Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Over Half of Companies Experienced Cyber Security Incidents Last Year

According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.

Sources: [Beta News] [Verdict]

Deepfake Video Conference Costs Business $25 Million

There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.

Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]

Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High

Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.

Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]

Malware-as-a-Service Now the Top Threat to Organisations

Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.

Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]

Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances

A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.

Sources: [The FinTech Times] [ Help Net Security]

Chinese State Hackers Hid in National Infrastructure for at Least 5 Years

US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.

Sources: [NTD] [Washington Times]

Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor

Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.

The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.

Sources: [New Electronics] [TechRadar]

Security Leaders, C-Suite Unite to Tackle Cyber Threats

A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.

Source: [Security Boulevard]

UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons

UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.

Source: [The Guardian]

What Does a ‘Cyber Security Culture’ Actually Entail?

Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.

Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.

Source: [ITPro Today]

Beyond Checkboxes: Security Compliance as a Business Enabler

In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.

Source: [Forbes]

No One in Cyber Security Is Ready for the SolarWinds Prosecution

The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.

Source:[Council on Foreign Relations]

Governance, Risk and Compliance

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)

• What Goes Into a Strong Cyber Security Culture? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard

• The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard

• Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)

• How CISOs navigate policies and access across enterprises - Help Net Security

• Resisting Hindsight Bias: A Proposed Framework for CISO Liability - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• The ransomware business is booming, even as enforcers shut down some players - The Verge

• Ransomware victim numbers rose by 50% in 2023 | CSO Online

• Known ransomware attacks up 68% in 2023 | Malwarebytes

• Paying ransoms is becoming a cost of doing business for many - Help Net Security

• Ransomware Payments Hit $1bn All-Time High Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget

• The hidden cost of ransomware is more painful than many realize | ITPro

• Cohesity Reveals over 9 in 10 UK Firms Have Paid Ransoms Despite Alleged "No Pay" Stances | The Fintech Times

• Is critical infrastructure prepared for OT ransomware? • The Register

• Akira and 8Base are the ransomware gangs to watch in 2024 • The Register

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

• ‘These are threat-to-life crimes’: How hospitals are responding to a rise in ransomware attacks – NBC4 Washington (nbcwashington.com)

• NCC Group records the most ransomware victims ever in 2023 | TechTarget

• LockBit Reigns Supreme in Soaring Ransomware Landscape - Infosecurity Magazine (infosecurity-magazine.com)

• How security experts unravel ransomware (engadget.com)

• Cyber Attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

• US govt ups bounty on Hive ransomware gang members to $15M • The Register

Ransomware Victims

• Industry giants Clorox and Johnson Controls report financial losses from cyber attacks (therecord.media)

• Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Lurie Children's Hospital cyber attack forces systems offline • The Register

• Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)

• Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? | Lamorna Ash | The Guardian

• California union confirms ransomware attack following LockBit claims (therecord.media)

• Another Chicago hospital announces cyber attack (therecord.media)

• Scots care charity target of huge cyber attack - TFN

• Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)

Phishing & Email Based Attacks

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)

• 222% surge in email attacks during 2023

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• South African Railways Lost Over $1M in Phishing Scam (darkreading.com)

• These were the most common phishing emails of 2023 — make sure you don't get caught out as well | TechRadar

Artificial Intelligence

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• Could a threat actor socially engineer ChatGPT? (securityintelligence.com)

• Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)

Malware

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network (thehackernews.com)

• Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Fresh 'Mispadu Stealer' Variant Emerges (darkreading.com)

• Mini PC maker ships systems with factory-installed spyware — AceMagic says issue was contained to the 'first shipment' | Tom's Hardware (tomshardware.com)

• Raspberry Robin Evolves With Stealth Tactics, New Exploits - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek

• 'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Top Mobile App Security Risks | MSSP Alert

• February 2024 Android security patch here for Pixels - Android Authority

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Warning from LastPass as fake app found on Apple App Store | Malwarebytes

• Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)

• This Android malware can steal all your photos and texts without being opened — how to stay safe | Tom's Guide (tomsguide.com)

