Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 November 2023
Black Arrow Cyber Threat Intelligence Briefing 24 November 2023:
-The Human Element- Cyber Security’s Great Challenge
-Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
-Despite Increasing Ransomware Attacks, Some Companies in Denial
-A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
-The True Cost of a Ransomware Attack
-Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
-Cyber Security Investment Involves More Than Just Technology
-Questions Leaders Must Ask Themselves on Security Culture
-There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
-Cyber Attack on British Library Highlights Lack of UK Resilience
-Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
-The Cyber Security Lawsuit Boards are Talking About
-UK and Republic of Korea Issue Warning About North Korea State-Linked Cyber Actors Attacking Software Supply Chains
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
The Human Element- Cyber Security’s Great Challenge
According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.
Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.
Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.
Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]
Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.
The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.
Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.
Sources [Computer Weekly] [Beta News] [Beta News]
Despite Increasing Ransomware Attacks, Some Companies are in Denial
A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.
Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.
In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.
Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]
A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.
In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.
Sources: [The Register] [Computer Weekly]
The True Cost of a Ransomware Attack
While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.
For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [ITPro]
Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.
The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.
Source: [TechXplore]
Cyber Security Investment Involves More Than Just Technology
C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Dark Reading]
Questions Leaders Must Ask Themselves on Security Culture
In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.
Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.
Source: [AT&T]
There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.
Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.
Sources: [The Currency]
Cyber Attack on British Library Highlights Lack of UK Resilience
A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).
The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.
Source: [FT]
Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.
With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.
Sources: [Help Net Security] [Help Net Security]
The Cyber Security Lawsuit Boards are Talking About
For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.
Source: [The New York Times]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget
Companies step up investment in ransomware protection (betanews.com)
CISOs can marry security and business success - Help Net Security
7 must-ask questions for leaders on security culture (att.com)
The human element -- cyber security's greatest challenge (betanews.com)
Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Cyber security Investment Involves More Than Just Technology (darkreading.com)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
Only 9% of IT budgets are dedicated to security - Help Net Security
Why transparency and accountability are important in cyber security | Computer Weekly
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Internal audit leaders are wary of key tech investments - Help Net Security
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
Stressed staff put enterprises at risk of cyber attack (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)
More than money: The true cost of a ransomware attack | ITPro
Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert
Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Companies step up investment in ransomware protection (betanews.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)
The shifting sands of the war against cyber extortion - Help Net Security
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Ransomware groups rack up victims among corporate America | CyberScoop
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio
UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology
Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)
Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)
4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)
Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal
Ransomware Victims
Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor
British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International
London & Zurich ransomware attack causes customer chaos • The Register
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek
Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)
Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar
Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)
St Helens Council suspected cyber attack caused significant disruption - BBC News
Western Isles Council backup systems 'inaccessible' following cyber attack | STV News
Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)
BlackCat claims attack on Fidelity National Financial • The Register
Phishing & Email Based Attacks
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon
Artificial Intelligence
Cyber threats reached a new high this year, with AI playing a major role | TechRadar
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)
Smaller businesses embrace GenAI, overlook security measures - Help Net Security
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
OII | Large Language Models pose risk to science with false answers, says Oxford study
Malware
5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)
Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE
Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
Mirai malware infects routers and cameras for new botnet • The Register
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)
Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)
Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)
How Ducktail steals Facebook accounts | Kaspersky official blog
Cyber criminals turn to ready-made bots for quick attacks - Help Net Security
3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)
New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)
Mobile
FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek
Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog
Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
4 data loss examples keeping backup admins up at night | TechTarget
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)
US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)
Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)
Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)
Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)
Sumo Logic says customer data untouched during breach • The Register
Organised Crime & Criminal Actors
Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Supply Chain and Third Parties
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)
Cloud/SaaS
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your password hygiene remains atrocious, says NordPass • The Register
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
UK watchdog threatens enforcement action over ad cookies • The Register
Models, Frameworks and Standards
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
US cyber cops trace and return nearly $9M stolen by scammers • The Register
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Why cyber war readiness is critical for democracies - Help Net Security
Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)
Nation State Actors
China
Russia
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)
