Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Despite Recent NCA and FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

There has been a lot of high profile coverage this week of the infamous and prolific LockBit gang’s infrastructure having been seized by law enforcement following an international Police operation led by the UK’s National Crime Agency. Whilst the international operation shows the seriousness of the matter, and the success of the operation should be celebrated, those celebrations should be muted and organisations should not become lax. Like the Hydra of Greek mythology, when one head disappears, a few more appear in its place. Ransomware really is a case of if, not when, and your organisation needs to be prepared.

Further, a recent threat report has found that the median ransom demand rose by 20% year on year, hitting an average of $600,000 and it is expected that 2024 will be even more volatile. Ransomware groups are expanding their target lists and exploring new pressure tactics in response to increasingly effective law enforcement efforts, and this is coupled with the increasing regulatory impact on organisations.

Sources: [Sky News] [GOV Infosecurity] [Bleeping Computer] [Infosecurity Magazine] [Cyber Reason]

The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

In the latest IBM X-Force Threat Intelligence Index, it was revealed that basic security issues remain the most significant threat to enterprises. Cyber criminals are increasingly turning to credential stuffing, using and exploiting valid accounts harvested from the darkweb and previous breaches, with a 266% uptick in info-stealing malware. This tactic is harder to detect and elicits a costly response from enterprises. On the other hand, it is also important to adopt an attacker mindset for effective security. Understanding the attacker’s tools, motives, and efforts can help in limiting access, compartmentalising the impact of any successful attack, and minimising the time to attack detection. In essence, while organisations continue to grapple with complex cyber threats, the biggest security problem boils down to the basic and the already known. Therefore, it is crucial to focus on strengthening basic security measures and thinking like an attacker to proactively mitigate the risk for a more secure attack surface.

Source: [Help Net Security] [Forbes]

Reevaluating Your Cyber Security Priorities

Both technology and cyber criminals are evolving, yet many companies and organisations are not. For many corporate leaders, they may not know where to begin. Organisations looking to evolve their cyber security posture should look to elevate cyber to the C-suite and board, conduct audits of their sensitive information, create or update and test their incident response plan and finally, revisit their cyber hygiene training to ensure it is doing more than just ticking boxes. Organisations doing the above will find themselves improving their cyber security posture, and mitigating their risk to threats.

Source: [Dark Reading]

Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

A new study has found that extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are amongst the greatest threats to cyber security defences currently. The report, conducted by Mimecast, highlights how individual ransom groups have claimed over 1,000 victims and over $300 million in payments. Regarding SMBs, the report found that these businesses encountered twice the normal number of threats, at over 30 threats per user, as compared to larger companies who saw approximately 15. Not only are SMBs at more risk, but they also do not have the same resources a large company would have to mitigate such threats. SMBs must be efficient in the way they prioritise and address their cyber risk as part of their larger risk management strategy.

Sources: [Emerging Risks] [The HR Director]

Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

A new report has found that the number of reported cyber breaches on UK law firms has increased 30% from the previous year, as attackers increasingly target the profession. As a note, this does not include firms who may be unaware that they have been breached. Law firms are an attractive target to attackers due to the sensitive information such as M&A activity, divorce information and big ticket litigation; many attackers believe that law firms will pay handsomely to have this data back.

Sources: [Emerging Risks] [Legal Cheek]

It’s Not Only Ransomware Seeing Huge Rises: Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise. Is Your Business Prepared?

A recent report found that business email compromise (BEC) saw a staggering increase of 10 time the amount compared to the previous year. BEC involves a genuine business email account being compromised by a threat actor; this could be your supplier, a client, or anyone you have legitimate contact with. With such an increase, organisations must consider if they would be able to spot and mitigate BEC in their corporate environment through robust operational controls such as callback procedures for example. Due to the rise in deep fake fraud with voice cloning and video, the efficacy of traditional safeguards such as callbacks are not providing the assurance they once did. Firms and employees need to be on their guard to these changing tactics to safeguard the business.

Source: [TechRadar]

Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

Phishing remains one of the most prevalent cyber security threats, and with the emergence of artificial intelligence it is only going to carry on getting worse. According to a recent report, the number of deepfake fraud attempts rose by 3,000%. In one instance, the CEO of an energy enterprise sent €220,000 to a supplier after getting a call from the parent company’s leader requesting the exchange; the call was a deepfake.

Source: [HackerNoon]

Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever. New Report Signals the Threats to Businesses, Supply Chains, and Democracy

A recent report from CrowdStrike sheds light on the increasing speed and sophistication of cyber attacks. Breakout times have plummeted to an average of 62 minutes, with a record time of just two minutes and seven seconds observed. Hackers are now targeting the cloud, exploiting its vulnerabilities and leveraging AI assistance to escalate attacks. The human factor remains a primary entry point for threat actors, with social engineering and phishing campaigns on the rise. As organisations transition to the cloud, threat actors follow suit, with cloud intrusions soaring by 75%. CrowdStrike warns of state-sponsored adversaries targeting critical elections, emphasising the need for a platform-based approach bolstered by threat intelligence to safeguard against evolving threats.

Source: [TechRadar]

Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

A report by Cofense has found a 105% increase in malicious emails that successfully bypassed Secure Email Gateways (SEGs), with approximately one malicious email navigating their way past SEGs every 57 seconds. The report suggests that phishing efforts are outpacing that of SEGs, and such phishing efforts are responsible for 90% of data breaches. Whilst SEGs may be filtering out a number of malicious emails, they, like everything in cyber security, are not a silver bullet. Organisations should not fall foul of believing that they are impenetrable because they have a SEG.

Sources: [SiliconANGLE] [Security Magazine] [Help Net Security]

Rising Cyber Threats Identified as Major Business Risk for 2024

In the latest Allianz risk barometer, cyber incidents have been identified as the most significant concern for companies globally in 2024. This is particularly true for remote desktop connections, which have become a prime target for cyber attacks since the shift to a work-from-home environment. The report also highlights that the risk landscape is being shaped by digitalisation, climate change, and geopolitical uncertainties. Meanwhile, a report from Coalition reveals that the cyber attack surface has expanded due to new ways of working. The report found that smaller businesses often lack the resources to prepare for a wide range of risk scenarios, which can lead to longer recovery times after an unexpected incident. These findings underscore the importance of robust cyber security measures and the need for continuous monitoring and improvement of an organisation’s digital defences.