Denial of Service/DoS/DDOS

• That electric toothbrush DDoS story you saw might have been a case of mistranslation | ITPro

Internet of Things – IoT

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Global cities unprepared for emerging risks warns study

• Understanding the Connection Between IoT Vulnerabilities and Home Network Intrusions - Security Boulevard

• As Smart Cities Expand, So Do the Threats (darkreading.com)

Data Breaches/Leaks

• AnyDesk forces password reset for customers as 18k credentials go up for sale online | SC Media (scmagazine.com)

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)

• Alleged data breach sees names, addresses and phone numbers of serving police staff shared on email - North Wales Live (dailypost.co.uk)

• Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch

• FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek

• 'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)

• Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)

• Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek

• Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)

• Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)

• Data of half the population of France stolen in its largest ever cyber attack. This is what we know | Euronews

• HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch

Organised Crime & Criminal Actors

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• As-a-Service tools empower criminals with limited tech skills - Help Net Security

• Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)

• Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)

• Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pig-butchering scams morph into DeFi threats (cointelegraph.com)

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

Insider Risk and Insider Threats

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• How bias can undermine insider threat monitoring | TechRadar

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• Engineer accused of stealing secret US government tech used to detect nuclear missile launches (nbcnews.com)

Supply Chain and Third Parties

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Removing the weakest link: Strengthen the security of your supply chain (techuk.org)

Cloud/SaaS

• Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

• Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing

Identity and Access Management

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

Encryption

• Raspberry Pi Pico cracks BitLocker in under a minute • The Register

Linux and Open Source

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

Social Media

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook fatal accident scam still rages on | Malwarebytes

Regulations, Fines and Legislation

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)

• Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say (databreaches.net)

• No one's happy with latest US cyber incident reporting plan • The Register

• 2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard

Models, Frameworks and Standards

• Exploring NIST Cyber Security Framework 2.0 - Help Net Security

Careers, Working in Cyber and Information Security

• Combatting Stress In The Cyber Security Industry (forbes.com)

• IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)

Law Enforcement Action and Take Downs

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• Romance fraudster jailed after conning women out of £300k - BBC News

• Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica

• How security experts unravel ransomware (engadget.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Misinformation, Disinformation and Propaganda

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Report Details Scope of Global Threat to Elections - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• NCSC and partners issue warning about state-sponsored attackers hiding out in critical infrastructure networks... - NCSC.GOV.UK

Nation State Actors

China

• Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)

• Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com

• China's Cyber Attackers Target US and Allied Militaries (newsweek.com)

• FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard

• Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)

• Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• Top US venture capitalists invest in China tech for big returns (nypost.com)

• Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times

• Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg

• Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)

Russia

• EU capitals fear Russian retaliation and cyber attacks after asset freezes – POLITICO

• The Kremlin threatens the West with years of trials and cyber attacks for trying to use its assets for Ukraine. - UBN

• Russia’s Countervalue Cyber Approach: Utility or Futility? - Carnegie Endowment for International Peace

Iran

• Designating Iranian Cyber Officials - United States Department of State

• Microsoft: Iran is refining its cyber operations | CyberScoop

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• US sanctions Iranian officials over cyber attacks on water plants - BBC News

North Korea

• Cyber attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Spyware business booming despite government crackdowns • The Register

Vulnerability Management

• How To Address OT And ICS Cyber Attack Vulnerabilities (forbes.com)

Vulnerabilities

• Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register

• Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)

• Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)

• Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)

• Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)

• Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)

• Critical vulnerability in Mastodon sparks patching frenzy • The Register

• Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)

• February 2024 Android security patch here for Pixels - Android Authority

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)

• QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek

Tools and Controls

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Close security gaps with attack path analysis and management | TechTarget

• Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard

• A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)

Reports Published in the Last Week

• Acronis Cyber Threats Report H2 2023 | Acronis Resource Center

Other News

• Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac

• Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine

• Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek

• ‘Elevated’ risk of hackers targeting UK drinking water, says credit agency | Cyber Crime | The Guardian

• What Will the Future of Cyber Security Bring? - Security Boulevard

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)

• McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)

• A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)

• Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)

• NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly

• Serious threats, unserious responses (reason.com)

• Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)

• We Need Cyber Security in Space to Protect Satellites | Scientific American

• Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly

• Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly

• How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Enterprises prepare for the inevitable cyber attack - Help Net Security

• Board Support Critical For Cyber Security Defence | Silicon UK

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• The Role of the CISO in Digital Transformation (darkreading.com)

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security—Do We See Risks Increasing? | ETF Trends

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)

• Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)

• Allianz cyber head warns ransomware is "back with a vengeance" | Insurance Business America (insurancebusinessmag.com)

• Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• The crazy world of ransomware • Graham Cluley

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (databreaches.net)

• DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

• Only 4% of UK housing associations feel sector is fully prepared for ransomware attack | Scottish Housing News

• Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)

Ransomware Victims

• Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette

• Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International

• Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)

• British Library contacts users after Rhysida leaks data • The Register

• Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News

• Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial (therecord.media)

• University of Manchester CISO Speaks Out on Summer Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)

• GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)

• English council spent £1.1 million recovering from ransomware attack (therecord.media)

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)

• Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)

• New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd

• Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)

• Ardent Health Services Grapples With Ransomware Disruption - Infosecurity Magazine (infosecurity-magazine.com)

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Top instant money provider service hacked, over a million users possibly affected | TechRadar

• Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)

Phishing & Email Based Attacks

• Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing makes up 43% of email attacks | Security Magazine

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• Organisations can't ignore the surge in malicious web links - Help Net Security

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Booking.com Customers Scammed in Novel Social Engineering Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• What custom GPTs mean for the future of phishing - Help Net Security

• A reality check on email security threats in healthcare (securitybrief.co.nz)

Artificial Intelligence

• Released: AI security guidelines backed by 18 countries - Help Net Security

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• CISA and NCSC lead efforts to raise AI security standards • The Register

• Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• Securing generative AI across the technology stack | TechCrunch

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• What custom GPTs mean for the future of phishing - Help Net Security

• 8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)

Malware

• Implications of “malware free” attacks on SMBs (databreaches.net)

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Hacked Microsoft Word documents being used to trick Windows users | TechRadar

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - Infosecurity Magazine (infosecurity-magazine.com)

• A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)

• LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)

Mobile

• Busting 6 Myths About Mobile Device Security | MSSP Alert

• Surge in counterfeit app risk as cyber crime exploits rising digital consumption (securitybrief.co.nz)

• NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)

• 200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)

Denial of Service/DoS/DDOS

• Same threat, new stakes: DDoS in an evolving telecoms sector

Internet of Things – IoT

• Cyber pros avoid smart devices: there is a good reason | Cybernews

• Navigating IoT security in a connected world - EDN

• IoT Security Labeling Improving, But More Collaboration Needed - EE Times

Data Breaches/Leaks

• Okta security breach much worse than originally disclosed – all customers' data potentially affected | Mashable

• Nuclear lab faces niche cyber threat (computing.co.uk)

• App used by hundreds of schools leaking children's data (securityaffairs.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Gulf Air exposed to data breach, 'vital operations not affected' | Reuters

• General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Leader of Killnet 'unmasked' by Russian state media • The Register

• A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

• Security official: Romania is an exporter of cyber security in its part of the word (stiripesurse.ro)

• I'm a hacker who was jailed for a decade for heading up a cyber criminal organisation - I started the group to fight back against bullies but got hooked on the power | Daily Mail Online

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch

• US imprisons Ukrainian SSNDOB administrator for 8 years • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Insurance

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

Supply Chain and Third Parties

• Cyber attack on managed service provider potentially affects hundreds of law firms | Scottish Legal News

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• Telecom Industry Association Advances Supply Chain Security | MSSP Alert

Cloud/SaaS

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)

• Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)

• Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon

• 90+ Key Password Breach Statistics in 2023 (techreport.com)

Social Media

• Google, Meta, allege China cyber attacks • The Register

Training, Education and Awareness

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

Regulations, Fines and Legislation

• European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)

• Released: AI security guidelines backed by 18 countries - Help Net Security

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• EU considers widening scope of cyber security regulation (finextra.com)