Iran
Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg
Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online
North Korea
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg
Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)
Tools and Controls
Only 9% of IT budgets are dedicated to security - Help Net Security
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)
Companies step up investment in ransomware protection (betanews.com)
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
The 7 Deadly Sins of Security Awareness Training (darkreading.com)
Identity And Access Management: 18 Important Trends And Considerations
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
MFA under fire, attackers undermine trust in security measures - Help Net Security
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)
The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)
Other News
Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)
Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)
UK proposes 'super-complaints' to help keep internet safe • The Register
Consumers plan to be more consistent with their security in 2024 - Help Net Security
Security trends public sector leaders are watching | CyberScoop
Even gas pumps aren't safe from cyber attacks at the moment | TechRadar
Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider
The US government wants to offer better cyber security to major infrastructure firms | TechRadar
The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar
Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)
Shields Ready: Critical Infrastructure Security and Resilience
Crimeware and financial cyberthreat predictions for 2024 | Securelist
Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters
Read again: Decoding cyber security, safeguarding educational institutions | Edexec
What direction for the EU Cyber security Competence Centre? – EURACTIV.com
Unveiling the Most Common Cyber Threats in Retail – International Supermarket News
Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 September 2023
Black Arrow Cyber Threat Intelligence Briefing 08 September 2023:
-More Than Half of UK Organisations Know They Aren’t Well Protected
-Generative AI Considered a Security Risk by 60% of Board Members: How Organisations Can Prepare
-Businesses Ignore Incident Response at Their Peril
-Blame Culture: An Organisation’s Ticking Time Bomb
-Spend to Save: CFO’s and Cyber Security Investment
-Cyber Security Tools Are New Targets for Attackers, including Nation-State Actors
-Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
-Common Tactics Used by Threat Actors to Weaponise PDFs
-Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
-Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
-71% of Organisations are Impacted by Cyber Security Skills Shortage
-Multiple Schools Hit by Cyber Attacks Before Term Begins
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Than Half of UK Organisations Know They Aren’t Well Protected
According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.
Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.
Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.
Sources: [IT Security Guru][Beta News]
Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare
A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.
The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.
For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.
Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]
Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]
Businesses Ignore Incident Response at Their Peril
According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.
Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.
One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it.
Source: [Infosecurity Magazine]
Blame Culture: An Organisation’s Ticking Time Bomb
An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.
Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.
Source: [ IT Security Guru]
Spend to Save: CFOs and Cyber Security Investment
For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.
When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.
Source: [Security Intelligence]
Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors
An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.
Source: [News Week]
Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.
Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Source: [The Register] [Tech Monitor]
Common Tactics Used by Threat Actors to Weaponise PDFs
PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.
Source: [Cyber Security News]
Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.
The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.
Source: [The Register]
Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability. Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.
Source: [IT Security Guru]
71% of Organisations are Impacted by Cyber Security Skills Shortage
Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.
Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.
Source: [Security Magazine] [Digital Journal]
Multiple Schools Hit by Cyber Attacks Before Term Begins
Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.
The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
The importance of CISOs is not recognised by senior leadership - IT Security Guru
Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
SEC tells companies to “show their work” on cyber security - Red Canary
Cyber security: a life cycle, not a destination | Hydrocarbon Engineering
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Compliance budgets under strain as inflation and workload grow - Help Net Security
Cyber Security pros battle discontent amid skills shortage - Help Net Security
CISOs weigh in on building security-focused culture | Healthcare IT News
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Attackers access military data through fencing supplier • The Register
Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)
Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Killware vs. Ransomware: What's the Difference? (makeuseof.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)
Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)
How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)
Ransomware Victims
LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)
Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)
Debenham High School IT system hit by cyber attack - BBC News
Highgate Wood School delays term by 6 days after cyber attack | This Is Local London
Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle
Ransomware gang claims credit for Sabre data breach | TechCrunch
Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)
Phishing & Email Based Attacks
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
Spam is up, QR codes emerge as a significant threat vector - Help Net Security
From unsuspecting click to data compromise - Help Net Security
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)
Other Social Engineering; Smishing, Vishing, etc
Emerging threat: AI-powered social engineering - Help Net Security
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Artificial Intelligence
Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)
AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)
Emerging threat: AI-powered social engineering - Help Net Security
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)
It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE
Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)
UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)
Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK
Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)
How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)
3 ways to strike the right balance with generative AI - Help Net Security
Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Malware
Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)
'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)
Malware configurations How to find and use them? (govinfosecurity.com)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)
New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Mobile
