cyber security issue, can leave an organisation vulnerable to both malicious attacks and accidental data loss. Equipping employees with the tools and knowledge they need to prevent these risks has never been more important to keep organisations safe.

A new report from Tessian sheds light on the full extent of employee apathy and its impact on cyber security posture. The report found that a significant number of employees aren't engaged in their organisation's cyber security efforts and don't understand the role they play. One in three employees say they don't understand the importance of cyber security at work. What's more, only 39% say they're very likely to report a cyber security incident. Why? A quarter of employees say they don't care enough about cyber security to mention it.

This is a serious problem. IT and security teams can't investigate or remediate a threat they don't know about.

Employees play an important role in flagging incidents or suspicious activity early on to prevent them from escalating to a costly breach. Building a strong cyber security culture can mitigate apathy by engaging employees as part of the solution and providing the tools and training they need to work productively and securely.

https://www.darkreading.com/attacks-breaches/apathy-is-your-company-s-biggest-cybersecurity-vulnerability-here-s-how-to-combat-it

• The World’s Largest Sovereign Wealth Fund Warns Cyber Security Is Top Concern, as Attacks on Banks and Financial Service Double

Cyber security has eclipsed tumultuous financial markets as the biggest concern for the world’s largest sovereign wealth fund, as it faces an average of three “serious” cyber attacks each day.

The number of significant hacking attempts against Norway’s $1.2tn oil fund, Norges Bank Investment Management, has doubled in the past two to three years.

The fund, which reported its biggest half-year dollar loss last week after inflation and recession fears shook markets, suffers about 100,000 cyber attacks a year, of which it classifies more than 1,000 as serious, according to its top executives.

“I’m worried about cyber more than I am about markets,” their CEO told the Financial Times. “We’re seeing many more attempts, more attacks [that are] increasingly sophisticated.”

The fund’s top executives are even concerned that concerted cyber attacks are becoming a systemic financial risk as markets become increasingly digitised.

Their deputy CEO pointed to the 2020 attack on SolarWinds, a software provider, by Russian state-backed hackers that allowed them to breach several US government agencies, including the Treasury and Pentagon, and a number of Fortune 500 companies including Microsoft, Intel and Deloitte.

“They estimate there were 1,000 Russians [involved] in that one attack, working in a co-ordinated fashion. I mean, Jesus, that’s our whole building on one attack, so you’re up against some formidable forces there,” he said.

Cyber attacks targeting the financial industry have risen sharply in recent months. Malware attacks globally rose 11 per cent in the first half of 2022, but they doubled at banks and financial institutions, according to cyber security specialist SonicWall. Ransomware attacks dropped 23 per cent worldwide, but increased 243 per cent against financial targets in the same period.

https://www.ft.com/content/1aa6f92a-078b-4e1a-81ca-65298b8310b2

Configuration Errors to Blame for 80% of Ransomware

The vast majority (80%) of ransomware attacks can be traced back to common configuration errors in software and devices, according to Microsoft.

The tech giant’s latest Cyber Signals report focuses on the ransomware as a service (RaaS) model, which it claims has democratised the ability to launch attacks to groups “without sophistication or advanced skills.” Some RaaS programs now have over 50 affiliate groups on their books.

For defenders, a key challenge is ensuring they don’t leave systems misconfigured, it added.

“Ransomware attacks involve decisions based on configurations of networks and differ for each victim even if the ransomware payload is the same,” the report argued. “Ransomware culminates an attack that can include data exfiltration and other impacts. Because of the interconnected nature of the cyber-criminal economy, seemingly unrelated intrusions can build upon each other.”

Although each attack is different, Microsoft pointed to missing or misconfigured security products and legacy configurations in enterprise apps as two key areas of risk exposure.

“Like smoke alarms, security products must be installed in the correct spaces and tested frequently. Verify that security tools are operating in their most secure configuration, and that no part of a network is unprotected,” it urged. “Consider deleting duplicative or unused apps to eliminate risky, unused services. Be mindful of where you permit remote helpdesk apps like TeamViewer. These are notoriously targeted by threat actors to gain express access to laptops.”

Although not named in the report, another system regularly misconfigured and hijacked by ransomware actors is the remote desktop protocol (RDP), which often is not protected by a strong password or two-factor authentication. It’s widely believed to be one of the top three vectors for attack.

The bad news for network defenders is they don’t have much time after initial compromise to contain an attack. Microsoft claimed the median time for an attacker to begin moving laterally inside the network after device compromise is one hour, 42 minutes. The median time for an attacker to access private data following a phishing email is one hour, 12 minutes, the firm added.

https://www.infosecurity-magazine.com/news/configuration-errors-blame-80/

• Ransomware Surges to 1.2 Million Attacks Per Month

Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage.

