Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 19 April 2024
Black Arrow Cyber Threat Intelligence Briefing 19 April 2024:
-94% of Ransomware Victims Have Their Backups Targeted by Attackers
-Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
-Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
-Your Annual Cyber Security Is Not Working, but There is a Solution
-73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
-Russia and Ukraine Top Inaugural World Cyber Crime Index
-Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
-Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
-The Threat from Inside: 14% Surge in Insider Threats Compared to Previous Year
-Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
-Large Enterprises Experience Breaches, Despite Large Security Stacks - Report Finds 93% of Breaches Lead to Downtime and Data Loss
-Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
94% of Ransomware Victims Have Their Backups Targeted by Attackers
Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.
Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.
Source: [Tech Republic]
Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.
The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.
The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.
Sources: [The Banker] [IMF]
Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.
Source: [TechCrunch]
Your Annual Cyber Security Is Not Working, But There is a Solution
Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.
To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.
Source: [TechRadar]
73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.
Source: [Business Wire]
Russia and Ukraine Top Inaugural World Cyber Crime Index
The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.
Top ten Countries in full:
1. Russia
2. Ukraine
3. China
4. United States
5. Nigeria
6. Romania
7. North Korea
8. United Kingdom
9. Brazil
10. India
Source: [Infosecurity Magazine]
Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.
Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.
Sources: [ITPro] [The Guardian]
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.
The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.
Sources: [Claims Journal] [Inc.com]
The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).
Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.
Source: [Infosecurity Magazine] [TechRadar]
Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.
Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.
Sources: [Ars Technica] [Data Breach Today]
Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss
93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.
Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.
Sources: [Infosecurity Magazine] [Help Net Security]
Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.
Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.
Source: [TFN]
Governance, Risk and Compliance
Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Security breaches are causing more damage than ever before | TechRadar
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)
51% of enterprises experienced a breach despite large security stacks - Help Net Security
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)
Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)
What if we made ransomware payments illegal? | SC Media (scmagazine.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
A whole new generation of ransomware makers are attempting to shake up the market | TechRadar
Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly
Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)
Ransomware Victims
Change Healthcare’s ransomware attack costs reach nearly $1B • The Register
Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)
Ransomware attack compromises UN agency data | SC Media (scmagazine.com)
840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)
US think tank Heritage Foundation hit by cyber attack | TechCrunch
Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Cyber Attack Takes Frontier Communications Offline (darkreading.com)
Phishing & Email Based Attacks
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)
Artificial Intelligence
CISOs not changing priorities in response to AI threats (betanews.com)
92% of enterprises unprepared for AI security challenges - Help Net Security
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)
Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
2FA/MFA
Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Malware
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)
Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)
Mobile
Government spyware is another reason to use an ad blocker | TechCrunch
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Enterprises face significant losses from mobile fraud - Help Net Security
SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security
CISA warns of critical vulnerability in Chirp smart locks • The Register
New rules for security of connected products in the UK and EU - Lexology
Data Breaches/Leaks
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Panama Papers: Money laundering trial of 27 defendants begins
Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)
5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)
Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cloud/SaaS
What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Identity and Access Management
Linux and Open Source
Open source groups say more software projects may have been targeted for sabotage (yahoo.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Attackers are pummelling networks around the world with millions of login attempts | Ars Technica
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)
Social Media
Malvertising
Government spyware is another reason to use an ad blocker | TechCrunch
Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)
Training, Education and Awareness
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Cyber security training: How to make it more motivating (hrexecutive.com)
Regulations, Fines and Legislation
US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online
New rules for security of connected products in the UK and EU - Lexology
Congress votes to kick Uncle Sam’s data broker habit • The Register
Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
IT and security professionals demand more workplace flexibility - Help Net Security
National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)
Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)
Law Enforcement Action and Take Downs
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
China
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)
Risks are higher than ever for US- China cyber war | Responsible Statecraft
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
Singapore infosec boss: splinternet hinders interoperability • The Register
FBI says Chinese hackers preparing to attack US infrastructure | Reuters
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Russia
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Microsoft breach allowed Russia to steal Feds' emails • The Register
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch
Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes
Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget
Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register
Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)
Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)
Singapore infosec boss: splinternet hinders interoperability • The Register
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
Iran
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)
Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)
Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)
Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
How to conduct security patch validation and verification | TechTarget
Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack
The importance of the Vulnerability Operations Centre for cyber security | TechRadar
Vulnerabilities
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
“Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica
Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)
PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)
Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA
Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)
Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)
Juniper Networks Publishes Dozens of New Security Advisories - Security Week
Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)
Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)
Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard
Tools and Controls
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud
Dark Web Monitoring: What's the Value? (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
Cyber security training: How to make it more motivating (hrexecutive.com)
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
AI set to enhance cyber security roles, not replace them - Help Net Security
Stateful vs. stateless firewalls: Understanding the differences | TechTarget
Reports Published in the Last Week
Other News
Charities doing worse than private sector in staving off cyber attacks - TFN
The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)
Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)
Geopolitical tensions escalate OT cyber attacks - Help Net Security
Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg
The invisible seafaring industry that keeps the internet afloat (theverge.com)
Do we have a plan on how to deal with subsea cables sabotage? | Euronews
Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week
University chiefs to get security service Cobra briefing on hostile states | The Argus
SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week
Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 March 2024
Black Arrow Cyber Threat Intelligence Briefing 29 March 2024:
-Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
-China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
-Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
-Hackers Hit High-Risk Individuals’ Personal Accounts
-Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
-High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
-Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
-Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
-IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
-Only 5% of Boards Have Cyber Security Expertise
-Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
-Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.
Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.
Sources: [PR Newswire] [SiliconANGLE]
China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”
Sources: [Sky News] [GovInfoSecurity] [The Guardian]
Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.
Source: [Business Wire] [Computer Weekly]
Hackers Hit High-Risk Individuals’ Personal Accounts
Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.
A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.
Source: [Gov Info Security]
Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.
The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.
Source: [Eurasia Review]
High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.
As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.
Source: [Financial Times]
Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.
Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.
Source: [The Hacker News]
Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.
Source: [Dark Reading]
IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.
Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.
With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.
Source: [Beta News] [The Fast Mode]
Only 5% of Boards Have Cyber Security Expertise
There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.
Source: [Infosecurity Magazine]
Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.
Source: [Bleeping Computer]
Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.