Sources: [Reinsurance News] [Allianz]

Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

A huge leak of data from a Chinese cyber security firm, iSoon, has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including the likes of foreign governments, and the leak shows this has been going on for years. Since the release, CrowdStrike has drawn overlaps between the firm and multiple known Chinese threat actors who are well resourced and conduct attacks over an extended period (referred to as advanced persistent threats, APTs). Among some of the 500 leaked documents are product manuals, lists of clients and employees, and WeChat instant messages. The leaks show over 14 governments have been attacked, as well as gambling and telecommunications companies.

Sources: [Dark Reading] [The Guardian]

Fifth of British Kids Have Broken the Law Online

In a recent study by the UK National Crime Agency (NCA), one in five children aged 10 to 16 have engaged in online offences with the figure rising to 25% among online gamers. These "low-level" cyber crimes, such as attempting to access protected servers or launching distributed denial of service (DDoS) attacks, may not be perceived by young individuals as violating the Computer Misuse Act. The consequences, however, are severe, including potential arrest, criminal records, and restrictions on future opportunities. The NCA stresses the importance of educating both children and adults about the legal and ethical implications of such actions, highlighting the transition from minor offences to more serious cyber crimes. With a significant shortage of cyber security professionals globally, fostering positive digital skills among young individuals is crucial for meeting industry demands and deterring cyber crime. Parents, teachers, and children are encouraged to explore resources provided by the NCA's Cyber Choices website to prevent inadvertent involvement in illegal online activities.

Source: [Infosecurity Magazine]

Over 40% of Firms Struggle with Cyber Security Talent Shortage

A recent report from Kaspersky has unveiled a critical global challenge: over 40% of companies are struggling to fill essential cyber security roles, with information security research and malware analysis roles particularly affected. This scarcity is felt most acutely in Europe and Latin America. Roles within security operations centres (SOCs) and network security are also understaffed, with figures around 35% and 33% respectively. The government sector faces the most significant demand for cyber security experts, followed closely by the telecoms and media sectors. While efforts like offering competitive salaries and enhanced training are underway, the gap persists due to the rapid pace of technological advancement outstripping educational initiatives. The report emphasises the need for innovative solutions to bridge this shortfall, highlighting recruitment, training, and technological advancements as key components of a comprehensive strategy to bolster cyber security resilience in the face of evolving threats.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever | TechRadar

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• Cyber security professionals admit “knowledge gaps” have led to serious security blunders | ITPro

• The old, not the new: Basic security issues still biggest threat to enterprises - Help Net Security

• Cyber threat environment more dangerous then ever - Mimecast (emergingrisks.co.uk)

• Over two-thirds of IT security decision-makers report an increase in cyber security budgets for 2024 | IT Reseller Magazine (itrportal.com)

• Geopolitical tension, extortion and attacks present biggest cyber security risks | theHRD (thehrdirector.com)

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Barracuda report highlights rise of high-risk business security threats in 2023 (securitybrief.co.nz)

• Coalition report reveals rising cyber threats amidst business vulnerabilities - Reinsurance News

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• Thinking Like An Attacker—Another Look At Enterprise Security (forbes.com)

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• The evolution of the CISO - Compare the Cloud

• How CISOs Balance Business Growth, Security in Cyber Threat Landscape (darkreading.com)

• Allianz Risk Barometer: Identifying the major business risks for 2024

• How to mitigate C-Suite cyber risks | Professional Security

• Why cyber security can boost organisational innovation | TechRadar

• 4 Key Steps to Reevaluate Your Cyber Security Priorities (darkreading.com)

• Cyber security success -- elevate your defence against cyber threats (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransom demands surge by 20% in 2023, hitting key industries hardest - SiliconANGLE

• Police arrests LockBit ransomware members, release decryptor in global crackdown (bleepingcomputer.com)

• LockBit takedown is a “huge win for law enforcement”, but let’s not celebrate too soon, security experts warn | ITPro

• LockBit Attempts to Stay Afloat with a New Version (trendmicro.com)

• LockBit registered nearly 200 "affiliates" over the past two years | TechRadar

• 2024 will be a volatile year for cyber security as ransomware groups evolve - Help Net Security

• Ransomware Experts See Problems With Banning Ransom Payments (govinfosecurity.com)

• Initial Ransomware Demands Jump 20% to $600,000 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: True Cost to Business 2024 (cybereason.com)

• Ransomware and BEC are seeing a huge rise — is your business ready? | TechRadar

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• 3 trends set to drive cyber attacks and ransomware in 2024 | World Economic Forum (weforum.org)

• Year-over-year, the median initial ransom has risen by 20% | Security Magazine

• Alpha ransomware linked to NetWalker operation dismantled in 2021 (bleepingcomputer.com)

• Why are ransomware gangs making so much money? | TechCrunch

• Akira Ransomware Exploiting Cisco Anyconnect Vulnerability (gbhackers.com)

• Knight ransomware source code for sale after leak site shuts down (bleepingcomputer.com)

• Exclusive: eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• Why some cyber attacks hit harder than others - BBC News

• Report: Manufacturing bears the brunt of industrial ransomware | CyberScoop

Ransomware Victims

• eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Why some cyber attacks hit harder than others - BBC News

• ALPHV ransomware claims loanDepot, Prudential Financial breaches (bleepingcomputer.com)

• Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric (securityaffairs.com)

• Dead Man's Fingers maker cuts over 500 jobs and enters the red after cyber attack hits sales (cityam.com)

• 147 ransomware attacks on large Dutch companies, institutions last year; 18% paid ransom | NL Times

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

Phishing & Email Based Attacks

• New report warns of ongoing rise of malicious emails bypassing secure email gateways - SiliconANGLE

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• The phishing bait you're most likely to take (betanews.com)