The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital's business software, storage systems including medical imaging, and patient admissions. This has led to all but the most urgent emergency patients being diverted to other facilities in the region.

France24 cited figures claiming cyber-attacks against French hospitals surged 70% year-on-year in 2021. "Each day we need to rewrite patients' medications, all the prescriptions, the discharge prescriptions," Valerie Caudwell, president of the medical commission at CHSF hospital, reportedly said. "For the nurses, instead of putting in all the patients' data on the computer, they now need to file it manually from scratch."

Reports suggest Lockbit 3.0 may be to blame for the $10m ransom demand, which the hospital is refusing to pay.

Barracuda Networks claimed in a new report out today that education, municipalities, healthcare, infrastructure and finance have remained the top five targets for ransomware over the past 12 months. However, while attacks on local government increased only slightly, those targeting educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Overall, Barracuda claimed that ransomware detections between January and June of this year climbed to more than 1.2 million per month.

https://www.infosecurity-magazine.com/news/ransomware-surges-to-12-million/

• A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations

A phishing campaign targeted Okta users at multiple companies, successfully swiping passwords from staffers and then using them to steal company secrets.

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organisations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others.

The news comes from research conducted by cyber security firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.

“This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organisations,” researchers wrote in their blog. “Furthermore, once the attackers compromised an organisation they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”

https://gizmodo.com/oktapus-okta-hack-twilio-10000-logins-130-companies-1849457420

• This Company Paid a Ransom Demand. Hackers Leaked Its Data Anyway

A victim of a ransomware attack paid to restore access to their network – but the cyber criminals didn't hold up their end of the deal.

The real-life incident, as detailed by cyber security researchers at Barracuda Networks, took place in August 2021, when hackers from BlackMatter ransomware group used a phishing email to compromise the account of a single victim at an undisclosed company.

From that initial entry point, the attackers were able to expand their access to the network by moving laterally around the infrastructure, ultimately leading to the point where they were able to install hacking tools and steal sensitive data. Stealing sensitive data has become a common part of ransomware attacks. Criminals leverage it as part of their extortion attempts, threatening to release it if a ransom isn't received. 

The attackers appear to have had access to the network for at least a few weeks, seemingly going undetected before systems were encrypted and a ransom was demanded, to be paid in Bitcoin.

Cyber security agencies warn that despite networks being encrypted, victims shouldn't pay ransom demands for a decryption key because this only shows hackers that such attacks are effective.

https://www.zdnet.com/article/this-company-paid-a-ransom-demand-hackers-leaked-its-data-anyway/

• Sophisticated BEC Scammers Bypass Microsoft 365 Multi-Factor Authentication

A Business Email Compromise (BEC) attack recently analysed by cloud incident response company Mitiga used an adversary-in-the-middle (AitM) phishing attack to bypass Microsoft Office 365 MFA and gain access to a business executive's account, and then managed to add a second authenticator device to the account for persistent access. According to the researchers, the campaign they analysed is widespread and targets large transactions of up to several million dollars each.

The attack started with a well-crafted phishing email masquerading as a notification from DocuSign, a widely used cloud-based electronic document signing service. The email was crafted to the targeted business executive, suggesting that attackers have done reconnaissance work. The link in the phishing email led to an attacker-controlled website which then redirects to a Microsoft 365 single sign-on login page.

This fake login page uses an AitM technique, where the attackers run a reverse proxy to authentication requests back and forth between the victim and the real Microsoft 365 website. The victim has the same experience as they would have on the real Microsoft login page, complete with the legitimate MFA request that they must complete using their authenticator app. Once the authentication process is completed successfully, the Microsoft service creates a session token which gets flagged in its systems that it fulfilled MFA. The difference is that since the attackers acted as a proxy, they now have this session token too and can use it to access the account.

This reverse proxy technique is not new and has been used to bypass MFA for several years. In fact, easy-to-use open-source attack frameworks have been created for this purpose.

https://www.csoonline.com/article/3670575/sophisticated-bec-scammers-bypass-microsoft-365-multi-factor-authentication.html

• 77% Of Security Leaders Fear We’re in Perpetual Cyber War from Now On

A survey of cyber security decision makers found 77 percent think the world is now in a perpetual state of cyber warfare.

In addition, 82 percent believe geopolitics and cyber security are "intrinsically linked," and two-thirds of polled organisations reported changing their security posture in response to the Russian invasion of Ukraine.

Of those asked, 64 percent believe they may have already been the target of a nation-state-directed cyber attack. Unfortunately, 63 percent of surveyed security leaders also believe that they'd never even know if a nation-state level actor pwned them.