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld
Botnets
Denial of Service/DoS/DDOS
DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA
BYOD
Internet of Things – IoT
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
Connected cars and cyber crime: A primer - Help Net Security
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
Why consumer drones represent a special cyber security risk (securityintelligence.com)
Like privacy? Then smart devices are a dumb idea • The Register
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
Data Breaches/Leaks
Electoral Commission failed basic security test before hack - BBC News
Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)
Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)
Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)
Thousands of Popular Websites Leaking Secrets - SecurityWeek
Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)
Northern Ireland police chief quits in wake of data breach • The Register
Lawsuit blames Tesla for data breach it sued ex-staff over • The Register
Organised Crime & Criminal Actors
Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru
Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)
It might be too soon to claim victory against Qakbot | Computer Weekly
Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Cyber criminals target graphic designers with GPU miners (talosintelligence.com)
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru
Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security
Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Impersonation Attacks
'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Deepfakes
Emerging threat: AI-powered social engineering - Help Net Security
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
AML/CFT/Sanctions
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Insurance
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Dark Web
Supply Chain and Third Parties
Attackers access military data through fencing supplier • The Register
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Supply chain related security risks, and how to protect against them (malwarebytes.com)
5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Creating a more cyber secure supply chain requires group effort - FreightWaves
Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)
Software Supply Chain
Cloud/SaaS
Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Hybrid/Remote Working
Attack Surface Management
What OSINT is, and why it’s dangerous | Kaspersky official blog
Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE
Top 10 riskiest assets threatening global business - IT Security Guru
Encryption
Government denies U-turn on encrypted messaging row - BBC News
UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop
API
Open Source
Software industry urged to assume risk on open source security | CIO Dive
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica
Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
75% of education sector attacks linked to compromised accounts - Help Net Security
Social Media
Malvertising
Parental Controls and Child Safety
Children's snack recalled after its website caught serving porn (bleepingcomputer.com)
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Regulations, Fines and Legislation
An Overview of ENISA’s Risk Management Standards Report | UpGuard
SEC tells companies to “show their work” on cyber security - Red Canary
Verizon to pay feds $4M over cyber security lapse | Light Reading
Government denies U-turn on encrypted messaging row - BBC News
UK drops 'spy clause' for scanning encrypted messages • The Register
Models, Frameworks and Standards
An Overview of ENISA’s Risk Management Standards Report | UpGuard
CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security
Explaining The New NIST Cyber Security Framework to the C-Suite
Backup and Recovery
Careers, Working in Cyber and Information Security
71% of organisations are impacted by cyber security skills shortage | Security Magazine
Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV
6 free resources for getting started in cyber security - Help Net Security
Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop
Cyber security pros battle discontent amid skills shortage - Help Net Security
Law Enforcement Action and Take Downs
It might be too soon to claim victory against Qakbot | Computer Weekly
Cops drill into chat apps to thwart coke-smuggling ring • The Register
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)
Attackers access military data through fencing supplier • The Register
Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)
Big Tech failed to police Russian disinformation: EU study • The Register
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
China
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
How Microsoft's highly secure environment was breached (malwarebytes.com)
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
German companies report more cyber attacks from Russia, China | Meta.mk
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica
South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times
Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)
Iran
Hackers push anti-Iranian government messages to millions via breached app | CyberScoop
Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)
North Korea
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)
Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
North Korean hackers target security researchers with new zero-day (therecord.media)
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Misc Nation State/Cyber Warfare
Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Vulnerability Management
Years-old Microsoft bugs are still hot targets for criminals • The Register
Old vulnerabilities are still a big problem - Help Net Security
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Vulnerabilities
Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)
Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News
Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)
Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek
Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)
ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Cisco SSO authentication bug patched - Security - Networking - iTnews
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Security or performance? Zenbleed forces you to choose | Digital Trends
Tools and Controls
Many businesses still aren't using BYOD protection | TechRadar
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
An Overview of ENISA’s Risk Management Standards Report | UpGuard
IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Dangling DNS Used to Hijack Subdomains of Major Organisations - SecurityWeek
Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)
Cut through cyber security vendor hype with these 6 tips | TechTarget
IAM, cloud security to drive new cyber security spending | CSO Online
Best practices for implementing a proper backup strategy - Help Net Security
Other News
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News
Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog
Insecure by design: What you need to know about defending critical infrastructure | CSO Online
Half of Switzerland's large companies have been the victim of a cyber attack | Euronews
Dangling DNS Used to Hijack Subdomains of Major Organizations - SecurityWeek
Securing the future: Safeguarding cyber-physical systems | CSO Online
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy - SecurityWeek
Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com
10 old-school security principles that (still) rule | CSO Online
Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 June 2022
Black Arrow Cyber Threat Briefing 03 June 2022
-Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage
-Ransomware Attacks Still The #1 Threat to Businesses and Organisations
-Third of UK Firms Have Experienced a Security Breach Since 2020
-There Is No Good Digital Transformation Without Cyber Security
-Ransomware Gang Now Hacks Corporate Websites to Show Ransom Notes
-Attackers Are Leveraging Follina, a Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?