Source: [CyberScoop]
Governance, Risk and Compliance
Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)
Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
How threat intelligence data maximizes business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
More than half of organisations fall victim to cyber attacks (betanews.com)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Shareholders win when businesses do better at cyber | Computer Weekly
Getting Security Remediation on the Boardroom Agenda (darkreading.com)
New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)
The cyber security skills shortage: A CISO perspective | CSO Online
Cyber security essentials during M&A surge - Help Net Security
Companies told cyber security has to be cross business concern (emergingrisks.co.uk)
It's Time to Stop Measuring Security in Absolutes (darkreading.com)
True Cost of a Cyber Security Breach for Your Business - Converge
35 cyber security statistics to lose sleep over in 2024 (techtarget.com)
3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)
Cyber security plans should centre on resilience | MIT Sloan
Debunking compliance myths in the digital era - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Building Resiliency in the Face of Ransomware - Security Boulevard
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)
Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay
Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay
Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay
Ransomware Victims
Hackers threaten to publish huge cache of NHS Scotland data - BBC News
Alleged sale of Communication Workers Union’s users data (marcoramilli.com)
Scullion LAW becomes victim of cyber attack | Scottish Legal News
Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)
Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)
Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru
Western Isles council tax bills delayed due to cyber attack - BBC News
Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)
Phishing & Email Based Attacks
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
Artificial Intelligence
Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Scammers exploit tax season anxiety with AI tools - Help Net Security
Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)
Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru
Beware of rogue chatbot hacking incidents (securityintelligence.com)
The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)
AI weaponisation becomes a hot topic on underground forums - Help Net Security
AI bots hallucinate software packages and devs download them • The Register
Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)
Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)
2FA/MFA
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)
Malware
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek
ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Python devs are being targeted by this massive infostealing malware campaign | TechRadar
TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)
Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar
New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
AI bots hallucinate software packages and devs download them • The Register
Mobile
In-app browsers still a privacy, security, and choice issue • The Register
Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica
Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)
Internet of Things – IoT
Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)
Data Breaches/Leaks
AT&T won’t say how its customers’ data spilled online | TechCrunch
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
Cloud/SaaS
Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Identity and Access Management
Tackling DORA Compliance With a Focus on PAM - IT Security Guru
Organisations Grapple With Identity Pain Points | Decipher (duo.com)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Apple users targeted by annoying 'Reset Password' attack | Mashable
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Social Media
Malvertising
Training, Education and Awareness
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Regulations, Fines and Legislation
Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)
techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK
Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Models, Frameworks and Standards
Backup and Recovery
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
US and UK accuse China of cyber operations targeting domestic politics | CyberScoop
UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)
China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)
New Zealand follows UK in accusing China of hacking its parliament | The Independent
Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)
China linked to UK cyber-attacks on voter data, Dowden to say - BBC News
Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard
After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com
SNP MP claims Scottish universities 'overdependent' on Chinese money | The National
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)
Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes
What to make of China’s massive cyber-espionage campaign (economist.com)
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)
Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)
Chinese hackers target family members to surveil hard targets | CyberScoop
Russia
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran
North Korea
Vulnerability Management
Spyware vendors behind 75% of zero-days targeting Google | TechTarget
On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)
NVD slowdown leaves thousands of vulns without analysis data • The Register
Can Compensating Controls Be the Answer in a Sea of Vulnerabilities? - Security Boulevard
Vulnerabilities
Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)
SQL injection vulnerability in Fortinet software under attack | TechTarget
GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)
MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET
Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)
Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Double trouble for DNSSEC though the devil is in the details • The Register
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
Tools and Controls
How threat intelligence data maximises business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Organisations Grapple with Identity Pain Points | Decipher (duo.com)
Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)
Cyber security plans should center on resilience | MIT Sloan
Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Reports Published in the Last Week
Other News
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro
8 cyber security predictions shaping the future of cyber defence - Help Net Security
Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)
Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)
Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon
How to Prevent Your Company from Being Hacked in 2024 - DevX
Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs
US and Japan plan biggest upgrade to security pact in over 60 years
Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)
French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (betanews.com)
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Why there’s no one-size-fits all solution to security maturity | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (darkreading.com)
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (therecord.media)
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)
British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)
Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Malware
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)
Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)
Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)
Mobile
16 more infected Android apps you need to delete ASAP (bgr.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)
LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)
UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
Cloud/SaaS
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. - Thurrott.com
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
Malvertising
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (computing.co.uk)
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
China
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Russia
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)
Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)
A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iran
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (darkreading.com)
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)
Vulnerabilities
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)
Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (securityintelligence.com)
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)
ING CISO says data sharing is key to financial cyber security (finextra.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 June 2023
Black Arrow Cyber Threat Briefing 30 June 2023:
-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
-Employees Worry Less About Cyber Security Best Practices in the Summer
-Businesses are Ignoring Third-Party Security Risks
-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing
-Widespread BEC Attacks Threaten European Organisations
-Lloyd’s Syndicates Sued Over Cyber Insurance
-95% Fear Inadequate Cloud Security Detection and Response
-The Growing Use of Generative AI and the Security Risks They Pose
-The CISO’s Toolkit Must Include Political Capital Within The C-Suite
-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
-SMBs Plagued by Exploits, Trojans and Backdoors
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.
The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.
https://cybernews.com/zurich-insurance-data-leak/
Employees Worry Less About Cyber Security Best Practices in the Summer
IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.
In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.
https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/
https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/
Businesses are Ignoring Third-Party Security Risks
With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.
https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/
Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.
When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.
Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.
Widespread BEC Attacks Threaten European Organisations
Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.
BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?
This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/
Lloyd’s Syndicates Sued Over Cyber Insurance
The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.
UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.
95% Fear Inadequate Cloud Security Detection and Response
A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.
It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.
https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/
The Growing Use of Generative AI and the Security Risks They Pose
A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.
Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.
The CISO’s Toolkit Must Include Political Capital Within The C-Suite
Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.
https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics
Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.
This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.
The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.
https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors
Governance, Risk and Compliance
Businesses are ignoring third-party security risks - Help Net Security
Employees worry less about cyber security best practices in the summer - Help Net Security
Digital-First Economy Has Transformed Role of CISO- IT Security Guru
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)
Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek
UK cyber spies warn ransomware criminals targeting law firms • The Register
Cl0p in Your Network? Here's How to Find Out (darkreading.com)
July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)
Ransomware Victims
Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica
8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)
Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek
10 banks alleged victims of ransomware attacks on file transfer software | American Banker
Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)
Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET
K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)
Phishing & Email Based Attacks
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How a Layered Security Approach Can Minimise Email Threats - MSSP Alert
Less than half of UK banks implement most secure DMARC level | CSO Online
BEC – Business Email Compromise
Widespread BEC attacks threaten European organisations - Help Net Security
The Current State of Business Email Compromise Attacks (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
Artificial Intelligence
Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert
OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business
Lawyers who cited fake cases invented by ChatGPT must pay • The Register
Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)
How to Deploy Generative AI Safely and Responsibly (trendmicro.com)
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)
Does the world need an arms control treaty for AI? | CyberScoop
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)
2FA/MFA
Malware
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)
New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)
Trojanized Super Mario Bros game spreads malware- - Security Affairs
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)
NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)
North Korean Andariel APT used a new malware named EarlyRat - Security Affairs
Mobile
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)
Denial of Service/DoS/DDOS
Global rise in DDoS attacks threatens digital infrastructure - Help Net Security
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Internet of Things – IoT
Someone sent mysterious smartwatches to US Military personnel - Security Affairs
The tech flaw that lets hackers control surveillance cameras - BBC News
Data Breaches/Leaks
Latitude hit with $1 million lawsuit over data breach (9news.com.au)
Recruitment portal exposes data of US pilot candidates • The Register
3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)
Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek
US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)
Organised Crime & Criminal Actors
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Security analyst wanted by both Russia and the US • The Register
Former Group-IB manager has been arrested in Kazahstan - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)
The robotic falcon maker who was targeted by cyber criminals - BBC News
Deepfakes
Insurance
University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ
Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business
How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)
Dark Web
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)
Supply Chain and Third Parties
Cloud/SaaS
95% fear inadequate cloud security detection and response - Help Net Security
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert
Uncovering attacker tactics through cloud honeypots - Help Net Security
How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security
Outlook for the web outage impacts users across America (bleepingcomputer.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Identity and Access Management
Encryption
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
US firm 'breached GDPR' by reputation-scoring EU citizens • The Register
JP Morgan accidentally deletes 47 million comms records • The Register
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online
Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)
Law Enforcement Action and Take Downs
Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)
Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Microsoft hackers say they work for Sudan, not Russia | Fortune
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop
China
China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Iran
The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
North Korea
Misc/Other/Unknown
Vulnerability Management
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)
Micropatches: What they are and how they work - Help Net Security
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
It's 2023 and out-of-bounds write bugs are still number one • The Register
Vulnerabilities
VMware fixed five memory corruption issues in vCenter Server - Security Affairs
US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek
Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)
Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek
Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs
Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek
Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)
The tech flaw that lets hackers control surveillance cameras - BBC News
Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)
Tools and Controls
95% fear inadequate cloud security detection and response - Help Net Security
How a Layered Security Approach Can Minimize Email Threats - MSSP Alert
ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)
Uncovering attacker tactics through cloud honeypots - Help Net Security
10 things every CISO needs to know about identity and access management (IAM) | VentureBeat
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Other News
Businesses count the cost of network downtime - Help Net Security
Exploring the persistent threat of cyber attacks on healthcare - Help Net Security
How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)
Ex-FBI employee jailed for mishandling classified material • The Register
Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek
Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 April 2023
Black Arrow Cyber Threat Briefing 21 April 2023:
-March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
-Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
-One in Three Businesses Faced Cyber Attacks Last Year
-Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
-Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
-Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
-83% of Organizations Paid Up in Ransomware Attacks
-Security is a Revenue Booster, Not a Cost Centre
-EX-CEO Gets Prison Sentence for Bad Security
-Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
-KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
-Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber-Attack
-Outdated Cyber Security Practices Leave Door Open for Criminals
-Quantifying cyber risk vital for business survival
-Recycled Network Devices Exposing Corporate Secrets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.
Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.
The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.
Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.
The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:
Keeping up with threat intelligence (70%)
Allocating cyber security resources and budget (47%)
Visibility into all assets connected to the network (44%)
Compliance and regulation (39%)
Convergence of IT and OT (32%)
The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.
One in Three Businesses Faced Cyber Attacks Last Year
Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.
Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.
https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html
Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged
Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.
The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.
Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.
Cobalt’s recent report found:
Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.
Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.
Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.
https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/
Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.
Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.
https://www.hivesystems.io/blog/are-your-passwords-in-the-green
83% of Organisations Paid Up in Ransomware Attacks
A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.
Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.
https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/
Security is a Revenue Booster, Not a Cost Centre
Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.
For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.
In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.
https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center
Ex-CEO Gets Prison Sentence for Bad Security
A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.
Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.
The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.
Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.
https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/
KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.
The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.
Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.
Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack
Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.
While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.