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• SMBs at Risk From SendGrid-Focused Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• What ‘psychological warfare’ tactics do scammers use, and how can you protect yourself? (theconversation.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• What Is Social Engineering? Types Of Attacks To Beware Of (forbes.com)

Artificial Intelligence

• AI models can be weaponized to hack websites on their own • The Register

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• As adversaries harness AI, tech firms peer through chat logs to catch them - Defense One

• Here Comes the Flood of AI-Generated Clickbait | WIRED

• Air Canada Has to Honor a Refund Policy Its Chatbot Made Up | WIRED

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Employees input sensitive data into generative AI tools despite the risks | ZDNET

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Global AI Regulatory Update - Lexology

Malware

• PDF Malware on the Rise, Used to Spread WikiLoader, Ursnif and DarkGat - Infosecurity Magazine (infosecurity-magazine.com)

• FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty (thehackernews.com)

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• Anatsa Android malware downloaded 150,000 times via Google Play (bleepingcomputer.com)

• 'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers (darkreading.com)

• What are Botnets and Why are MSSPs So Concerned? | MSSP Alert

• New SSH-Snake malware steals SSH keys to spread across the network (bleepingcomputer.com)

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Your Mac Is Not Virus Proof. It Never Has Been. (gizmodo.com)

• Click: Your innocent mouse could be a cyber criminal's silent weapon - Digital Journal

• Vibrator virus steals your personal information | Malwarebytes

Mobile

• Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices (thehackernews.com)

• New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe (darkreading.com)

• Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks | Tom's Hardware (tomshardware.com)

• VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (bleepingcomputer.com)

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

Denial of Service/DoS/DDOS

• Cyber attacks in Malta, Hungary, Ukraine, Bosnia are a 'wake-up call', IPI warns (timesofmalta.com)

• Average DDoS attack cost businesses £325,000 in 2023, according to new Zayo data | IT Reseller Magazine (itrportal.com)

• Top UK Universities Recovering Following Targeted DDoS Attack - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 'Anywhere there's a camera, now there's a risk': Billions of users at risk of Peeping Toms — scientists devise incredibly simple eavesdropping system costing only a few hundred dollars | TechRadar

• Wyze camera glitch gave 13,000 users a peek into other homes (bleepingcomputer.com)

• As Cyber attacks Ramp Up, Electric Vehicles Are Vulnerable (autoweek.com)

• Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire | Tom's Hardware (tomshardware.com)

• Is new technology making cars less secure? - Verdict

Data Breaches/Leaks

• Bank of America Suffers Massive Data Breach, Exposing Social Security Numbers, Addresses and Additional Sensitive Data To Hackers - The Daily Hodl

• Infosys subsidiary named as source of Bank of America leak • The Register

• Why Data Breaches Spiked in 2023 (hbr.org)

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• UK council's sneaky insider steals 79k email addresses • The Register

• Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million - SecurityWeek

Cyber Crime General & Criminal Actors

• Fifth of British Kids Have Broken the Law Online - Infosecurity Magazine (infosecurity-magazine.com)

• Despite Knowing Risks, Brits Continue to Expose Themselves to Cyber Criminals Finds IDnow | The Fintech Times

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Are Employing New Tactics To Launder Money, Warns Report - Benzinga

Insider Risk and Insider Threats

• UK council's sneaky insider steals 79k email addresses • The Register

Insurance

• Personal cyber insurance nascent but growing in demand as digital crimes increase - Victoria Times Colonist

• Insurers Use Claims Data to Recommend Cyber Security Technologies (darkreading.com)

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• What is Cyber Insurance and Does Your Small Business Need It? (smallbiztrends.com)

Supply Chain and Third Parties

• Infosys subsidiary named as source of Bank of America leak • The Register

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

Cloud/SaaS

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Cyber security report reveals 75% spike in cloud attacks (securitybrief.co.nz)

• Cyber security fears drive a return to on-premise infrastructure from cloud computing - Help Net Security

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Cyber attacks follow businesses to the cloud (betanews.com)

• Six steps for stronger cloud security | SC Media (scmagazine.com)

Identity and Access Management

• Why identity fraud costs organisations millions - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

Encryption

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

Linux and Open Source

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• How to proactively prevent password-spray attacks on legacy email accounts | CSO Online

Social Media

• EU Watchdog Urged to Reject Meta 'Pay for Privacy' Scheme - SecurityWeek

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• 76% of Super Bowl Traffic From Elon Musk's X to Advertisers Could Be Fake (thewrap.com)

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• European Union deepens its investigation of TikTok • The Register

Training, Education and Awareness

• People cannot be patched (betanews.com)

Regulations, Fines and Legislation

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

• Hedge Funds Warn SEC Cyber Lapses Risk Exposing Trading Secrets (bloomberglaw.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• European Union deepens its investigation of TikTok • The Register

• Decoding DORA: Navigating the digital regulatory landscape | World Finance

• 81 Percent of Security Leaders Say SEC Cyber Security Rules Will Substantially Impact Their Business | Business Wire

• FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus (404media.co)

• Avast settles claims of customer data peddling for $17M • The Register

• Global AI Regulatory Update - Lexology

Careers, Working in Cyber and Information Security

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Psychology of Cyber Security Burnout (informationweek.com)

• How can we adapt work practices to protect CISO mental health? | Computer Weekly

Misinformation, Disinformation and Propaganda

• Feds deliver stark warnings to state election officials ahead of November - Iowa Capital Dispatch

• UK election cyber attack warning after Putin's hackers target US (inews.co.uk)

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• Election security threats in 2024 range from AI to … anthrax • The Register

• 76 percent of Super Bowl LVIII traffic from Twitter dubbed 'fake' (awfulannouncing.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Countries fear state-sponsored cyber war | The World from PRX

• Cyberwar: What Is It Good For? - GovInfoSecurity

Nation State Actors

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever — new report signals the threats to businesses, supply chains, and democracy | TechRadar

• Countries fear state-sponsored cyber war | The World from PRX

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

China

• In the evolving cyberwar, China aims to take down our critical infrastructure | SC Media (scmagazine.com)