-Ransomware Attacks Need Less Than Four Days to Encrypt Systems
-57% Of All Digital Crimes In 2021 Were Scams
-Intelligence Is Key to Strategic Business Decisions
-How Cyber Criminals Are Targeting Executives at Home and Their Families
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Turbulent Cyber Insurance Market Sees Rising Prices And Sinking Coverage
As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.
Chaos reigns in the cyber insurance market. Brokers and cyber insurance carriers — the companies that actually offer the policies — are tightening requirements on what applicants need to do to obtain policies due to losses the insurers have suffered from ransomware coverage. During the past year, premiums grew 18% in the first quarter of 2021 and were up 34% in the fourth quarter of 2021, according to Jess Burn, senior analyst at Forrester.
Organisations often find they cannot obtain cyber insurance, are not being renewed for coverage they already have, or are faced with soaring prices and shrinking coverage. Despite the value many organisations put on cyber insurance — in some cases, they're required to carry it to comply with regulations — obtaining such policies is getting more difficult.
While raising premiums, some insurers are reducing coverage. If an organisation bought $10 million worth of coverage for a given price in 2021, for example, renewing that policy in 2022 might see the coverage amount fall to $3 million and the premiums for that lower coverage rise. This phenomenon is due, in part, to insurers trying to strike the right balance of customers' risk profile versus their risk-mitigation efforts.
Ransomware Attacks Still The #1 Threat To Businesses And Organisations
In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organisations worldwide.
High-profile attacks disrupted operations of companies in various sectors.
For example, the Colonial Pipeline attack interrupted critical infrastructure, the JBS Foods attack influenced food processing, and the CNA breach disrupted the insurance industry.
Following the attacks, pressure of law enforcement on ransomware gangs intensified, though simultaneously these threat actors continued to evolve.
They are not only becoming more technologically sophisticated but are also extensively leveraging the growing cyber crime ecosystem looking to find new partners, services and tools for their operations.
https://www.helpnetsecurity.com/2022/05/30/ransomware-trends-video/
Third Of UK Firms Have Experienced A Security Breach Since 2020
Cyber threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC.
The consulting giant’s latest Global Economic Crime Survey revealed that nearly two-thirds (64%) of UK businesses experienced fraud, corruption or other economic/financial crime during the past 24 months, a significant increase on the 56% recorded in 2020, and 50% in 2018.
It’s also much higher than the 2022 global average of 46%, PwC said.
Cyber crime was the most commonly reported fraud type, although figures here dropped from 42% in 2020 to 32% in 2022. Included for the first time in the report, supply chain incidents accounted for 19%.
Most (51%) reported fraud cases in the UK were traced back to external parties, versus just 43% globally. The top three culprits were cited as customers, hackers and vendors/suppliers.
https://www.infosecurity-magazine.com/news/third-uk-security-breach-2020/
There Is No Good Digital Transformation Without Cyber Security
Network engineers and CIOs agree that cyber security issues represent the biggest risk for organisations that fail to put networks at the heart of digital transformation plans. According to research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the US, UK, France, Germany, and Australia rank cyber security among the list of their biggest risks.
The concerns are fuelled by an escalating number of cyber attacks. In fact, 61% of CIOs report an increase in cyber security attacks/breaches from 2020-21 compared to the preceding two years. For digital transformation of networking, 70% of network engineers say security is the most important focus area, and 31% say network security is their biggest networking priority.
Digital transformation is a priority, but cyber security risk remains. CIOs also understand the importance of the issues. 51% of network engineers say their CIOs have consulted them on investments to deliver digital transformation plans, the highest priority in the survey.
What’s more, 41% of CIOs rank cyber security among their organisation’s most important investment priorities over the next year, with 35% stating it is among the biggest over the next five years. In both cases, cyber security ranks higher than any other factor.
https://www.helpnetsecurity.com/2022/05/31/digital-transformation-cybersecurity-risk/
Ransomware Gang Now Hacks Corporate Websites To Show Ransom Notes
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes.