The survey, organised by security shop Venafi, questioned 1,100 security leaders. They said the results show cyber warfare is here, and that it's completely different to many would have imagined. "Any business can be damaged by nation-states," they stated.

It's been common knowledge for some time that government-backed advanced persistent threat (APT) crews are being used to further online geopolitical goals. Unlike conventional warfare, everyone is a target and there's no military or government method for protecting everyone.

Nor is there going to be much financial redress available. Earlier this week Lloyd's of London announced it would no longer recompense policy holders for certain nation-state attacks.

https://www.theregister.com/2022/08/27/in-brief-security/

• Cyber Security Governance: A Path to Cyber Maturity

Organisations need cyber security governance programs that make every employee aware of the cyber security mitigation efforts required to reduce cyber-risks.

In an increasingly challenging threat landscape, many organisations struggle with developing and implementing effective cyber security governance. The "Managing Cybersecurity Risk: A Crisis of Confidence" infographic by the CMMI Institute and ISACA stated: "While enterprise leaders recognise that mature cyber security is essential to thriving in today's digital economy, they often lack the insights and data to have peace of mind that their organisations are efficiently and effectively managing cyber risk."

Indeed, damages from cyber crime are projected to cost the world $7 trillion in 2022, according to the "Boardroom Cybersecurity 2022 Report" from Cybersecurity Ventures. As a result, "board members and chief executives are more interested in cyber security now than ever before," the report stated, adding that the time is ripe for turning awareness into action.

How, then, can board leaders have confidence that their organisations are prepared against cyber attacks? The first order of business for most organisations is to enable a strong cyber security governance program.

Cyber security governance refers to the component of governance that addresses an organisation's dependence on cyber space in the presence of adversaries. The ISO/IEC 27001 standard defines cyber security governance as the following: “The system by which an organisation directs and controls security governance, specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks”.

Traditionally, cyber security is viewed through the lens of a technical or operational issue to be handled in the technology space. Cyber security planning needs to fully transition from a back-office operational function to its own area aligned with law, privacy and enterprise risk. The CISO should have a seat at the table alongside the CIO, COO, CFO and CEO. This helps the C-suite understand cyber security as an enterprise-wide risk management issue, along with the legal implications of cyber-risks, and not solely a technology issue.

https://www.techtarget.com/searchsecurity/post/Cybersecurity-governance-A-path-to-cyber-maturity

• The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware

Ransomware is the de facto threat organisations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation.

Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that multiple threat actors around the world perpetrate.

Something's changed, though. Crypto valuations have dropped, reducing the monetary appeal of ransomware attacks due to organisations mounting better defence against ransomware.

Threat actors have been searching for another opportunity – and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organisations worldwide.

Information exfiltration is rapidly becoming more prevalent. Earlier this year, incidents at Nvidia, Microsoft, and several other companies have highlighted how big of a problem it's become – and how, for some organisations, it may be a threat that's even bigger than ransomware.

Nvidia, for example, became entangled in a complex tit-for-tat exchange with hacker group Lapsus$. One of the biggest chipmakers in the world was faced with the public exposure of the source code for invaluable technology, as Lapsus$ leaked the source code for the company's Deep Learning Super Sampling (DLSS) research.

When it comes to exfil extortion, attackers do not enter with the primary aim of encrypting a system and causing disruption the way that a ransomware attacker does. Though, yes, attackers may still use encryption to cover their tracks.

Instead, attackers on an information exfiltration mission will move vast amounts of proprietary data to systems that they control. And here's the game: attackers will proceed to extort the victim, threatening to release that confidential information into the wild or to sell it to unscrupulous third parties.

https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html

Threats

Ransomware

• Ransomware Groups Can Adapt Malware Code to Different Operating Systems Simultaneously, Kaspersky Research Finds - MSSP Alert

• [Whoa] Ransomware Strains Almost Double in Six Months from 5,400 to 10,666 (knowbe4.com)

• Ransomware: Most attacks exploit these common cyber security mistakes - so fix them now, warns Microsoft | ZDNET

• Ransomware dominates the threat landscape - Help Net Security

• We need to think about ransomware differently - Help Net Security

• Disk wiping malware knows no borders - Help Net Security

• NATO investigates hacker sale of missile firm data - BBC News           

• Cyber attackers disrupt services at French hospital, demand $10 million ransom (france24.com)

• New 'Agenda' Ransomware Customized for Each Victim | SecurityWeek.Com

• LockBit gang hit by DDoS attack after Entrust leaks • The Register

• New ransomware HavanaCrypt poses as Google software update | CSO Online

• WannaCry explained: A perfect ransomware storm | CSO Online

• LockBit Ransomware Site Hit by DDoS Attack as Hackers Start Leaking Entrust Data | SecurityWeek.Com

• New Golang Ransomware Agenda Customizes Attacks (trendmicro.com)