Outdated Cyber Security Practices Leave Door Open for Criminals
A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.
https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/
Quantifying Cyber Risk Vital for Business Survival
Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.
https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/
Recycled Network Devices Exposing Corporate Secrets
Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.
Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.
In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.
The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.
https://www.infosecurity-magazine.com/news/recycled-network-exposing/
Threats
Ransomware, Extortion and Destructive Attacks
83% of organisations paid up in ransomware attacks | VentureBeat
March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)
RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek
LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)
Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch
Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs
Black Basta claims it's selling off stolen Capita data • The Register
Ransomware reinfection and its impact on businesses - Help Net Security
Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)
Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)
Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)
Medusa ransomware crew boasts of Microsoft code leak • The Register
New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)
Phishing & Email Based Attacks
New Qbot campaign delivers malware by hijacking business emails | CSO Online
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET
UK government employees receive average of 2,246 malicious emails per year - IT Security Guru
BEC – Business Email Compromise
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
US charges three men with six million dollar business email compromise plot | Tripwire
2FA/MFA
Malware
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)
US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)
New QBot campaign delivered hijacking business correspondenceSecurity Affairs
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)
'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)
What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)
Mobile
Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
Botnets
Internet of Things – IoT
Military helicopter crash blamed on missing software patch • The Register
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Five Eye nations release new guidance on smart city cyber security | CSO Online
Data Breaches/Leaks
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek
Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek
Organised Crime & Criminal Actors
Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)
Standardized data collection methods can help fight cyber crime | TechTarget
Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Insider Risk and Insider Threats
Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert
HR Magazine - UK government plans to make businesses liable for employee fraud
Top risks and best practices for securely offboarding employees | CSO Online
How to Strengthen your Insider Threat Security - IT Security Guru
Fraud, Scams & Financial Crime
Pre-pandemic techniques are fueling record fraud rates - Help Net Security
HR Magazine - UK government plans to make businesses liable for employee fraud
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
Three charged over banking fraud for hire website | Computer Weekly
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur
FTC orders payments firm to pay $650k over tech support scam • The Register
Scammers using social media to dupe people into becoming money mules - Help Net Security
AML/CFT/Sanctions
Insurance
Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)
Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online
Dark Web
Supply Chain and Third Parties
Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)
Lazarus APT group employed Linux Malware in recent attacks-Security Affairs
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Software Supply Chain
Cloud/SaaS
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
Linux kernel logic allowed Spectre attack on major cloud • The Register
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
Is there really a march from the public cloud back on-prem? | TechCrunch
Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs
Attack Surface Management
Shadow IT
Identity and Access Management
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)
The biggest data security blind spot: Authorization - Help Net Security
Encryption
API
Open Source
Linux kernel logic allowed Spectre attack on major cloud • The Register
Security beyond software: The open source hardware security evolution - Help Net Security
Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian
Scammers using social media to dupe people into becoming money mules - Help Net Security
Regulations, Fines and Legislation
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Brit cops rapped over app that recorded 200k phone calls • The Register
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Governance, Risk and Compliance
Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)
Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security
'One in three firms faced cyber attacks last year' (aol.co.uk)
Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com
Quantifying cyber risk vital for business survival - Help Net Security
Wargaming an effective data breach playbook - Help Net Security
Outdated cyber security practices leave door open for criminals - Help Net Security
CISOs struggling to protect sensitive data records - Help Net Security
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)
Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
Ex-CIO must pay £81k over Total Shambles Bank migration • The Register
Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security
Top risks and best practices for securely offboarding employees | CSO Online
How companies are struggling to build and run effective cyber security programs - Help Net Security
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)
Secure Disposal
Backup and Recovery
Data Protection
Government reprimanded for serious breaches of data protection law - Jersey Evening Post
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Brit cops rapped over app that recorded 200k phone calls • The Register
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Three charged over banking fraud for hire website | Computer Weekly
US citizens charged with pushing pro-Kremlin disinformation • The Register
Privacy, Surveillance and Mass Monitoring
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
What the Recent Collapse of SVB Means for Privacy (darkreading.com)
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Artificial Intelligence
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online
Pen testing amid the rise of AI-powered threat actors | TechTarget
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register
AI-created malware sends shockwaves through cybersecurity world | Fox News
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)
ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian hackers targeting UK more frequently (thetimes.co.uk)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)
Meet the hacker armies on Ukraine's cyber front line - BBC News
Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)
Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
US citizens charged with pushing pro-Kremlin disinformation • The Register
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
How cyber support to Ukraine can build its democratic future | CyberScoop
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)
Britain sounds alarm on spyware, mercenary hacking market | Reuters
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
The UK will need more than words in this cyber war | Financial Times (ft.com)
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)
Nation State Actors
BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)
3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)
UK security chief’s alert over threat from China (thetimes.co.uk)
Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)
US charges 44 members of alleged Chinese troll army • The Register
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Vulnerability Management
Military helicopter crash blamed on missing software patch • The Register
Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Vulnerabilities
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)
Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)
Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs
VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek
Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)
Tools and Controls
Pen testing amid the rise of AI-powered threat actors | TechTarget
7 countries unite to push for secure-by-design development | CSO Online
Wargaming an effective data breach playbook - Help Net Security
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)
Microsoft opens up Defender with file hash, URL search • The Register
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek
CISOs struggling to protect sensitive data records - Help Net Security
AI defenders ready to foil AI-armed attackers • The Register
Newer Authentication Tech a Priority for 2023 (darkreading.com)
Other News
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop
Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)
How to defend against TCP port 445 and other SMB exploits | TechTarget
Criminal Records Service still disrupted 4 weeks after hack - BBC News
Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)
EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 December 2022
Black Arrow Cyber Threat Briefing 16 December 2022:
-Executives Take More Cyber Security Risks Than Office Workers
-CISO Role is Diversifying from Technology to Leadership & Communication Skills
-How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor
-Cyber Security Drives Improvements in Business Goals
-Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering
-Managing Cyber Risk in 2023: The People Element
-What We Can't See Can Hurt Us
-Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online
-When Companies Compensate the Hackers, We All Foot the Bill
-HSE Cyber-Attack Costs Ireland $83m So Far
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Executives Take More Cyber Security Risks Than Office Workers
IT software company Ivanti worked with cyber security experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and to find out how companies are preparing for yet-unknown future threats.
The report revealed that despite 97% of leaders and security professionals reporting their organisation is as prepared, or more prepared, to defend against cybersecurity attacks than they were a year ago, one in five wouldn’t bet a chocolate bar that they could prevent a damaging breach.
In fact, the study finds that organisations are racing to fortify against cyber attacks, but the industry still struggles with a reactive, checklist mentality. This is most pronounced in how security teams are prioritising patches. While 92% of security professionals reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning none do.
“Patching is not nearly as simple as it sounds,” said Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and even address vulnerabilities without excess manual intervention”.
Cyber security insiders view phishing, ransomware, and software vulnerabilities as top industry-level threats for 2023. Approximately half of respondents indicated they are “very prepared” to meet the growing threat landscape including ransomware, poor encryption, and malicious employees, but the expected safeguards such as deprovisioning credentials is ignored a third of a time and nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.
The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers.
Additionally:
More than 1 in 3 leaders have clicked on a phishing link
Nearly 1 in 4 use easy-to-remember birthdays as part of their password
They are much more likely to hang on to passwords for years
And they are 5x more likely to share their password with people outside the company.
One survey taker shared, “We’ve experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years – even our most experienced staff are falling prey to it.”
To cope with a rapidly expanding threat landscape, organisations must move beyond a reactive, rules-based approach.
CISO Role is Diversifying from Technology to Leadership & Communication Skills
The role of chief information security officer (CISO), a relatively new executive position, is undergoing some significant changes and an archetype has yet to emerge, a new global report from Marlin Hawk, an executive recruiting and leadership consultant, said.
CISOs are still more likely to serve on advisory boards or industry bodies than on the board of directors. Only 13% of the global CISOs analysed are women; approximately 20% are non-white. Each diversity dimension analysed is down one percentage point year-on-year.
According to James Larkin, managing partner at Marlin Hawk, “Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the chief information officer (CIO), which is to act as the primary gateway from the tech department into the wider business and the outside marketplace. This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the ‘softer’ skill sets of communication, leadership, and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow.”
The job does not come without its downsides. For one, according to the search firm, many CISOs change roles and leave their jobs. Their skillset may not be adequate or new leaders get appointed to the job, they lack the necessary internal support, or their company may not have the required commitment to cyber security to make the job effective.
Key findings from the report include:
45% of global CISOs have been in their current role for two years or less, down from 53% in 2021, with 18% turnover year-on-year. While there is still a lot of movement in the CISO seat, there is potentially some stabilisation emerging.