• Newly-proposed cyber security rules could affect cloud banking services in the EU - PaymentExpert.com

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

• 5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security

• The SEC’s Fraud Suit Against SolarWinds: 3 Cyber security Action Items for Companies to Consider | Orrick, Herrington & Sutcliffe LLP - JDSupra

• False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs

Models, Frameworks and Standards

• CISA Launches Project to Assess Effectiveness of Security Controls - Infosecurity Magazine (infosecurity-magazine.com)

• The challenge of adding governance as a pillar of cyber security (c4isrnet.com)

Data Protection

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

Careers, Working in Cyber and Information Security

• Information overload puts cyber security at risk (betanews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• More than half admit to ignoring cyber security alerts (itsecuritywire.com)

• Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)

• Unhappy network professionals juggling more with less - Help Net Security

Law Enforcement Action and Take Downs

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)

• CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle

• Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week

• New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

Misinformation, Disinformation and Propaganda

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors

China

• Deloitte and KPMG ask staff to use burner phones for Hong Kong trips

• Google, Meta, allege China cyber attacks • The Register

Russia

• Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)

• Leader of Killnet 'unmasked' by Russian state media • The Register

Iran

• Pennsylvania water facility hit by Iran-linked hackers | CyberScoop

• North Texas water utility serving 2 million hit with cyber attack (therecord.media)

• Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium

North Korea

• North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Hamas-linked APT uses Rust-based SysJoker backdoor against Israel (securityaffairs.com)

• Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop

• SysJoker Malware: Hamas-Related Threat Expands With Rust Variant - Infosecurity Magazine (infosecurity-magazine.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Israel’s national water company sees increase in cyber attacks since beginning of war | Ctech (calcalistech.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

Vulnerability Management

• Why it’s the perfect time to reflect on your software update policy - Help Net Security

Vulnerabilities

• Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)

• Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)

• Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security

• Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week

• Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! - Help Net Security

• PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

Tools and Controls

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News

• Building cyber resilience for tomorrow’s threats - Help Net Security

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

• What cyber security pros can learn from first responders (securityintelligence.com)

• Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert

• Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security

• Researcher flags OpenCart security issue, founder rages • The Register

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Reports Published in the Last Week

• 2023 Zscaler ThreatLabz State of Phishing Report | Zscaler

Other News

• Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360

• Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

• Microsoft is at the Heart of US National Security Systems and It’s Vulnerable: Cyber Security Expert | NTD

• Implications of “malware free” attacks on SMBs (databreaches.net)

• Reading Borough Council apologises for dodgy infosec advice • The Register

• Holiday Season Increases Cyber security Risks (forbes.com)

• Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Paris water agency targeted in cyber attack - Emerging Risks Media Ltd

• Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)

• No plain sailing: modern pirates hack superyachts' cyber security | Euronews

• Hackers Hijack Industrial Control System at US Water Utility  - Security Week

• How to Keep Cyber attacks From Taking Off (darkreading.com)

• Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)

• Japan’s space agency suffers cyber attack • The Register

• CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)

• New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief

The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.

Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn. 

But Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber was the risk to watch. “What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” Recent attacks that have disrupted hospitals, shut down pipelines and targeted government departments have all fed concern about this expanding risk among industry executives. Focusing on the privacy risk to individuals was missing the bigger picture, Greco added: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.” 

Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are exemptions written into policies for certain types of attacks. In 2019, Zurich initially denied a $100mn claim from food company Mondelez, arising from the NotPetya attack, on the basis that the policy excluded a “warlike action”. The two sides later settled. In September, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.

https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d

Your Business Should Compensate for Modern Ransomware Capabilities Right Now

The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organisations experienced a cyber security incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritised improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?

Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.

The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019).

While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organisations are at risk. And in time, all organisations will become a target, which is why it’s time for IT and business leaders to implement tough cyber security protocols.

https://venturebeat.com/security/your-business-should-compensate-for-modern-ransomware-capabilities-right-now/

• Reported Phishing Attacks Have Quintupled

In the third quarter of 2022, the international Anti-Phishing Working Group (APWG) consortium observed 1,270,883 total phishing attacks; the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.

Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.