• New 'BianLian' Ransomware Variant on the Rise (darkreading.com)

• New 'Donut Leaks' extortion gang linked to recent ransomware attacks (bleepingcomputer.com)

• Ransomware Attacks are on the Rise | Threatpost

• Quantum ransomware attack disrupts govt agency in Dominican Republic (bleepingcomputer.com)

• Car Dealership Hit by Major Ransomware Attack - Infosecurity Magazine

• Ransomware Gang Leaks Data Allegedly Stolen from Greek Gas Supplier | SecurityWeek.Com

• Major airline technology provider Accelya attacked by ransomware group - The Record by Recorded Future

• Businesses expect the government to increase its financial assistance for all ransomware incidents - Help Net Security

BEC – Business Email Compromise

• Before Portland lost $1.4 million in cyber breach, city treasurer raised red flag - OPB

Phishing & Email Based Attacks

• Phishing attacks abusing SaaS platforms see a massive 1,100% growth (bleepingcomputer.com)

• Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users (thehackernews.com)

• Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account (darkreading.com)

• Hiding a phishing attack behind the AWS cloud • The Register

• 10 key facts about callback phishing attacks - CyberTalk 2022

Other Social Engineering; Smishing, Vishing, etc

• New social engineering tactics discovered in the wild - Help Net Security

Malware

• Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus - Security Affairs

• Fake DDoS Protection Alerts Distribute Dangerous RAT (darkreading.com)

• Meet Borat RAT, a New Unique Triple Threat (thehackernews.com)

• Donot Team group updates its Windows malware framework - Security Affairs

• How 'Kimsuky' hackers ensure their malware only reach valid targets (bleepingcomputer.com)

• Grandoreiro banking malware targets Mexico and Spain - Security Affairs

• Fake Chrome extension 'Internet Download Manager' has 200,000 installs (bleepingcomputer.com)

• Threat actors are using the Tox P2P messenger as C2 server - Security Affairs

Mobile

• Google Play Store Serving Up Chameleon-like Apps (informationsecuritybuzz.com)

• We can make our phones harder to hack but complete security is a pipe dream | John Naughton | The Guardian

Internet of Things – IoT

• Cyber criminals Are Selling Access to Chinese Surveillance Cameras | Threatpost

• IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals - Infosecurity Magazine

• Thousands of Organisations Remain at Risk from Critical Zero-Click IP Camera Bug (darkreading.com)

Data Breaches/Leaks

• LastPass data breach: threat actors stole portion of source code - Security Affairs

• Plex discloses data breach and urges password reset - Security Affairs

• Why the Twilio Breach Cuts So Deep | WIRED

• Plex was compromised, exposing usernames, emails, and passwords - The Verge

• DoorDash discloses new data breach tied to Twilio hackers (bleepingcomputer.com)

• Data on California Prisons' Visitors, Staff, Inmates Exposed | SecurityWeek.Com

• Expert Commentary On The Plex Data Breach (informationsecuritybuzz.com)

• Textile Company Sferra Discloses Data Breach | SecurityWeek.Com

• Novant Health: Oops, we leaked 1.3m patients' info to Meta • The Register

Organised Crime & Criminal Actors

• RaaS Kits Are Hiding Who The Attackers Really Are – Expert Comments (informationsecuritybuzz.com)

• Researchers warn of darkverse emerging from the metaverse | CSO Online

 Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• An anatomy of crypto-enabled cyber crime | Financial Times (ft.com)

• Cryptojackers Spread Across Computers Globally- IT Security Guru

• Hackers Are Breaking Into and Emptying Cash App Accounts (vice.com)

• Threat actors are stealing funds from General Bytes Bitcoin ATMSecurity Affairs

• How Economic Changes and Crypto's Rise Are Fuelling the use of "Cyber Mules" | SecurityWeek.Com

Fraud, Scams & Financial Crime

• Scammers Create “AI Hologram” of C-Suite Crypto Exec - Infosecurity Magazine

• Employee fraud: Beware of deepfake job applicants - Protocol

• A closer look at identity crimes committed against individuals - Help Net Security

• What type of fraud enables attackers to make a living? - Help Net Security

Insurance

• Lloyds Of London Ends Insurance Coverage For State Cyber Attacks, Expert (informationsecuritybuzz.com)

Software Supply Chain

• Why SBOMs alone aren’t enough for software supply chain security | CSO Online

Denial of Service DoS/DDoS

• DDoS attacks jump 203%, patriotic hacktivism surges - Help Net Security

• Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks - Infosecurity Magazine

• LockBit gang hit by DDoS attack after Entrust leaks • The Register

• Gambling sites are losing significant amounts of revenue due to raising DDoS attacks - Help Net Security