Approximately 62% of global CISOs were hired from another company, indicating a slight increase in the number of CISOs hired internally (38% were hired internally compared to 36% in 2021) but a large gap remains in appropriate successors.
36% of CISOs analysed with a graduate degree received a higher degree in business administration or management. This is down 10% from last year (46% in 2021). Conversely, there has been an increase to 61% of CISOs receiving a higher degree in STEM subjects (up from 46% in 2021).
How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor
Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratise cyber crime.
With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.
While security teams can also leverage ChatGPT for defensive purposes such as testing code, by lowering the barrier for entry for cyber attacks, the solution has complicated the threat landscape significantly. From a cyber security perspective, the central challenge created by OpenAI’s creation is that anyone, regardless of technical expertise, can create code to generate malware and ransomware on-demand.
Whilst it can be used for good to assist developers in writing code for good, it can (and already has) been used for malicious purposes. Examples including asking the bot to create convincing phishing emails or assist in reverse engineering code to find zero-day exploits that could be used maliciously instead of reporting them to a vendor.
ChatGPT does have inbuilt guardrails designed to prevent the solution from being used for criminal activity. For instance, it will decline to create shell code or provide specific instructions on how to create shellcode or establish a reverse shell and flag malicious keywords like phishing to block the requests.
The problem with these protections is that they’re reliant on the AI recognising that the user is attempting to write malicious code (which users can obfuscate by rephrasing queries), while there’s no immediate consequences for violating OpenAI’s content policy.
https://venturebeat.com/security/chatgpt-ransomware-malware/
Cyber Security Drives Improvements in Business Goals
Cyber threats should no longer be viewed as just an IT problem, but also a business problem, Deloitte said in its latest Future of Cyber study. Operational disruption, loss of revenue, and loss of customer trust are the top three significant impacts of cyber incidents. More than half, or 56%, of respondents told Deloitte they suffered related consequences to a moderate or large extent.
In 2021, the top three negative consequences from cyber incidents and breaches were operational disruption, which includes supply chain and the partner ecosystem, intellectual property theft, and a drop in share price. While operational disruption remained the top concern in 2022, loss of revenue and loss of customer trust and negative brand impact moved up in importance. Intellectual property theft and drop in share price dropped to eighth and ninth (out of ten) in ranking. Losing funding for a strategic initiative, loss of confidence in the integrity of the technology, and impact on employee recruitment and retention moved up in ranking in 2022. Respondents were also asked to mark two consequences they felt would be most important in 2023: Operational disruption and loss of revenue topped the list.
"Today, cyber means business, and it is difficult to overstate the importance of cyber as a foundational and integral business imperative," Deloitte noted in its report. "It [cyber] should be included in every functional area, as an essential ingredient for success—to drive continuous business value, not simply mitigate risks to IT."
Deloitte categorised organisations' cyber security maturity based on their adoption of cyber planning, risk management, and board engagement. Risk management included activities such as industry benchmarking, incident response, scenario planning, and qualitative and quantitative risk assessment.
Whether or not the organisation adopted any of these three practices hinged on stakeholders recognising the importance of cyber responsibility and engagement across the whole organisation, Deloitte said in its report. Examples included having a governing body that comprises IT and senior business leaders to oversee the cyber program, conducting incident-response scenario planning and simulation at the organisational and/or board level, regularly providing cyber updates to the board to secure funding, and conducting regular cyber awareness training for all employees.
https://www.darkreading.com/edge-threat-monitor/cybersecurity-drives-improvements-in-business-goals
Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering
The man who will lead UK efforts to regulate cryptocurrency firms issued a stark condemnation of the sector on Wednesday, telling MPs that in his experience crypto platforms were “deliberately evasive”, facilitated money laundering at scale and created “massively untoward risk”.
The comments from Ashley Alder, the incoming chair of the Financial Conduct Authority, suggest that crypto firms hoping to build businesses in the UK will face an uphill battle when the FCA assumes new powers to regulate broad swaths of the sector.
They also put Alder, who will become FCA chair in February, on a potential collision course with the government’s aspiration to create a high quality crypto hub that fosters innovation, a vision ministers have remained loyal to even as the global crypto market lurches from crisis to crisis, epitomised by the collapse of FTX. The FCA declined to comment on whether their incoming chair’s views were at odds with those of the government.
Alder comments came during a sometimes terse appointment hearing with the cross-party Treasury select committee, where he faced sustained criticism for appearing virtually from Hong Kong and for his lack of familiarity with some parts of the UK market place and its accountability structures.
https://www.ft.com/content/7bf0a760-5fb5-4146-b757-1acc5fc1dee5
Managing Cyber Risk in 2023: The People Element
2022 has had many challenges from cyber war between Russia and Ukraine, continuing ransomware attacks, and a number of high-profile vulnerabilities and zero day attacks. With the attack surface constantly expanding, CISOs and security leaders are acutely aware of the need to minimise risk across people, processes, and technology.
Top infrastructure risk: people
It’s common knowledge that it’s not if, but when, your organisation will be the target of a cyber attack. CISOs and security leaders seem to share the same opinion—according to Trend Micro’s latest Cyber Risk Index (CRI) (1H’2022), 85% of 4,100 respondents across four global regions said its somewhat to very likely they will experience a cyber attack in the next 12 months. More concerning was 90% of respondents had at least one successful cyber attack in the past 12 months.
The CRI (1H’2022) also found that CISOs, IT practitioners, and managers identified that most organisations’ IT security objectives are not aligned with the business objectives, which could cause challenges when trying to implement a sound cyber security strategy.
It’s important to note that while ideal, avoiding a cyber attack isn’t the main goal—companies need to address critical challenges across their growing digital attack surface to enable faster detection and response, therefore minimising cyber risk.
While it's commonly assumed that security efforts should be largely focused on protecting critical servers and infrastructure, the human attack vector shouldn’t be so quickly forgotten.
https://www.trendmicro.com/en_us/ciso/22/e/managing-cyber-risk.html
What We Can't See Can Hurt Us
In speaking with security and fraud professionals, visibility remains a top priority. This is no surprise, since visibility into the network, application, and user layers is one of the fundamental building blocks of both successful security programs and successful fraud programs. This visibility is required across all environments — whether on-premises, private cloud, public cloud, multicloud, hybrid, or otherwise.
Given this, it is perhaps a bit surprising that visibility in the cloud has lagged behind the move to those environments. This occurred partially because few options for decent visibility were available to businesses as they moved to the cloud. But it also partially happened because higher priority was placed on deploying to the cloud than on protecting those deployments from security and fraud threats.
This is unfortunate, since what we can't see can hurt us. That being said, cloud visibility is becoming a top priority for many businesses. There are a few areas where many businesses are looking for visibility to play a key role, including Compliance, Monitoring, Investigation, Response, API Discovery, Application Breaches, and Malicious User Detection.
Organisation have been a bit behind in terms of ensuring the requisite visibility into cloud environments. Whilst time has been lost, it does seem that gaining visibility into the network, application, and user layers is now a priority for many businesses. This is a positive development, as it enables those businesses to better mitigate the risks that operating blindly creates.
https://www.darkreading.com/edge-articles/what-we-can-t-see-can-hurt-us
Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cyber security incident.
On Saturday last week, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.
The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms. Each post refers to a member of the Lapsus$ hacking group who is believed to be responsible for numerous high-profile attacks, including a September cyber attack on Uber where threat actors gained access to the internal network and the company's Slack server.
News outlet BleepingComputer has been told that the newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information. One of the documents seen by BleepingComputer includes email addresses and Windows Active Directory information for over 77,000 Uber employees.
While BleepingComputer initially thought this data was stolen during the September attack, Uber told BleepingComputer it believes it is related to a security breach on a third-party vendor.
When Companies Compensate the Hackers, We All Foot the Bill
Companies are always absorbing costs that are seen as par for the course of budget planning: maintenance, upgrades, office supplies, wastage, shrinkage, etc. These costs ratchet up the price of a company's products and are then passed on to the consumer. Breaches in cyber security and paying out ransoms to hackers should be outside of this remit, and yet more than half of all companies admit to transferring the costs of data breaches on to consumers. Careless or ill-informed employees and other weaknesses in a company's protections lead to catastrophic losses to businesses of around $1,797,945 per minute — and the consumers are paying it off.
If a company estimates the recovery costs from a ransomware attack to exceed the requested payment from the hacker, then it feels like a no-brainer — they're better off just cutting their losses and giving in to the cyber criminal's demands. The issue is that this creates an unvirtuous circle of paying the hacker, which enforces nefarious behaviour and empowers hackers to increase the number and volume of ransoms.