Threat researchers at the cyber security solution provider Fortra noted a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.

In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.

Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.

https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/

• Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group

Cyber threat actors Cuba and Royal are driving a 41% boom in ransomware and other attacks hitting industry and consumer goods and services.

According to the Global Threat Intelligence team of information assurance firm NCC Group, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.

Key takeaways from the study:

• Ransomware attacks rose by 41% in November.

• Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.

• Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.

• Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)

• DDoS attacks continue to increase.

Recent examples in the services sector include the Play ransomware group’s claimed attack of the German H-Hotels chain, resulting in communications outages. This attack reportedly uses a vulnerability in Microsoft Exchange called ProxyNotShell, which as the name implies, has similarities to the ProxyShell zero-day vulnerability revealed in 2021.

Also, back on the scene is the TrueBot malware downloader (a.k.a., the silence.downloader), which is showing up in an increasing number of devices. TrueBot Windows malware, designed by a Russian-speaking hacking group identified as Silence, has resurfaced bearing Ransom.Clop, which first appeared in 2019. Clop ransomware encrypts systems and exfiltrates data with the threat that if no ransom is forthcoming, the data will show up on a leak site.

https://www.techrepublic.com/article/ransomware-ddos-major-upsurge-led-upstart-hacker-group/

• Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs

Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.

It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.

But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.

Organisations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.

However, a recent report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.

Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.

The risks include the potential for interruptions, unauthorised access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information.

https://www.darkreading.com/application-security/videoconferencing-worries-grow-with-smbs-in-cyberattack-crosshairs

• Will the Crypto Crash Impact Cyber Security in 2023? Maybe.

With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cyber security world is, how will this rapid decline of cryptocurrency valuations change the cyber crime economy?

Throughout the most recent crypto boom, and even before then, cyber criminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it's a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it's provided a ton of anonymous cover for money laundering on the back end of a range of cyber criminal enterprises.

Even so, according to cyber security experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury's still out on long-term impacts.

Regardless of crypto values, cyber criminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetise their attacks including the use by some ransomware groups taking advantage of yield farming within decentralised finance (DeFi), as an example.

The concept of yield farming is the same as lending money, with a contract in place that clearly shows how much interest will need to be paid. The advantage for ransomware groups is that the 'interest' will be legitimate proceeds, so there will be no need to launder or hide it.

Threat actors are increasingly turning toward 'stablecoins,' which are usually tied to fiat currencies or gold to stem their volatility. In many ways, the downturn in crypto values has increased the risk appetite of cyber criminals and is spurring them into more investment fraud and cryptocurrency scams.

https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe

• The Worst Hacks of 2022

The year was marked by sinister new twists on cyber security classics, including phishing, breaches, and ransomware attacks.

With the pandemic evolving into an amorphous new phase and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defences.

Technology magazine Wired looked back on the year's worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.

Russia Hacking Ukraine

For years, Russia has pummelled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country's networks. Since invading Ukraine in February, though, times have changed for some of Russia's most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access.

Twilio and the 0ktapus Phishing Spree

Over the summer, a group of researchers dubbed 0ktapus went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were US-based, but there were dozens in other countries as well.

Ransomware Still Hitting the Most Vulnerable Targets

In recent years, countries around the world and the cyber security industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialised in targeting both categories, and it focused its attacks on the education sector this year.

The Lapsus$ Rampage Continues

The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta.

LastPass

The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys.

Vanuatu

At the beginning of November, Vanuatu, an island nation in the Pacific, was hit by a cyber attack that took down virtually all of the government's digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver's license databases, and tax systems were all down.

Honourable Mention: Twitter-Related Bedlam

Twitter has been in chaos mode for months following Elon Musk's acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users' data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API.

https://www.wired.com/story/worst-hacks-2022/

• Geopolitical Tensions Expected to Further Impact Cyber Security in 2023

Geopolitics will continue to have an impact on cyber security and the security posture of organisations long into 2023.

The impact of global conflicts on cyber security was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognise that with this came the threat of Russian-backed cyber-attacks against critical national infrastructure (CNI), especially in retaliation to hefty sanctions. While this may not have materialised in the way many expected, geopolitics is still front of mind for many cyber security experts looking to 2023.