This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid.
When ransomware gangs extort a victim, they typically give them a short window, usually a few weeks, to negotiate and pay a ransom before they start leaking data.
During this negotiation process, the threat actors promise to keep the attack secret, provide a decryption key, and delete all data if a ransom is paid.
After this period, the threat actors will use various methods to increase pressure, including DDoS attacks on corporate websites, emailing customers and business partners, and calling executives with threats.
These tactics are all done privately or with minimal exposure on their data leak sites, which are usually only visited by cyber security researchers and the media.
However, this is the first time we have seen a ransomware gang defacing a website to very publicly display a ransom note.
Attackers Are Leveraging Follina, A Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.
Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwhelming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.
https://www.helpnetsecurity.com/2022/06/03/patch-cve-2022-30190/
Ransomware Attacks Need Less Than Four Days To Encrypt Systems
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.
This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.
At the same time, improvements in incident response and threat detection have forced threat actors to move quicker, to leave defenders with a smaller reaction margin.
The data was collected by researchers at IBM's X-Force team from incidents analysed in 2021. They also noticed a closer collaboration between initial access brokers and ransomware operators.
Previously, network access brokers might wait for multiple days or even weeks before they found a buyer for their network access.
In addition, some ransomware gangs now have direct control over the initial infection vector, an example being Conti taking over the TrickBot malware operation.
Malware that breaches corporate networks is quickly leveraged to enable post-exploitation stages of the attack, sometimes completing its objectives in mere minutes.
57% Of All Digital Crimes In 2021Were Scams
Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cyber crime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups.
The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cyber criminals in one scam gang increased 10 times compared to 2020 and now reaches 100.
Traffic has become the circulatory system of scam projects: researchers emphasise that the number of websites used for purchasing and providing “grey” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.
https://www.helpnetsecurity.com/2022/05/31/scams-widespread-cyber-threat/
Intelligence Is Key To Strategic Business Decisions
Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making. Currently just 18% of professionals responsible for security, risk, or compliance in their organisation feel that the intelligence they receive is “very specific and focused on their business”, a S-RM research reveals.
6 in 10 respondents also say the intelligence they receive takes too much time to analyse, meaning it does not always result in better informed decision making. This was the top reason behind dissatisfaction with external intelligence, identified by over 200 professionals working at companies with revenues of over $250 million.
The second most likely reason was that information was not tailored to business needs (47%), followed by too much information (35%).
Growing demand for the use of strategic intelligence has been prompted by increasing cyber (51%) and regulatory concerns (50%). And while these two factors have been climbing the boardroom agenda for years, geopolitical uncertainty has made the need to respond to these developments more acute. In particular, the Russia-Ukraine conflict has created a complex sanctions regime for businesses to operate.
Additionally, navigating the complexities of the COVID-19 pandemic has been a key challenge for businesses in the past three years, with 40% citing this as a catalyst in driving a growing need for strategic intelligence.
https://www.helpnetsecurity.com/2022/06/03/intelligence-decision-making/
How Cyber Criminals Are Targeting Executives At Home And Their Families
Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data.