When it comes to ransomware, 32% of companies pay off hackers, and, of that percentage, the average company only retrieves about 65% of its data. Giving in to hackers is counterintuitive. On an even more disturbing note, one study found that 80% of companies that paid a ransom were targeted a second time, with about 40% paying again and a majority of that 40% paying a higher ransom the second time round. This is ludicrous. With 33% of companies suspending operations following an attack, and nearly 40% resorting to laying off staff, it comes as no surprise that the downstream costs are picked up to some extent by the consumer.
As for smaller companies, about 50% of US small businesses don't have a cyber security plan in place, despite the fact that small businesses are three times more likely to be targeted by cyber criminals than larger companies. An average breach costs these companies around $200,000 and has put many out of business. It isn't simply the cost passed on to consumers, it's also the intangible assets, such as brand reputation.
When data is leaked and a site goes down, customers become rightly anxious when their information is sold to the highest bidder on the Dark Web. To safeguard against this, companies of all sizes should exploit automated solutions while training every single member of staff to recognise and report online threats. Paying a ransom does not guarantee the return of data, and for a smaller business, losing valuable customer information could cause long-term damage way beyond the initial attack.
Cyber security professionals, governments, and law enforcement agencies all advise companies to avoid paying the hackers' ransoms. This strategy is affirmed by the success businesses have had in retrieving the stolen data and turning the lights back on — 78% of organisations who say they did not pay a ransom were able to fully restore systems and data without the decryption key. This evidently is not enough to reassure companies who, at the click of a dangerous email being opened, have lost sensitive information and access to their systems and are desperate to get back online. There are many preventative techniques businesses can take advantage of before it even gets to that stage.
HSE Cyber-Attack Costs Ireland $83m So Far
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).
The figures come from a letter from HSE’s chief information officer, seen by The Irish Times. This comes months after the Department of Health suggested in February the attack could end up costing up to €100m ($104m). The letter confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) until October of this year.
Ireland has a very capable national cyber security centre and a well-oiled CSIRT team that engages the public/private sector. If the cost does continue to escalate to €100m, that is the equivalent to everyone in the Republic of Ireland having been defrauded by €20. According to The Irish Times, the costs were said to be “enormous,” and the government has been asked to complete a comprehensive assessment of the impact caused by the breach.
The cyber-attack, believed to have been conducted by Russia-based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email. According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. A total of roughly 100,000 people had their personal data stolen during the cyber-attack.
Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices.
https://www.infosecurity-magazine.com/news/hse-cyber-attack-ireland-dollar83m/
Threats
Ransomware, Extortion and Destructive Attacks
HSE Cyber-Attack Costs Ireland $83m So Far - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware-hit Rackspace email outage enters 12th day • The Register
The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets (bleepingcomputer.com)
Rash of New Ransomware Variants Springs Up in the Wild (darkreading.com)
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com
Preventing a ransomware attack with intelligence: Strategies for CISOs - Help Net Security
LockBit ransomware crew claims attack on California Department of Finance - CyberScoop
When Companies Compensate the Hackers, We All Foot the Bill (darkreading.com)
Clop ransomware uses TrueBot malware for access to networks (bleepingcomputer.com)
TrueBot infections were observed in Clop ransomware attacks - Security Affairs
Play ransomware claims attack on Belgium city of Antwerp (bleepingcomputer.com)
Brooklyn hospital network victim of cyber hack crash (msn.com)
Cyber security Experts Uncover Inner Workings of Destructive Azov Ransomware (thehackernews.com)
Cybereason warns of rapid increase in Royal ransomware | TechTarget
New Royal ransomware group evades detection with partial encryption | CSO Online
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Check Point classifies Azov as wiper, not ransomware | TechTarget
Phishing & Email Based Attacks
Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)
Phishing attack uses Facebook posts to evade email security (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Malware
Microsoft digital certificates have once again been abused to sign malware | Ars Technica
Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)
Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert
Crooks use HTML smuggling to spread QBot malware via SVG files - Security Affairs
A clever trick turns antivirus software into unstoppable data wiping scourges | TechSpot
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Mobile
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims (thehackernews.com)
Why You Should Enable Apple’s New iOS 16.2 Security Feature | Reviews by Wirecutter (nytimes.com)
Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch
Internet of Things – IoT
3.5m IP cameras exposed, with US in the lead - Security Affairs
Are robots too insecure for lethal use by law enforcement? | CSO Online
10 Ways Doorbell Cameras Pose a Threat to Privacy and Security - Listverse
Data Breaches/Leaks
Uber suffers new data breach after attack on vendor, info leaked online (bleepingcomputer.com)
Twitter confirms recent user data leak is from 2021 breach (bleepingcomputer.com)
HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch
Australia's Telstra suffers privacy breach, 132,000 customers impacted | Reuters
Unauthorised server access caused AirAsia data leak: Fahmi | Malaysia | The Vibes
FBI's InfraGard Cyber security Program Breached by Hackers (gizmodo.com)
Aussie Data Breaches Surge 489% in Q4 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Uber staff information leaks after IT supply chain attack • The Register
TPG Telecom joins list of hacked Australian companies, shares slide | Reuters
How companies can avoid costly data breaches - Help Net Security
Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Incoming FCA chair says crypto firms facilitate money laundering | Financial Times (ft.com)
Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times
DOJ divided over charging Binance for alleged crypto crimes, report says | Ars Technica
Facebook Asks Lawmakers Not to Regulate Crypto Too Harshly Just Because of All the Fraud (vice.com)
The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman
Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)
Insider Risk and Insider Threats
Executives take more cyber security risks than office workers - Help Net Security
Managing Cyber Risk in 2023: The People Element (trendmicro.com)
Fraud, Scams & Financial Crime
Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times
Restaurant closes after fraudsters posing as officials steal thousands | News | The Times
Woman gets 66 months in prison for role in $3.3 million ID fraud op (bleepingcomputer.com)
Patrick Giblin conned women all over the US. Now he's going to prison for 5 years | CNN
UK arrests five for selling dodgy point of sale software • The Register
The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman
8 charged with conspiracy to commit securities fraud • The Register
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Uber staff information leaks after IT supply chain attack • The Register
Report highlights serious cyber security issues with US defence contractors | CSO Online
Software Supply Chain
How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)
Microsoft digital certificates have once again been abused to sign malware | Ars Technica
Denial of Service DoS/DDoS
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)
Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica
‘Booter’ sites taken down in global cyber crime bust (gbnews.uk)
Microsoft discovers Windows/Linux botnet used in DDoS attacks | Ars Technica
Cloud/SaaS
Microsoft launches EU 'data boundary' from next year • The Register
HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch
Lego fixes dangerous API vulnerability in BrickLink service | TechTarget (computerweekly.com)
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
Hybrid/Remote Working
Encryption
Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert
The FBI Says Apple’s New Encryption Is “Deeply Concerning” (futurism.com)
Over 85% of Attacks Hide in Encrypted Channels - Infosecurity Magazine (infosecurity-magazine.com)
Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)
API
Open Source
Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities (thehackernews.com)
Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business
Meta warns spyware still being used to target people on social media | Meta | The Guardian
Elon Musk Bans Journalists From Twitter After Reinstating Nazis (gizmodo.com)
Russian disinformation rampant on far-right social media platforms - CyberScoop
HowTo: Fight Cyber-Threats in the Metaverse - Infosecurity Magazine
US politicians propose TikTok ban over China security concerns (telegraph.co.uk)
Training, Education and Awareness
Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season (thehackernews.com)
Remote Work Cyber security Requires a Change in Mindset (informationsecuritybuzz.com)
Parental Controls and Child Safety
TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business
Microsoft Teams is a vector for child sexual abuse material • The Register
Cyber Bullying, Cyber Stalking and Sextortion
Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch
Proposed law offers support to tech-enabled abuse survivors • The Register
Regulations, Fines and Legislation
Privacy concerns are limiting data usage abilities - Help Net Security
European Commission takes step toward approving EU-US data privacy pact | Computerworld
Governance, Risk and Compliance
Managing Cyber Risk in 2023: The People Element (trendmicro.com)
Executives take more cyber security risks than office workers - Help Net Security
Cyber security Drives Improvements in Business Goals (darkreading.com)
Compliance Is Not Enough: How to Manage Your Customer Data (darkreading.com)
5 tips for building a culture of cyber security accountability - Help Net Security
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
What CISOs consider when building up security resilience - Help Net Security