• 'Major Chinese hack' on Foreign Office urgently investigated by UK spies (inews.co.uk)

• Leaked Chinese Hacking Files Reveal How Compromised the US Could Be (businessinsider.com)

• iSoon's Secret APT Status Exposes China's Foreign Hacking Machination (darkreading.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• China’s Cyber Security and Statecraft – The Diplomat

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• China’s Spy Agency Sees Threats Everywhere in Data Security Push - Bloomberg

Russia

• FBI disrupts hacking network 'linked to Russian intelligence services' | US News | Sky News

• Russian APT 'Winter Vivern' Targets European Governments, Military (darkreading.com)

• Russian Cyber attackers Launch Multiphase PsyOps Campaign (darkreading.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers | Tom's Hardware (tomshardware.com)

• NHS hospitals ‘easy targets’ for Russian hackers (thetimes.co.uk)

• Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (recordedfuture.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Russian Turla Cyber Spies Target Polish NGOs With New Backdoor - SecurityWeek

• Russian-Aligned Network Doppelgänger Targets German Elections - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

• NATO's chief information officer on what Ukraine did right in its cyberwar with Russia (therecord.media)

• Russian Government Software Backdoored to Deploy Konni RAT Malware (thehackernews.com)

• Three terms sure to grab attention: Russia, nuclear, anti-satellite weapon | Ars Technica

Iran

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops (darkreading.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets (darkreading.com)

• Israeli Aircraft Survive “Cyber Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Russian Government Software Backdoored to Deploy North Korean Konni RAT Malware (thehackernews.com)

Vulnerability Management

• CVEs expected to increase 25% in 2024 | Security Magazine

• Coalition: Vulnerability scoring systems falling short | TechTarget

Vulnerabilities

• Ransomware Warning as CVSS 10.0 ConnectWise ScreenConnect Bug is Exploited - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• Exploiting critical ConnectWise bug is 'embarrassingly easy' • The Register

• Akira Ransomware Exploiting Cisco AnyConnect Vulnerability (gbhackers.com)

• New Ivanti Vulnerability Observed as Widespread Security Concerns Grow - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers (securityaffairs.com)

• VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (thehackernews.com)

• VMware issues no-patch advisory for critical flaw in old SSO plugin | SC Media (scmagazine.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• ESET fixed high-severity local privilege escalation bug in Windows products (securityaffairs.com)

• SolarWinds addressed critical RCEs in Access Rights Manager (securityaffairs.com)

• Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities - SecurityWeek

• Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking (darkreading.com)

• Joomla XSS Bugs Open Millions of Websites to RCE (darkreading.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

• Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

• Hackers exploit critical RCE flaw in Bricks WordPress site builder (bleepingcomputer.com)

Tools and Controls

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• NCSC Sounds Alarm Over Private Branch Exchange Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• New Google Chrome feature blocks attacks against home networks (bleepingcomputer.com)

• How Businesses Can Safeguard Their Communication Channels Against Hackers (thehackernews.com)

• Limiting remote access exposure in hybrid work environments | CSO Online

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• The double-edged sword of zero trust - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

• SOC Landscapes: Insights from SANS' 2023 SOC Report (trendmicro.com)

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Microsoft expands free logging capabilities after May breach (bleepingcomputer.com)

• Why ransomware gangs love using RMM tools—and how to stop them | Malwarebytes

• People cannot be patched (betanews.com)

• “Ruthlessly prioritize what’s critical”: Check Point expert on CISOs and the evolving attack surface | ITPro

Reports Published in the Last Week

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• CrowdStrike 2024 Global Threat Report | CrowdStrike

• IBM XForce Threat Intelligence Index 2024.pdf

• Cyber Threat Index 2024: Scans, Honeypots, and CVEs  (coalitioninc.com)

Other News

• Israeli Aircraft Survive “Cyber-Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

• The Power Sector’s High-Stakes Battle for Cyber-Resiliency (powermag.com)

• Ways to elevate public sector cyber security | Professional Security

• Increasing Europe's cyber resilience - government.lu (gouvernement.lu)

• Industries most targeted by active adversaries | SC Media (scmagazine.com)

• Library Cyber Defences Are Falling Down (darkreading.com)

• How conveyancers can protect themselves against a cyber attack | Today's Conveyancer (todaysconveyancer.co.uk)

• US govt shares cyber attack defence tips for water utilities (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Group Targeting MSPs Worldwide in New Campaign

Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.

The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.

Source [Dark Reading]

As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable

Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.

Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.

This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.

Sources [WWD] [InfoSecurity Magazine] [CRN]

Business Email Compromise Attack Costs Far Exceeding Ransomware Losses

Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.

Source [ITPro]

Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible

According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.

A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.

With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.

Sources [Tech Radar] [Makeuseof]

Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations

In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.

Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.

Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]

LinkedIn Suffers Significant Wave of Account Hacks

LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.

With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.

Source [Dark Reading]

High Net-Worth Families are at Risk of Cyber Crime

A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.

A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.

Source [Campdenfb]

Cyber Attack Rule Raises Insurance Risks for Corporate Officers

The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.

Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.

Whilst this is only in the US at the moment, other developed nations are likely to follow suit.

Source [Bloomberg Law]

PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously

The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.

The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.

Source [The Guardian]

The Imperative of Cyber Preparedness: The Power of Tabletop Exercises

Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.

A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.

Source [JDSupra]

Why Are Phones a Cyber Security Weak Spot?

Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.

Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.