Russia has always been among a handful of states recognised for their cyber prowess and being the source of many cyber criminal gangs. As previously mentioned, we have failed to see a significant cyber-attack, at least one comparable to the Colonial Pipeline incident, in 2022. However the cyber security services provider, e2e-assure, warned: “We have underestimated Russia’s cyber capability. There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).”

NordVPN, the virtual private network (VPN) provider, warns that the cyber-war is only just starting: “With China’s leader securing his third term and Russia’s war in Ukraine, many experts predict an increase in state-sponsored cyber-attacks. China may increase cyber-attacks on Taiwan, Hong Kong, and other countries opposing the regime. Meanwhile, Russia is predicted to sponsor attacks on countries supporting Ukraine.”

We are used to seeing cyber-attacks that encrypt data and ask for ransom, but it is likely in this era of nation-state sponsored attacks we could experience attacks for the sake of disruption.

https://www.infosecurity-magazine.com/news/geopolitical-tensions-impact/

• Fraudsters’ Working Patterns Have Changed in Recent Years

Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to the identify verfication provider Onfido. Fraudsters can scale these attacks on an organisation’s systems around the clock.

It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behaviour, attack techniques, and emerging tactics.

Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.

In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.

“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cyber crime are now invariably linked,” said Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”

https://www.helpnetsecurity.com/2022/12/29/less-sophisticated-fraud/

• Hacktivism is Back and Messier Than Ever

Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.

During its brutal war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labelled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.

The unsophisticated attack—which involves flooding a website with traffic to make it inaccessible—disrupted the Parliament’s website offline for several hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organisations around the world this year, having some limited small-scale successes knocking websites offline for short periods of time. It’s been one player in a bigger hacktivism surge.

Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.

https://www.wired.com/story/hacktivism-russia-ukraine-ddos/

Threats

Ransomware, Extortion and Destructive Attacks

• Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne

• Jersey school locked out of systems as hackers demand "ransom" | Bailiwick Express Jersey

• Vice Society Ransomware Attackers Adopt Robust Encryption Methods (thehackernews.com)

• Global counter-ransomware task force to become active in January - CyberScoop

• Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (darkreading.com)

• Rackspace criticized for PR response to ransomware attack (expressnews.com)

• After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices | SC Media (scmagazine.com)

• Ransomware, DDoS see major upsurge led by upstart hacker group (techrepublic.com)

• 6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)

• Your business should compensate for modern ransomware capabilities right now | VentureBeat

• Vice Society Adds Custom-branded Payload PolyVice to its Arsenal | Cyware Alerts - Hacker News

• Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics

• Ransomware attack at Louisiana hospital impacts 270,000 patients (bleepingcomputer.com)

• The mounting death toll of hospital cyber attacks - POLITICO

• Royal ransomware claims attack on Intrado telecom provider (bleepingcomputer.com)

• Healthcare Providers and Hospitals Under Ransomware's Siege (darkreading.com)

• 2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023 - MSSP Alert

• Guardian Australia staff sent home after cyber attack takes out systems (theage.com.au)

• Queensland University hit by cyber attack | PerthNow

• Dumfries Arnold Clark garages hit by company-wide cyber attack - Daily Record

• Ransom Deadline Given By LockBit In Port Of Lisbon Attack (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Reported phishing attacks have quintupled - Help Net Security

• 6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)

Malware

• GuLoader implements new evasion techniques - Security Affairs

• PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (thehackernews.com)

• 2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux - Neowin

• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)

• New information-stealing malware is being spread by fake pirate sites | TechSpot

Mobile

• Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)

• EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer | SecurityWeek.Com

Denial of Service/DoS/DDOS

• Cyber criminals create new methods to evade legacy DDoS defences - Help Net Security

Internet of Things – IoT

• Anker admits Eufy camera security issues | TechRadar

• Smart Home Cyber security Hubs: Protecting Endpoints in Your Smarthome (compuquip.com)

• Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)

Data Breaches/Leaks

• BetMGM discloses security breach impacting 1.5 Million customers - Security Affairs

• Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)

• LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all… – Naked Security (sophos.com)

• Massive EDiscovery Provider Shut Down Over 'Unauthorized Access' - Above the LawAbove the Law

• Data of 400 Million Twitter users up for sale - Security Affairs

• Ten significant data breaches from 2022 (smartermsp.com)

• It’s all in the (lack of) details: 2022’s badly handled data breaches | TechCrunch

• Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica

Organised Crime & Criminal Actors

• 'Cyber crime has surpassed drug trafficking' - Rediff.com India News

• Labour attacks delays to online safety bill as it highlights Christmas scams | Cyber crime | The Guardian

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX collapse shows crypto is 'too dangerous' not to regulate, Bank of England deputy governor says | Business News | Sky News

• How ‘brazen’ multibillion-dollar crypto fraud fell to pieces | Business | The Times

• BTC.com lost $3 million worth of cryptocurrency in cyber attack (bleepingcomputer.com)

• Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)

• Bitcoin Mining Pool Btc.com Suffers $3 Million Cyber attack – Mining Bitcoin News

• Crypto wallet BitKeep lost over $9M over a cyber attack - Security Affairs

• Case for blockchain in financial services dented by failures | Financial Times (ft.com)

• Digital Assets Of $9.9 Million Stolen In BitKeep Cyber Attack (informationsecuritybuzz.com)

• Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)

• Scam complaints from Revolut users more than double since 2020 (telegraph.co.uk)

• Labour attacks delays to online safety bill as it highlights Christmas scams | Cyber crime | The Guardian

• Fraudsters’ working patterns have changed in recent years - Help Net Security

• Experts warn of attacks exploiting WordPress gift card plugin - Security Affairs

• North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com

• Ukraine shuts down fraudulent call center claiming 18,000 victims (bleepingcomputer.com)

Insurance

• Zurich chief warned that cyber attacks will become uninsurable - Security Affairs

Supply Chain and Third Parties

• 2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023 - MSSP Alert

Software Supply Chain

• Why Attackers Target GitHub, and How You Can Secure It (darkreading.com)

• Improving Software Supply Chain Cyber security (trendmicro.com)

Cloud/SaaS

• Google: With Cloud Comes APIs & Security Headaches (darkreading.com)

Identity and Access Management

• Enterprises waste money on identity tools they don't use - Help Net Security

• Steps To Planning And Implementation Of PAM Solutions (informationsecuritybuzz.com)

Encryption

• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not? – Naked Security (sophos.com)

API

• Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)

• Google: With Cloud Comes APIs & Security Headaches (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Extracting Encrypted Credentials From Common Tools (darkreading.com)

Biometrics

• Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica

Social Media

• TikTok User Data Has Been Compromised (giantfreakinrobot.com)

• Elon Musk ‘orders Twitter to remove suicide prevention feature’ | Twitter | The Guardian

• Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)

• TikTok parent company ByteDance revealed the use of TikTok data to track journalists - Security Affairs

• Meta settles Cambridge Analytica scandal case for $725m - BBC News

• TikTok bans haven't really banned much of anything - The Washington Post

• Twitter restores suicide prevention feature | Twitter | The Guardian

• Data of 400 Million Twitter users up for sale - Security Affairs

• Hacker claims to be selling Twitter data of 400 million users (bleepingcomputer.com)

• Piers Morgan’s Twitter account abuses queen and Ed Sheeran in apparent hack | Piers Morgan | The Guardian

• US House boots TikTok from government phones • The Register

Malvertising

• Hackers abuse Google Ads to spread malware in legit software (bleepingcomputer.com)

• Cyber criminals using search engine ads to direct users to sites with malware, FBI warns | SC Media (scmagazine.com)

Privacy

• The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)

Regulations, Fines and Legislation

• FTX collapse shows crypto is 'too dangerous' not to regulate, Bank of England deputy governor says | Business News | Sky News

• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not? – Naked Security (sophos.com)

Governance, Risk and Compliance

• IBM and 70 Global Banks Co-Create New Cyber security, Risk Framework (accelerationeconomy.com)