CISO Role is Diversifying From Technology to Leadership & Communication Skills - MSSP Alert
Models, Frameworks and Standards
Why PCI DSS 4.0 Should Be on Your Radar in 2023 (thehackernews.com)
PCI Secure Software Standard version 1.2 sets out new payment security requirements | CSO Online
Backup and Recovery
Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)
Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica
8 charged with conspiracy to commit securities fraud • The Register
Privacy, Surveillance and Mass Monitoring
Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)
Apple should pay €6m for tracking users – French official • The Register
European Commission takes step toward approving EU-US data privacy pact | Computerworld
Privacy concerns are limiting data usage abilities - Help Net Security
Artificial Intelligence
Are robots too insecure for lethal use by law enforcement? | CSO Online
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant
Reassessing cyberwarfare. Lessons learned in 2022 | Securelist
As Wiretap Claims Rattle Government, Greece Bans Spyware | SecurityWeek.Com
Ex-Twitter Worker Gets Prison Time in Saudi 'Spy' Case | SecurityWeek.Com
Reassessing cyberwarfare. Lessons learned in 2022 | Securelist
Nation State Actors
Nation State Actors – Russia
Seven accused of smuggling out US military tech for Moscow • The Register
Neo-Nazi Russian militia appeals for intelligence on Nato member states | Ukraine | The Guardian
NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop
Russian disinformation rampant on far-right social media platforms - CyberScoop
Nation State Actors – China
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day | SecurityWeek.Com
US politicians propose TikTok ban over China security concerns (telegraph.co.uk)
Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)
US to add Chinese chipmaker to trade blacklist | Financial Times (ft.com)
AIIMS cyber attack suspected to have originated in China, Hong Kong - Rediff.com India News
Spies and Lies by Alex Joske — inside China’s intelligence operation | Financial Times (ft.com)
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)
24% of technology applications contain high-risk security flaws - Help Net Security
Vulnerabilities
Hackers exploit critical Citrix ADC and Gateway zero day, patch now (bleepingcomputer.com)
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Adobe Patches 38 Flaws in Enterprise Software Products | SecurityWeek.Com
VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest - Security Affairs
Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities (thehackernews.com)
Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks (bleepingcomputer.com)
Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway | CISA
Security Flaw in Atlassian Products Affecting Multiple Companies (darkreading.com)
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware – Naked Security (sophos.com)
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com
New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products (thehackernews.com)
Apple patches everything, finally reveals mystery of iOS 16.1.2 – Naked Security (sophos.com)
Apple fixed the tenth actively exploited zero-day this year - Security Affairs
High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update | SecurityWeek.Com
Top 5 Web App Vulnerabilities and How to Find Them (thehackernews.com)
Severe vulnerabilities found in most industrial controllers - The Washington Post
Akamai WAF bypassed via Spring Boot to trigger RCE | The Daily Swig (portswigger.net)
Tools and Controls
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
Other News
Cyber Threats Loom as 5B People Prepare to Watch World Cup Final (darkreading.com)
Tech companies must start sharing intelligence to avert global conflicts | Financial Times (ft.com)
Microsoft Defender, Avast, AVG turned against Windows to permanently delete files - Neowin
Analysis Shows Attackers Favour PowerShell, File Obfuscation (darkreading.com)
Automated Cyber campaign Creates Masses of Bogus Software Building Blocks (darkreading.com)
12 types of wireless network attacks and how to prevent them | TechTarget
FuboTV says World Cup streaming outage caused by a cyber attack (bleepingcomputer.com)
MTTR “not a viable metric” for complex software system reliability and security | CSO Online
Low-code/no-code security risks climb as tools gain traction | TechTarget
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 April 2022
Black Arrow Cyber Threat Briefing 29 April 2022
-Ransomware Attacks Surged to New Highs in 2021
-NCSC and Allies Publish Advisory on The Most Commonly Exploited Vulnerabilities In 2021
-Network Attacks Increased to a 3-Year High
-World War Three Is Far More Likely Than Anyone Is Prepared to Admit
-The Ransomware Crisis Deepens, While Data Recovery Stalls
-Ransoms Only Make Up 15% of Ransomware Costs
-Defending Your Business Against Russian Cyber Warfare
-5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable
-Cisco Talos Observes 'Novel Increase' in APT Activity in Q1
-Deepfakes Set to Be Used in Organised Crime
-Smart Contract Developers Not Really Focused on Security. Who Knew?
-Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Attacks Surged to New Highs in 2021
Ransomware attacks are getting more frequent, more successful and more expensive.
Sixty-six percent of the organisations surveyed by Sophos for its annual State of Ransomware report admitted that they were hit with a ransomware attack last year, up from 37% in 2020. And 65 percent of those attacks were successful in encrypting their victims' data, up from 54 percent the year before.
On top of that, the average ransom paid by organisations for their most significant ransomware attack grew by nearly five times, to just over $800,000, while the number of organisations that paid ransoms of $1 million or more tripled to 11%, the UK-based cybersecurity company said. For its annual report, Sophos surveyed 5,600 organisations from 31 countries. A total of 965 of those polled shared details of their ransomware attacks.
The numbers aren't a huge surprise after a year of epic ransomware attacks that shut down everything from a major oil pipeline to one of the largest meat processors in the US. While both Colonial Pipeline and JBS US Holdings paid millions in ransom, the attacks paused their operations long enough to spark panic buying and drive prices up for consumers.
NCSC and Allies Publish Advisory on The Most Commonly Exploited Vulnerabilities In 2021
The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.
The National Cyber Security Centre (NCSC), a part of GCHQ, has jointly published an advisory with agencies in the US, Australia, Canada and New Zealand, showing that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sectors worldwide.
Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers.
It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.
The advisory directs organisations to follow specific mitigation advice to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software no longer supported by the vendor.
Network Attacks Increased to a 3-Year High
WatchGuard Technologies’ Internet Security Report for Q4 2021 revealed all threats were up, whether they’re network attacks or malware.
When the pandemic started, their research team saw a big drop in malware being detected by network security devices. In this period, tech based jobs moved to remote work, which meant a lot of users were no longer browsing the internet and encountering bad things through the network security control at the office. That’s probably why network detection for malware dropped quite a bit at the beginning of the pandemic.
Meanwhile, network attacks continued to rise even through the pandemic, since the servers still lived at the offices and the cloud, and network security still protected those.
The big takeaway in Q4 2021 is that malware rose significantly, returning to normal levels. The reason might be the holiday season, but it’s most probably the fact that, at the end of last year, a lot of tech-based offices started reopening and offering employees to come back in, and thus there’s a bigger chance for network security controls to catch malware.
https://www.helpnetsecurity.com/2022/04/25/network-attacks-q4-2021-video/
World War Three Is Far More Likely Than Anyone Is Prepared to Admit
A Telegraph article looks at the Russia-Ukraine conflict and considers risks posed by new weapons and how the West’s failure to understand our enemies are raising the chances of a horrific conflict.
The fact is the world is becoming more, rather than less, dangerous: there are plenty of other wannabe Putins, and they are better equipped to sow death and destruction. Not only traditional and nuclear threats but bioterrorism is a growing worry and a major cyber attack or assault on transatlantic cables could be so devastating to an internet-based economy as to be seen as a declaration of war.
https://www.telegraph.co.uk/news/2022/04/27/world-war-three-far-likely-anyone-prepared-admit/
The Ransomware Crisis Deepens, While Data Recovery Stalls
Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.
When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up or paying ransom demands, less data was recovered in 2021 compared with the previous year.
For instance, in its "State of Ransomware 2022" report, cybersecurity firm Sophos found that 66% of surveyed companies had encountered ransomware in 2021, with two-thirds of those firms — or 43% overall — suffering from an actual attack that encrypted data. In its previous report covering 2020, the frequency of successful attacks was much smaller, with about 20% overall resulting in encryption.
The deteriorating cyberthreat landscape is largely due to the evolution of ransomware groups and their techniques, says Sean Gallagher, senior threat researcher with Sophos.
"Over the past couple of years, there has been a massive transition from ransomware to ransomware-as-a-service," he says. "There are very well-established [groups] that are doing these attacks, and as a result, the number of attacks companies are seeing has gone up."
Ransomware continues to plague companies with business-disrupting attacks and defy efforts by cybersecurity experts to rein in the operators behind the criminals’ campaigns. Not only did the portion of companies affected by ransomware more than double last year, but the mean ransomware payment more than quadrupled to $812,000, according to the Sophos report.
https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls
Ransoms Only Make Up 15% of Ransomware Costs
New research suggests that paying ransoms is only the tip of the cost iceberg when it comes to ransomware attacks.
Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors.
The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption.
Ransomware attacks are an increasingly popular attack method, typically involving stealing data from the victim, encrypting data and forcing them to pay for decryption and avoiding a data leak.