Source [Tech Shout]

Governance, Risk and Compliance

• Hedge Fund Cyber security Trends Report says Majority Firms Report a Surge in Cyber Attacks - ITSecurityWire

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• 1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru

• Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• The Imperative of Cyber Preparedness: The Power of Tabletop Exercises | Bradley Arant Boult Cummings LLP - JDSupra

• Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)

• Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• 4 reasons to understand technology risks when buying a business (businessplus.ie)

• What did you say? Boards tackle corporate jargon | Fortune

• Boards Don't Want Security Promises — They Want Action (darkreading.com)

• Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)

• How threats to mid-sized businesses impact us all - Help Net Security

• 7 Reasons People Don't Understand What You Tell Them (darkreading.com)

• 6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Threats

Ransomware, Extortion and Destructive Attacks

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)

• Ransomware Surges With 1500 Confirmed Victims This Year - Infosecurity Magazine (infosecurity-magazine.com)

• 'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)

• As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN

• Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)

• Companies are finding it harder to detect ransomware | TechRadar

• Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)

• Ransomware: To pay or not to pay - Help Net Security

• Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW

• 'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• It's time for companies to double down on cyber security measures as ransomware attacks rise, say experts | CBC News

• Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek

• Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)

• Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the US and IT Integrator in Latin America (databreaches.net)

• Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)

• 3 strategies that can help stop ransomware before it becomes a crisis | CSO Online

• Latitude Financial takes profit hit from major cyber attack | The West Australian

• MOVEit cyber attack ignites worry about retirement plan fiduciary responsibility | Pensions & Investments (pionline.com)

• Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)

• Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)

• HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED

• Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)

• How to Create a Ransomware Incident Response Plan (techtarget.com)

Ransomware Victims

• Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)

• Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)

• Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• LockBit claims seven new victims in ransomware spree (techmonitor.ai)

• Cyber attack strikes Prince George's County schools, district says - The Washington Post

• Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Inside Housing - News - Hackney to procure new IT system after cyber attack

• Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)

• Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)

• Alberta dental benefits administrator hit by cyber attack | Edmonton Sun

Phishing & Email Based Attacks

• Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)

• If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine

• Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)

• Email – The System Running Since 71’ - SecurityWeek

• 3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)

• Most consumers can't spot phishing scams | TechRadar

• Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)

• Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)

• What Is a Blank Image Phishing Scam? (makeuseof.com)

• Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

• Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE

• Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)

• 30% of phishing threats involve newly registered domains - Help Net Security

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)

BEC – Business Email Compromise

• Business email compromise attack costs far exceeding ransomware losses | ITPro

Artificial Intelligence

• Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt

• 66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices - IT Security Guru

• ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)

• AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)

• New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru

• Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine

• Navigating generative AI risks and regulatory challenges - Help Net Security

• Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Top 10 AI Security Risks According to OWASP (trendmicro.com)

• AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)

• Cyber security practitioners' generative AI dilemma (iapp.org)

• People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

2FA/MFA

• How to prevent multifactor authentication fatigue attacks - SiliconANGLE

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

Malware

• Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)

• Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• Malware could be hiding on your Mac thanks to faults in Apple’s Background Task Manager | Tom's Guide (tomsguide.com)

• An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED

• Macs are getting compromised to act as proxy exit nodes - Help Net Security

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealers-Security Affairs

• Malware Dwell Time: Everything You Need to Know (makeuseof.com)

• Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)

• Security Researchers Publish Gigabud Banking Malware Analysis - Infosecurity Magazine (infosecurity-magazine.com)

• Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)

• Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag

• New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

• Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)

• Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | Cyber scoop

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Turns out AI probably isn't very good at writing malware • The Register

• Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)

Mobile

• Why Are Phones A Cyber security Weak Spot? - TechShout

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)

• 3 Mobile or Client-Side Security Myths Debunked (darkreading.com)

• Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)

• Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)

• FBI warns of money-stealing fake beta-release mobile apps • The Register

• Three reasons why your smartphone needs security protection (securitybrief.co.nz)

• Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)

• This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch

Botnets

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)

Denial of Service/DoS/DDOS

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (therecord.media)

Internet of Things – IoT

• Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)

• Is YOUR electric car vulnerable to hackers? How cyber criminals could steal personal data because of weak security at charging hubs and 'flaws' in vehicles' outdated software | Daily Mail Online

• Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)

Data Breaches/Leaks

• Electoral Commission had unpatched vulnerability on server • The Register

• PSNI and UK voter breaches show data security should be taken more seriously | Data and computer security | The Guardian

• UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)

• UK govt contractor MPD FM leaks employee passport data-Security Affairs

• Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)

• PSNI: Leaked Data Will be Used to Target Police Officers - Infosecurity Magazine (infosecurity-magazine.com)

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Over 100 Court Service agency workers warned of payslip security breach after cyber attack | BelfastTelegraph.co.uk

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• Alberta Dental Services Security Breach Exposes 1.47M Records - Infosecurity Magazine (infosecurity-magazine.com)

• The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)

• Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Man arrested in Northern Ireland police data leak • The Register

• teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company

• Here’s what you need to do after your personal data is breached (telegraph.co.uk)

Organised Crime & Criminal Actors

• Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)

• Cyber security researchers become target of criminal hackers | Financial Times (ft.com)

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealersSecurity Affairs

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

• File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• Web3 projects suffered from forty-two exploits within a week (coinpaper.com)

Insider Risk and Insider Threats

• The Data Behind Human Cyber Risk - GovInfoSecurity

Fraud, Scams & Financial Crime

• A Third of UK University Students Targeted By Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)

• “Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)

• Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)

• The road ahead for ecommerce fraud prevention - Help Net Security

• A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED

Insurance

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

Dark Web

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

Supply Chain and Third Parties

• Building Cyber security into the supply chain is essential as threats mount (att.com)

• Why the public sector still loves Capita (even though it got hacked) - Tech Monitor

• How to Ensure Cyber Resilience Across the Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)

• PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)

Software Supply Chain

• Study reveals staggering cost of vulnerable software supply chains - Plant & Works Engineering (pwemag.co.uk)

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

Cloud/SaaS

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing

• Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

Containers

• Kubernetes clusters face widespread attacks across numerous organisations - Help Net Security

Encryption

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• WhatsApp is right to be angry about the UK’s encryption mess | The Spectator

• Google adds post-quantum encryption key protection to Chrome • The Register

API

• The Evolution of API: From Commerce to Cloud-Security Affairs

• How financial services cyber regulations are hotting up for API security (betanews.com)

Open Source

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

• Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 6 best practices to defend against corporate account takeover attacks | CSO Online

• What's the State of Credential theft in 2023? (thehackernews.com)

• Building a secure future without traditional passwords - Help Net Security

• Are browser-stored passwords secure? | Kaspersky official blog

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

Social Media

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

Malvertising

• Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser

• Malvertisers up their game against researchers (malwarebytes.com)