https://www.helpnetsecurity.com/2022/06/01/cybercriminals-targeting-executives-video/
Threats
Ransomware
Cyber criminals Expand Attack Radius and Ransomware Pain Points | Threatpost
FBI, CISA warn: Don't get caught in Karakurt's web • The Register
Conti ransomware targeted Intel firmware for stealthy attacks (bleepingcomputer.com)
YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links (darkreading.com)
Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks (thehackernews.com)
Evil Corp switches to LockBit ransomware to evade sanctions (bleepingcomputer.com)
Ransomware attack sends New Jersey county back to 1977 • The Register
Ransomware roundup: System-locking malware dominates headlines | CSO Online
What if ransomware evolved to hit IoT in the enterprise? • The Register
How Costa Rica found itself at war over ransomware | CSO Online
Experts warn of ransomware attacks on government orgs of small states - Security Affairs
Foxconn confirms ransomware attack disrupted production in Mexico (bleepingcomputer.com)
Why Ransomware Timeline Shrinks By 94%? – Information Security Buzz
Hundreds of Elasticsearch databases targeted in ransom attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Phishing & Email Based Attacks
Watch out for phishing emails that inject spyware trio • The Register
Telegram’s blogging platform abused in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Vishing attacks: What they are and how organisations can protect themselves - Help Net Security
Beware the Smish! Home delivery scams with a professional feel… – Naked Security (sophos.com)
Malware
New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (thehackernews.com)
LuoYu APT delivers WinDealer malware via man-on-the-side attacks - Security Affairs
EnemyBot malware adds enterprise flaws to exploit arsenal • The Register
Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (thehackernews.com)
Logic bombs explained: Definition, examples, and prevention | CSO Online
Mobile
Top 10 Android banking trojans target apps with 1 billion downloads (bleepingcomputer.com)
WhatsApp accounts hijacked by call forwarding | Malwarebytes Labs
SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (thehackernews.com)
SMSFactory Android malware sneakily subscribes to premium services (bleepingcomputer.com)
Phishers Having a Field Day on WhatsApp, Telegraph (darkreading.com)
Apple blocked 1.6 millions apps from defrauding users in 2021 (bleepingcomputer.com)
Organised Crime & Criminal Actors
FBI warns of Ukrainian charities impersonated to steal donations (bleepingcomputer.com)
Euro Cops Bust $47m Money Laundering Operation - Infosecurity Magazine (infosecurity-magazine.com)
Three Nigerian Users of Agent Tesla RAT Arrested | SecurityWeek.Com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Americans report losing over $1 billion to cryptocurrency scams (bleepingcomputer.com)
Clipminer malware gang stole $1.7M by hijacking crypto payments (bleepingcomputer.com)
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack (bleepingcomputer.com)
WatchDog hacking group launches new Docker cryptojacking campaign (bleepingcomputer.com)
Fraud, Scams & Financial Crime
$39.5 billion lost to phone scams in last year - Help Net Security
Britain's biggest bank issues 'urgent warning' over new scam (telegraph.co.uk)
Scams account for most of all financially motivated cyber crime - Help Net Security
AML/CFT/Sanctions
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Open Source
Linux malware is on the rise—6 types of attacks to look for | CSO Online
The Open Source Software Security Mobilization Plan: Takeaways for security leaders | CSO Online
Privacy
Vodafone plans carrier-level user tracking for targeted ads (bleepingcomputer.com)
Europe's hope to scan devices for unlawful files criticized • The Register
Passwords & Credential Stuffing
Regulations, Fines and Legislation
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NSA general confirms US offensive cyber ops in Ukraine war • The Register
Deadly Secret: Electronic Warfare Shapes Russia-Ukraine War | SecurityWeek.Com
Anonymous: Operation Russia after 100 days of war - Security Affairs
Chinese LuoYu hackers deploy cyber-espionage malware via app updates (bleepingcomputer.com)
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
China-linked TA413 group actively exploits Microsoft Follina Zero-Day flawSecurity Affairs
Chinese state media propaganda found in 88% of Google, Bing news searches - CyberScoop
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (thehackernews.com)
How Beijing’s surveillance cameras crept into Britain’s corridors of power (telegraph.co.uk)
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
CISA adds 75 vulnerabilities to catalogue in 3 days- IT Security Guru
Fighting Follina: Application Vulnerabilities and Detection Possibilities (darkreading.com)
Yet another zero-day (sort of) in Windows “search URL” handling – Naked Security (sophos.com)
Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover (darkreading.com)
Microsoft Azure vulnerabilities pose new cloud security risk - Protocol
GitLab Issues Security Patch for Critical Account Takeover Vulnerability (thehackernews.com)
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email (thehackernews.com)
Sector Specific
Financial Services Sector
Government
Health/Medical/Pharma Sector
Twice as Many Healthcare Organisations Now Pay Ransom - Infosecurity Magazine
Novartis says no sensitive data was compromised in cyber attack (bleepingcomputer.com)
Costa Rica’s public health agency hit by Hive ransomware (bleepingcomputer.com)
Transport and Aviation
CNI, OT, ICS, IIoT and SCADA
Food and Agriculture
Web3
Other News
How Failing to Prioritize Cyber Security can Hurt Your Company (analyticsinsight.net)
Bad news: The cyber security skills crisis is about to get even worse | ZDNet
Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks - Infosecurity Magazine
CIOs and network engineers rank cyber security among the biggest risks - Help Net Security
How USB Drives Can Be a Danger to Your Computer (howtogeek.com)
Australian digital driver's licenses hackable in minutes • The Register
Over 3.6 million MySQL servers found exposed on the Internet (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.