• Economic uncertainty compels IT leaders to rethink their strategy - Help Net Security

• 3 important changes in how data will be used and treated - Help Net Security

• 2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)

Secure Disposal

• For Sale on eBay: A Military Database of Fingerprints and Iris Scans - The New York Times (nytimes.com)

Careers, Working in Cyber and Information Security

• How to Get Your First Job in InfoSec (freecodecamp.org)

• IT Jobs: How To Become An Information Security Analyst (informationsecuritybuzz.com)

• ‘There's a career in cyber security for everyone,’ Microsoft Security CVP says | Fortune

Law Enforcement Action and Take Downs

• Ukraine shuts down fraudulent call centre claiming 18,000 victims (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)

• Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian

• The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)

• Meta settles Cambridge Analytica scandal case for $725m - BBC News

• 78% of Employers Are Using Remote Work Tools to Spy on You (entrepreneur.com)

• Germany: Police surveillance software a legal headache – DW – 12/22/2022

Artificial Intelligence

• Code-generating AI can introduce security vulnerabilities, study finds | TechCrunch

• AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• 2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)

• Ukraine marks a turning point for cyberwarfare – POLITICO

• Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians | WIRED

• Hacktivism Is Back and Messier Than Ever | WIRED

• Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU

• Ukrainian Hackers Gather Data on Russian Soldiers, Minister Says - Bloomberg

• North Korean hackers targeted nearly 1,000 South Korean foreign policy experts

• German double agent ‘passed Ukraine intelligence to Russia’ (telegraph.co.uk)

Nation State Actors

Nation State Actors – Russia

• Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU

• Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave – EURACTIV.com

Nation State Actors – China

• US House boots TikTok from government phones • The Register

• Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian

• Chinese-backed company instructs US law firm after UK blocked microchip factory takeover (telegraph.co.uk)

Nation State Actors – North Korea

• BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (thehackernews.com)

• North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com

• North Korean hacking outfit impersonating venture capital firms | SC Media (scmagazine.com)

• North Korean hackers targeted nearly 1,000 South Korean foreign policy experts

Nation State Actors – Iran

• An Iranian group hacked Israeli CCTV cameras, defence was aware but didn’t block it - Security Affairs

Nation State Actors – Misc

• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)

Vulnerability Management

• Log4Shell remains a big threat and a common cause for security breaches | CSO Online

• After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices | SC Media (scmagazine.com)

Vulnerabilities

• Patch now: Serious Linux kernel security hole uncovered | ZDNET

• Microsoft Patches Azure Cross-Tenant Data Access Flaw | SecurityWeek.Com

• Critical Linux Kernel flaw affects SMB servers with ksmbd enabled - Security Affairs

• Critical “10-out-of-10” Linux kernel SMB hole – should you worry? – Naked Security (sophos.com)

• Log4Shell remains a big threat and a common cause for security breaches | CSO Online

• Thousands of Citrix servers vulnerable to patched critical flaws (bleepingcomputer.com)

• Netgear warns users to patch recently fixed WiFi router bug (bleepingcomputer.com)

• CISA Warns of Active exploitation of JasperReports Vulnerabilities (thehackernews.com)

• Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers | SecurityWeek.Com

Tools and Controls

• Understanding current XDR elements and options | TechTarget

Other News

• Cyber crime Top 10 Rankings: China is No. 1 While US Records Highest Rate of Security Breaches - MSSP Alert

• AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews

• Review: 10 Biggest Hacks And Cyber Security Threats Of 2022 (informationsecuritybuzz.com)

• Modern technology and cyber recovery will intersect in the next generation of attacks - Help Net Security

• New information-stealing malware is being spread by fake pirate sites | TechSpot

•  Ten significant data breaches from 2022 (smartermsp.com)

• Trend Micro: Expect 2023 to Bring Uncertainty to Cyber Attackers and Defenders - MSSP Alert

• After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (darkreading.com)

• Top 10 Cyber Security Predictions For 2023 Based On Expert Responses (informationsecuritybuzz.com)

• The Five Stories That Shaped Cyber security in 2022 | SecurityWeek.Com

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.