Training, Education and Awareness

• Tips on employee cyber security training, risks and how to manage them - Albany Business Review (bizjournals.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Sextortion suspects on trial after one victim dies • The Register

• Digital Safety Advice is Not Getting Through to Women - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Navigating generative AI risks and regulatory challenges - Help Net Security

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra

• Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)

• How do we define “cyber worker”? The SEC’s rationale behind its new cyberincident disclosure rule. (thecyberwire.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• How financial services cyber regulations are hotting up for API security (betanews.com)

• A closer look at the new TSA oil and gas pipeline regulations - Help Net Security

• New York’s Department of Financial Services Moves to Further Bolster Cyber security Requirements | Jackson Lewis P.C. - JDSupra

Models, Frameworks and Standards

• Center for Internet Security announces secretive Microsoft partnership | StateScoop

• What's New in the NIST Cyber security Framework 2.0 (darkreading.com)

Data Protection

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Careers, Working in Cyber and Information Security

• 650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)

• Effectively upskilling cyber security professionals to help close the skills gap | CSO Online

• How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE

• Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)

• Vietnam admits massive shortage of infosec pros • The Register

• Heavy workloads driving IT professionals to resign - Help Net Security

• ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)

Law Enforcement Action and Take Downs

• Polish police arrest five in swoop on Cyber Crime site - TVN24

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Sextortion suspects on trial after one victim dies • The Register

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)

• Man arrested in Northern Ireland police data leak • The Register

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

Misinformation, Disinformation and Propaganda

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Foreign Office cyber attacks may have risked safety of civil servants and UK's allies, Tory MPs say (inews.co.uk)

• APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs

• Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)

• Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)

• Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Suspected spies for Russia held in major UK security investigation - BBC News

• Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian

China

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (thehackernews.com)

• DHS to Review Microsoft’s Security in Chinese Email Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)

• New Zealand says it is aware of China-linked intelligence activity in country | Reuters

• China teases imminent exposé of seismic US spying scheme • The Register

• Wide-ranging cyberespionage campaign by China's Ministry of State Security. Vulnerabilities in CPUs. MacOS threat trends. (thecyberwire.com)

• Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)

• 15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan

• China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says (therecord.media)

• US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch

• China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons (thehackernews.com)

Iran

• German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)

• Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)

• Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)

North Korea

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

Misc/Other/Unknown

• APTs use of lesser-known TTPs are no less of a headache - Help Net Security

Vulnerability Management

• Electoral Commission had unpatched vulnerability on server • The Register

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

Vulnerabilities

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)

• Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)

• Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations (thehackernews.com)

• Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)

• Magento shopping cart attack targets critical vulnerability • The Register

• New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)

• Data centers at risk due to flaws in power management software | CyberScoop

• Bugs in transportation app Moovit gave hackers free rides | TechCrunch

• Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability (thehackernews.com)

• Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News

• Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)

• AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar

• Windows 11 update install failures are reportedly happening again – and it’s breaking the built-in antivirus | TechRadar

• Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro

• Multiple Flaws Found in the Avada WordPress Theme and Plugin - Infosecurity Magazine (infosecurity-magazine.com)

• Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica

Tools and Controls

• What is Cyber security Monitoring? - MSSP Alert

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• AI-powered fraud detection: Strengthening security in fintech | The Financial Express

• Microsoft Teams Rooms on Windows to enhance security with meeting ID and passcode requirement - OnMSFT.com

• MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)

• Evaluate the risks and benefits of AI in cyber security | TechTarget

• How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)

• Lock Down APIs to Prevent Breaches (darkreading.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• Building a secure future without traditional passwords - Help Net Security

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• SEC cyber security rules shape the future of incident management - Help Net Security

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam

• SASE and requirements of business | Professional Security

• Why You Need Continuous Network Monitoring? (thehackernews.com)

• CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Other News

• Cyber attacks against the UK Electoral Commission reveal an ongoing threat to democracy (techxplore.com)

• Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News

• Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)

• Government highlights cyber threat to health and social care | UKAuthority

• Why is the Education Sector a Target for Cyber Attacks? | UpGuard

• Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard

• What would an OT cyber attack really cost your organisation? | CSO Online

• Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)

• Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)

• Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)

• Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)

• Documentary shines spotlight on a central bank heist and threats from cyber criminals - BNN Bloomberg

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack

Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.”

“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded,” said a Lloyd’s spokesperson.

The company did not comment on whether or not it has been contacted by hackers, if a ransom demand has been issued, or on the possible source of the attack.

However, the insurance market has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine – a potential motive for the attack. Lloyd’s itself has confirmed it was working closely with British and international governments to implement such sanctions.

Around 100 insurance syndicates operate at Lloyd's.

Earlier in 2022, Lloyd’s instructed its 76 insurance syndicates to remove “nation-state-backed cyber attacks” from insurance policies by March 2023, as well as losses “arising from a war.”

https://www.infosecurity-magazine.com/news/lloyds-possibly-hit-by-cyberattack/

• Former Uber Security Chief Convicted of Covering Up Data Breach

Uber’s former head of security has been convicted of covering up a 2016 data breach at the rideshare giant, hiding details from US regulators and paying off a pair of hackers in return for their discretion.

The trial, closely watched in cyber security circles, is believed to be the first criminal prosecution of a company executive over the handling of a data breach.

Joe Sullivan, who was fired in 2017 over the incident, was found guilty by a San Francisco jury of obstructing an investigation by the Federal Trade Commission. At the time of the 2016 breach, the regulator had been investigating the car-booking service over a different cyber security lapse that had occurred two years earlier.

Jurors also convicted Sullivan of a second count related to having knowledge of but failing to report the 2016 breach to the appropriate government authorities. The incident eventually became public in 2017 when Dara Khosrowshahi, who had just taken over as chief executive, disclosed details of the attack.

Prosecutors said Sullivan had taken steps to make sure data compromised in the attack would not be revealed. According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that exposed the personal information of almost 60mn drivers and riders on the platform.

https://www.ft.com/content/051af6a1-41d1-4a6c-9e5a-d23d46b2a9c9

• First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos

Cyber security professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organisations.