Check Point said in the report:
“Most other losses, including response and restoration costs, legal fees, monitoring costs, etc., are applied whether the extortion demand was paid or not. The year 2020 showed that the average total cost of a ransomware attack was more than seven times higher than the average ransom paid.”
https://www.itsecurityguru.org/2022/04/28/ransoms-only-make-up-15-of-ransomware-costs/
Defending Your Business Against Russian Cyber Warfare
We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine.
The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyber attacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place.
The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organisations to prepare and implement more robust defences. These defences include actions both inside and outside an enterprise's perimeter.
https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare
5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable
What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.
Cyber crime can cause major disruption when it comes to the sustainability and long-term success of companies. Teams want to have robust security but often struggle to meet that objective. It's crucial for security professionals to leverage insights into emerging trends in cybersecurity to pinpoint which vulnerabilities put organisations at the greatest risk, and Cobalt's "State of Pentesting" reports explore how to achieve efficiency to strengthen security.
The "State of Pentesting 2022" surveyed 602 cybersecurity and software development professionals and analysed data from 2,380 pentests conducted over the course of 2021 to pull key insights that are relevant to security and development teams when it comes to fixing vulnerabilities.
As a result of the data collected, the top five most common vulnerability categories outlined in this year's "State of Pentesting" report include:
· Server Security Misconfigurations
· Cross-Site Scripting (XSS)
· Broken Access Control
· Sensitive Data Exposure
· Authentication and Sessions
Surprisingly — yet predictably — these vulnerability categories have stayed at the top of the list for at least the last five years in a row. They're also recognisable to those who are familiar with OWASP Top 10 list for Web Application Security Risks.
The majority of these findings are connected to missing configurations, outdated software, and a lack of access management controls — all common and easily preventable security flaws. So, what's holding companies back from preventing well-known security flaws? Why does this come as a surprise?
Cisco Talos Observes 'Novel Increase' in APT Activity in Q1
Advanced persistent threat actors have been busy over the past few months, according to Cisco Talos.
The security vendor released its Quarterly Trends report, which examined incident response trends from engagements in the first quarter of 2022. While ransomware remained the top threat, as it has for the past two years now, Cisco observed a new trend of increased APT activity. The Cisco Talos Incident Response (CTIR) team attributed some of the increase to groups like Iranian state-sponsored Muddywater and China-based Mustang Panda.
One suspected Chinese APT, dubbed "Deep Panda," was connected to exploitation of the Log4j flaw that was discovered last year in the widely used Java logging tool. Log4j exploitation was the second most common threat for Q1 behind ransomware, indicating the bug is a growing threat despite a patch being available.
Deepfakes Set to Be Used in Organised Crime
New research from Europol suggests that deepfakes will be used extensively in organised crime operations.
Europol has warned of a projected rise in the use of deepfake technology by organised crime organisations.
Deepfakes involve the use of artificial intelligence to create realistic audio and audio-visual content “that convincingly shows people saying or doing things they never did, or create personas that never existed in the first place.”
Law enforcement and the challenge of deepfakes is the first published analysis of the Europol Innovation Lab’s Observatory function, warning that law enforcement agencies must rapidly improve skills and technologies utilised by officers in order to keep up with criminal deepfake use.
The analysis report highlighted how deepfakes are used primarily in disinformation, non-consensual pornography and document fraud campaigns, which will grow more realistic in years to come.
https://www.itsecurityguru.org/2022/04/29/deepfakes-set-to-be-used-in-organised-crime/
Smart Contract Developers Not Really Focused on Security. Who Knew?
"Smart contracts," which consist of self-executing code on a blockchain, are not nearly as smart as the label suggests.
They are at least as error-prone as any other software, where historically the error rate has been about one bug per hundred lines of code.
And they may be shoddier still due to disinterest in security among smart contract developers, and perhaps inadequate technical resources.
Multi-million dollar losses attributed to smart contract bugs – around $31m stolen from MonoX via smart contract exploit and ~$34m locked into a contract forever due to bad increment math, to name a few – illustrate the consequences.
https://www.theregister.com/2022/04/26/smart_contract_losses/
Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
We’ve been predicting this for a while now and the move to more and more connected systems, autonomous and semi-autonomous vehicles, how long until someone is subject to threats to disconnect a vehicle’s brakes as they are driving along a motorway? Who wouldn’t pay the ransom demand in that scenario?
A report this week is related to articulated lorries but this is something that will be affecting all vehicles unless safeguards are put in place.
Researchers have analysed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks.
The research was conducted by the US National Motor Freight Traffic Association (NMFTA), which is a non-profit organisation that represents roughly 500 motor freight carriers, in collaboration with Assured Information Security, Inc.
NMFTA has been analysing the cyber security of heavy vehicles since 2015 and it has periodically disclosed its findings. The latest report from the organisation came in early March, when the US Cybersecurity and Infrastructure Security Agency (CISA) also issued an advisory to describe two vulnerabilities affecting trailer brake controllers.
The flaws described in the CISA advisory are related to the power line communications (PLC) between tractors and trailers, specifically the PLC4TRUCKS technology, which uses a standard named J2497 for bidirectional communications between the tractor and trailer without adding new wires.
https://www.securityweek.com/tractor-trailer-brake-controllers-vulnerable-remote-hacker-attacks
Threats
Ransomware
Prevent HEAT Attacks to Foil Ransomware Incidents - Help Net Security
Conti Ransomware Operations Surge Despite Recent Leak - Security Affairs
Beware: Onyx Ransomware Destroys Files Instead of Encrypting Them (bleepingcomputer.com)
FBI says BlackCat Rust-Based Ransomware Scratched 60+ Orgs • The Register
REvil Ransomware Attacks Resume, But Operators Are Unknown (techtarget.com)
Fake Windows 10 Updates Infect You with Magniber Ransomware (bleepingcomputer.com)
New Black Basta Ransomware Springs into Action with A Dozen Breaches (bleepingcomputer.com)
Companies Can't Get Enough of Good Ol' Tape Storage For Ransomware Resistance | PC Gamer
Phishing & Email Based Attacks
Phishing Goes KISS: Don’t Let Plain and Simple Messages Catch You Out! – Naked Security (sophos.com)
Phishing Attacks Benefiting from Shady SEO Practices (techtarget.com)
Malware
Emotet Malware Now Installs Via Powershell in Windows Shortcut Files (bleepingcomputer.com)
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer (thehackernews.com)
Emotet Tests New Attack Techniques: Sign of Things to Come? | CSO Online
Cyber Criminals Using New Malware Loader 'Bumblebee' in the Wild (thehackernews.com)
New Powerful Prynt Stealer Malware Sells for Just $100 Per Month (bleepingcomputer.com)
Mobile
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Scammers Are Copying News Sites To Push Elon Musk-themed Crypto Scams - Information Security Buzz
Why Did Hackers Target DeFi L1, L2 Solutions for a $1.2 Billion Theft in 2022? (watcher.guru)
Intuit Sued Over Phishing Attack Targeting Trezor Crypto Wallet Users - Decrypt
Crypto Trading Fund Partners Accused of Fraud - Infosecurity Magazine
LemonDuck Botnet Evades Detection in Cryptomining Attacks (techtarget.com)
Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen (vice.com)
Insider Risk and Insider Threats
AML/CFT
Two More Indicted Over North Korean Sanctions Evasion Plot - Infosecurity Magazine
FCA: Challenger Banks Failing to Spot Money Launderers - Infosecurity Magazine
Denial of Service DoS/DDoS
Cloudflare Stomps On 15.3 Million Requests Per Second DDoS • The Register
How a New Generation of IoT Botnets Is Amplifying DDoS Attacks | CSO Online
DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert
Cloud
Is Cloud Critical Infrastructure? Prep Now for Provider Outages (techtarget.com)
Shadow IT Is A Top Concern Related To SaaS Adoption - Help Net Security
Travel
Parental Controls and Child Safety
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Data-Wiper Malware Strains Surge Amid Ukraine Invasion • The Register
Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (thehackernews.com)
Cyber Attacks Rage in Ukraine, Support Military Operations | Threatpost
Ongoing DDoS Attacks from Compromised Sites Hit Ukraine - Security Affairs
Anonymous Hacked Russian PSCB Commercial Bank and Energy Firms - Security Affairs
Russia-Linked Threat Actors Launched Hundreds of Cyber Attacks on Ukraine - Security Affairs
Russian Hacktivists Launch DDoS Attacks on Romanian Govt Sites (bleepingcomputer.com)
Cyber Espionage APT Now Identified as Three Separate Actors | Threatpost
Nation State Actors
Nation State Actors – Russia
Microsoft Documents Over 200 Cyber Attacks by Russia Against Ukraine (thehackernews.com)
Russian Govt Impersonators Target Telcos in Phishing Attacks (bleepingcomputer.com)
The Subject of Trusting ‘Russian’ Applications - Information Security Buzz
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerabilities
CISA Adds 7 Vulnerabilities to List Of Bugs Exploited In Attacks (bleepingcomputer.com)
Cisco Patches 11 High-Severity Vulnerabilities in Security Products | SecurityWeek.Com
Update Now! Critical Patches for Chrome and Edge | Malwarebytes Labs
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL (darkreading.com)
Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (thehackernews.com)
Millions of Java Apps Remain Vulnerable to Log4Shell | Threatpost
Organisations Warned of Attacks Exploiting WSO2 Vulnerability | SecurityWeek.Com
Vulnerability Found in WordPress Anti-Malware Firewall (searchenginejournal.com)
Sector Specific
Financial Services Sector
Government
Governments Under Attack Must Think Defensively - Help Net Security
Data Breach Disrupts UK Army Recruitment - Infosecurity Magazine
Health/Medical/Pharma Sector
French Hospital Group Disconnects Internet After Hackers Steal Data (bleepingcomputer.com)
Medical Software Firm Fined €1.5M for Leaking Data of 490k Patients (bleepingcomputer.com)
DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert
Smile Brands Breach Impacts 2.5 Million Individuals - Infosecurity Magazine
CNI, OT, ICS, IIoT and SCADA
Education and Academia
Gaming/Gambling
Other News
SolarWinds Breach Lawsuits: 6 Takeaways for CISOs | CSO Online
41% Of Businesses Had an API Security Incident Last Year - Help Net Security
Security Leaders Relying More Heavily on MSPs Amid Talent Crunch - Help Net Security
2022 Security Priorities: Staffing and Remote Work (darkreading.com)
GitHub: How Stolen OAuth Tokens Helped Breach Dozens of Orgs (bleepingcomputer.com)
Why Companies Should Focus on Preventing Privilege Escalation (techtarget.com)
German Wind Turbine Firm Hit by 'Targeted, Professional Cyber Attack' | SecurityWeek.Com
308,000 Exposed Databases Discovered, Proper Management Is Key - Help Net Security
Lapsus$ targeting SharePoint, VPNs and virtual machines (techtarget.com)
Top Five Post-Pandemic Priorities for Cyber Security Leaders - Help Net Security
Security Spending Set to Hit $198bn by 2025 - Infosecurity Magazine
Companies Poorly Prepared to Meet CCPA, CPRA and GDPR Compliance Requirements - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 March 2022
Black Arrow Cyber Threat Briefing 18 March 2022
-Guernsey Cyber Security Warning For Islanders And Businesses
-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime
-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine
-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents
-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead
-Cyber Crooks’ Political In-Fighting Threatens the West
-Cloud-Based Email Threats Surge 50% in 2021
-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups
-The Massive Impact of Vulnerabilities In Critical Infrastructure
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Guernsey Cyber Security Warning for Islanders and Businesses
There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.
The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."
The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.
It encouraged vigilance, as the islands are not immune to these attacks.
A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."
Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."
https://www.bbc.co.uk/news/world-europe-guernsey-60763398
CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime
As some nations turn a blind eye, defence becomes life-or-death matter
With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.
"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way.
"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."
It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.
https://www.theregister.com/2022/03/18/ciso_security_storm/
Four Key Risks Exacerbated by Russia’s Invasion of Ukraine
Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.
“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”
There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk
https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/
These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents
Any ransomware is a cyber security issue, but some strains are having more of an impact than others.
Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.
According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice.
Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.