A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.

Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.

"Organisations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organisations during an incident, because those organisations were not prepared for the crisis that occurs. These attacks happen every day."

The IBM Security-funded study underscores why the cyber security community has focused increasingly on the mental health of its members. About half (51%) of cyber security defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cyber security executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.

https://www.darkreading.com/attacks-breaches/incident-response-s-first-72-hours-critical-to-taming-chaos

• Email Defences Under Siege: Phishing Attacks Dramatically Improve

This week's report that cyber attackers are laser-focused on crafting attacks specialised to bypass Microsoft's default security showcases an alarming evolution in phishing tactics, security experts said this week.

Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defences, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They're also doing more targeting and research on victims.

As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft's platform defences and landed in workers' inboxes in 2022, a rate that increased 74% compared to 2020, according to research published by cyber security firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.

The increasing capabilities of attackers is due to the better understanding of current defences, says Avanan, an email security firm acquired by Check Point in August 2021.

"It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company's security layers," he says. "The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyses the content."

Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organisations had been targeted during one AiTM campaign.

https://www.darkreading.com/remote-workforce/email-defenses-under-siege-phishing-attacks-dramatically-improve

• Remote Services Are Becoming an Attractive Target for Ransomware

Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.

A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.

In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analysed over the last 12 months.

Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritisation and patching”.

All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.

https://www.techradar.com/news/remote-services-are-becoming-an-attractive-target-for-ransomware

• Growing Reliance on Cloud Brings New Security Challenges

There was a time when cloud was just a small subset of IT infrastructure, and cloud security referred to a very specific set of tasks. The current reality is very different, organisations are heavily dependent on cloud technologies and cloud security has become a much more complex endeavour.

Organisations increasingly rely on the cloud to deliver new applications, reduce costs, and support business operations. One in every four organisations already have majority workloads in the cloud, and 44% of workloads currently run in some form of public cloud, says Omdia, a research and advisory group.

Practically every midsize and large organisation now operates in some kind of a hybrid cloud environment, with a mix of cloud and on-premises systems. For most organisations, software-as-a-service constitute the bulk (80%) of their cloud environments, followed by infrastructure-as-a-service and platform-as-a-service deployments.

In the past, cloud security conversations tended to focus on making sure cloud environments are being configured properly, but cloud security nowadays goes far beyond just configuration management. The sprawling cloud environment means security management has to be centralised, Omdia said. Security functions also need to be integrated into existing application deployment workflows.

On top of all of this, multicloud is becoming more common among organisations as they shift their workloads to avoid being dependent on a single platform. The three major cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – account for 65% of the cloud market.

https://www.darkreading.com/dr-tech/growing-reliance-on-cloud-brings-new-security-challenges

• Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.

Cyber attacks are happening more frequently. Last year’s ransomware survey revealed that 21% of companies experienced an attack. This year it rose by three percent to 24%.

“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Hornetsecurity.

The report highlighted a lack of knowledge on the security available to businesses. 25% of IT professionals either don’t know or don’t think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can backup their Microsoft 365 data securely and protect themselves from such attacks,” said Hofmann.

https://www.helpnetsecurity.com/2022/10/03/ransomware-attack-impact-microsoft-365-data/

• Ransomware Group Bypasses "Enormous" Range of EDR Tools

A notorious ransomware group has been spotted leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools.

BlackByte, which the US government has said poses a serious threat to critical infrastructure, used a “Bring Your Own Driver” technique to circumvent over 1000 drivers used by commercially available EDR products, according to Sophos. The UK cyber security vendor explained in a new report that the group had exploited a known vulnerability, CVE-2019-16098, in Windows graphics utility driver RTCorec6.sys. This enabled it to communicate directly with a victim system’s kernel and issue commands to disable callback routines used by EDR tools.

The group also used EDR bypass techniques borrowed from open source tool EDRSandblast to deactivate the Microsoft-Windows-Threat-Intelligence ETW (Event Tracing for Windows) provider. This is a Windows feature “that provides logs about the use of commonly maliciously abused API calls such as NtReadVirtualMemory to inject into another process’s memory,” explained Sophos. Neutralising it in this way renders any security tool relying on the feature also useless, the firm argued.

“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate,” said Sophos. “If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous.”

BlackByte is not the only ransomware group using these advanced techniques to get around existing detection tools, illustrating the continued arms race between attackers and defenders. AvosLocker used a similar method in May, Sophos said. “Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups,” the firm confirmed. “This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort.”

https://www.infosecurity-magazine.com/news/ransomware-bypasses-enormous-range/

• MS Exchange Zero-Days: The Calm Before the Storm?

Two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

The two vulnerabilities were publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities. Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings.

Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organisations globally. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organisation,” they added.

The other good news is there are still no public exploits for the two vulnerabilities. But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”

Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised. Scammers have since started impersonating security researchers and offering non-existing PoC exploits for CVE-2022-41082 for sale via GitHub

https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/

• Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk

Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyber attacks, according to Varonis.

For the report, researchers analysed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk, Varonis researchers have found.

One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximises damage during a ransomware attack. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data.

Out of 33 super admin accounts in the average organisation, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.

“Cloud security shouldn’t be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it’s nearly impossible to ensure your data isn’t walking out the door,” said Varonis. “This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible.”

https://www.helpnetsecurity.com/2022/10/05/company-data-breach-risk/

• Secureworks Finds Network Intruders See Little Resistance

Attackers who break into networks only need to take a few basic measures in order to avoid detection.

Security vendor Secureworks said in its annual State of the Threat report that it observed several data breaches between June 2021 and June 2022 and found that, by and large, once network intruders gained a foothold on the targets' environment, they had to do relatively little to stay concealed.

"One thing that is notable about them is that none of these techniques are particularly sophisticated," the vendor said. "That is because threat actors do not need them to be; the adversary will only innovate enough to achieve their objectives. So there is a direct relationship between the maturity of the controls in a target environment and the techniques they employ to bypass those controls."