"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.
Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.
The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.
Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.
https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/
Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
An expanding threat landscape is testing the limits of cyber insurance coverage.
The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.
A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.
Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead
Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.
Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.
https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/
Cyber Crooks’ Political In-Fighting Threatens the West
They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.
A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.
According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”
“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”
What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.
https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/
Cloud-Based Email Threats Surge 50% in 2021
There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.
The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.
It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.
The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.
https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/
Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.
Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.
UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/
Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.
The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.
Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.
The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.
https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html
The Massive Impact of Vulnerabilities in Critical Infrastructure
Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?
In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.
Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.
https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/
Threats
Ransomware
Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)
Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet
Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)
Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost
SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online
Exotic Lily Sells Ransomware Groups Access To Targets • The Register
New "Initial Access Broker" Working with Conti gang - IT Security Guru
Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)
Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs
How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)
Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert
Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet
Phishing & Email
Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)
How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register
Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)
76,000 Scams Taken Down Through Email Reporting - IT Security Guru
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost
This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register
Malware
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)
Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic
Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com
Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)
Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)
Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)
Mobile
2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)
Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com
Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica
Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)
Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)
IoT
Organised Crime & Criminal Actors
Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security
A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine
Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
Cloud
How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet
The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)
Privacy
Passwords & Credential Stuffing
Regulations, Fines and Legislation
CafePress Fined For Covering Up Customer Info Leak • The Register
Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED
How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)
FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)
Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)
Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)
German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)
Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru
Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)
Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)
Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET
New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)
Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop
Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs
Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)
Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)
Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register
Nation State Actors – China
China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs
China Claims It Captured NSA Spy Tool That Already Leaked • The Register
Nation State Actors – Iran
Vulnerabilities
CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)
Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com
OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register
OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)
SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)
High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com
QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)
Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica
Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)
70% of Financial Service Providers Are Implementing API Security - Help Net Security
Health/Medical/Pharma Sector
Transport and Aviation
Reports Published in the Last Week
Other News
Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com
Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security
Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com
The Importance Of Building In Security During Software Development - Help Net Security
How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security
Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica
How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost
When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)
Half of People Accept All Cookies Despite The Security Risk | TechRadar
Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 February 2022
Black Arrow Cyber Threat Briefing 25 February 2022
-Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
-Ransomware Extortion Doesn't Stop After Paying The Ransom
-Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
-Study: UK Firms Most Likely To Pay Ransomware Hackers
-Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
-91% of UK Organisations Compromised by an Email Phishing Attack in 2021
-Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
-Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
-Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
-The Future of Cyber Insurance
-Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
-Microsoft Teams Is The New Frontier For Phishing Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.
Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.
"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.
Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.
Ransomware Extortion Doesn't Stop After Paying The Ransom
A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.
This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.
The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:
18% of victims who paid the ransom still had their data exposed on the dark web.
8% refused to pay the ransom, and the attackers tried to extort their customers.
35% of victims paid the ransom but were still unable to retrieve their data.
As for the ransomware actor extortion tactics, these are summarized as follows:
83% of all successful ransomware attacks featured double and triple extortion.
38% of ransomware attacks threatened to use stolen data to extort customers.
35% of ransomware attacks threatened to expose stolen data on the dark web.
32% of attacks threatened to directly inform the victim's customers of the data breach incident.
Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.
Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."
The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link. The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.
According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.
Study: UK Firms Most Likely To Pay Ransomware Hackers
Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.
The global average was 58%, making the UK the most likely country to pay cyber-criminals.
Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.
Phishing attacks remain the key way criminals access networks, it found.
Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.
https://www.bbc.co.uk/news/business-60478725
Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.
Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.
https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/
91% of UK Organisations Compromised by an Email Phishing Attack in 2021
More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.
The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.
The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.
Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.
https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/
Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.
As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.
Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.
This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.
https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/
Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.
“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.
The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.
The Russian Government’s portal, and the websites of other ministries are running very slow.
The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.
Anonymous pointed out that it is not targeting Russian citizens, but only their government.
“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”
https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html
Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.
The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.
Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.
What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”
The Future of Cyber Insurance
In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.
At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.
If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.
https://www.darkreading.com/risk/the-future-of-cyber-insurance
Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.
The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.
Microsoft Teams Is The New Frontier For Phishing Attacks
Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.
One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.
“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.
Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.
However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.
https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/
Threats
Ransomware
Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters
Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com
Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online
TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)
Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)
Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security
Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)
Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs
Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)
BEC – Business Email Compromise
Phishing & Email
Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost
New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)
Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)
Other Social Engineering
Malware
Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today
Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)
Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin
Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs
New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)
Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)
Mobile
New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)
Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost
Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register
Data Breaches/Leaks
Organised Crime & Criminal Actors
Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs
Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
Insider Risk and Insider Threats
Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security
Insider Threats Are More Than Just Malicious Employees (darkreading.com)
83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security
Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online
Fraud, Scams & Financial Crime
Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today
French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)
Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine
Supply Chain
Nation State Actors
Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian
Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com
Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs
Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED
China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs
US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs
Privacy
Spyware, Espionage & Cyber Warfare
Sector Specific
Financial Services Sector
Defence
Health/Medical/Pharma Sector
Construction
Reports Published in the Last Week
Other News
War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)
Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)
22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat
Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security
50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert
Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)
How To Keep Pace With Rising Data Protection Demands - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.