Among the more basic measures taken by the attackers was coding their tools in newer languages such as Go or Rust. This tweak created enough of a difference in the software to evade signature-checking tools, according to Secureworks' report. In other cases, the network intruders hid their activity by packing their malware within a trusted Windows installer or by sneaking it into the Authenticode signature of a trusted DLL. In another case, a malware infection was seen moving data out of the victim's network via TOR nodes. While effective, Secureworks said the techniques are hardly innovative. Rather, they indicate that threat actors find themselves only needing to do the bare minimum to conceal themselves from detection.

https://www.techtarget.com/searchsecurity/news/252525696/Secureworks-finds-network-intruders-see-little-resistance

• Regulations, Laws and Accountability are Changing the Cyber Security Landscape

As cyber criminals continue to develop new ways to wreak havoc, regulators have been working to catch up. They aim to protect data and consumers while avoiding nation-state attacks that are a risk to national and economic security. But some of these regulations may provide an opportunity for MSSPs.

Some of these regulations are a response to what’s generally been a hands-off approach to telling organisations what to do. Unfortunately, cyber security isn’t always prioritised when budgets and resources are allocated. The result is a steadily rising tide of breaches and exploits that have held organisations hostage and made private information available on the dark web.

The new regulations are coming from all directions: at the state and federal levels in the US and around the world. While many of these regulations aren’t yet final, there’s no reason not to start aligning with where trends will ease the impact of changing rules. At the same time, many organisations want to hold the government responsible for some kinds of attacks. It will be interesting to see how regulating works, as most politicians and bureaucrats aren’t known for their technological savvy.

In the US, for example, new regulations are in development in the Federal Trade Commission, Food and Drug Administration, Department of Homeland Security, Department of Transportation, Department of Energy, and the Cybersecurity and Infrastructure Security Agency. Thirty-six states have enacted cyber security legislation, and the count increases as other countries join.

One of the motivating factors for all these new regulations is that most cyber attacks aren’t reported. Lawmakers realise cyber security threats continue to be one of the top national security and economic risks. In the last year and a half (2020-2022), there have been attacks on America’s gas supply, meat supply, and various other companies, courts, and government agencies. One FBI cyber security official estimated the government only learns about 20% to 25% of intrusions at US business and academic institutions.

In March, Congress passed legislation requiring critical infrastructure operators to report significant cyber attacks to CISA within 72 hours of learning about the attack. It also required them to report a ransomware payment within 24 hours. These regulations will also consider reporting “near misses” so that this data can also be studied and tracked. The problem is, how does one define a “near miss”?

https://www.msspalert.com/cybersecurity-guests/regulations-laws-and-accountability-are-changing-the-cybersecurity-landscape/

• This Year’s Biggest Cyber Threats

OpenText announced the Nastiest Malware of 2022, a ranking of the year’s biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.

Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient. LockBit evolved its tactics into something never seen before: triple extortion. Analysis also revealed an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021, indicating a possible end to the “hacker holiday,” a hacker rest period following the busy holiday season.

“The key takeaway from this year’s findings is that malware remains centre stage in the threats posed towards individuals, businesses, and governments,” said OpenText.

“Cyber criminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business—regardless of size—is immune to these threats.”

While this year’s list may designate payloads into different categories of malware, it’s important to note many of these bad actor groups contract work from others. This allows each group to specialise in their respective payload and perfect it.

https://www.helpnetsecurity.com/2022/10/06/2022-nastiest-malware/

Threats

Ransomware and Extortion

• Ransomware Attacks On The Rise, Secureworks Reveals in its State of the Threat Report - MSSP Alert

• Ransomware: This is how half of attacks begin, and this is how you can stop them | ZDNET

• Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)

• Ferrari Hit By Ransomware Attack: 7 GB Of Data Published Online – Expert (informationsecuritybuzz.com)

• BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (thehackernews.com)

• BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)

• Ransomware attacks ravage schools, municipal governments (techtarget.com)

• Ransomware 3.0: The Next Frontier (darkreading.com)

• More and more ransomware is just data theft, no encryption • The Register

• Netwalker ransomware affiliate sentenced to 20 years in prison (bleepingcomputer.com)

• Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs

• ADATA denies RansomHouse cyber attack, says leaked data from 2021 breach (bleepingcomputer.com)

• Avast releases a free decryptor for some Hades ransomware variants - Security Affairs

• Cyber criminals Leak LA School Data After It Refuses to Ransom (vice.com)

• How Ransomware Is Causing Chaos in American Schools (vice.com)

• Ransomware hunters: the self-taught tech geniuses fighting cyber crime | Cyber crime | The Guardian

BEC – Business Email Compromise

• BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)

• Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg

Phishing & Email Based Attacks

• Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks (thehackernews.com)

• Phishing Campaigns Target KFC, McDonald's in Saudi Arabia, UAE, Singapore - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Callback phishing attacks evolve their social engineering tactics (bleepingcomputer.com)

• 3 ways enterprises can mitigate social engineering risks - Help Net Security

Malware

• OpenText Releases List Of The Year’s “Nastiest” Malware - MSSP Alert

• This devious malware is able to disable your antivirus | TechRadar

• Bumblebee Malware Loader's Payloads Significantly Vary by Victim System (darkreading.com)

• Eternity Group Hackers Offering New LilithBot Malware-as-a-Service to Cyber criminals (thehackernews.com)

• Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)

• NullMixer Dropper Delivers a Multimalware Code Bomb (darkreading.com)

• Maggie malware already infected over 250 Microsoft SQL servers - Security Affairs

Mobile

• Android Spyware 'RatMilad' Targets Enterprise Devices in Iran - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 7 IoT Devices That Make Security Pros Cringe (darkreading.com)

• Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (darkreading.com)

• Acronis founder is afraid of his own vacuum cleaner • The Register

Data Breaches/Leaks

• “Egypt Leaks” – Hacktivists are Leaking Financial Data - Security Affairs

• No Shangri-La for you: Top hotel chain confirms data leak • The Register

• Home Office reprimanded after sensitive counter-terror documents left at London venue | The Independent

• NSA: Someone hacked military contractor and stole data • The Register

• City of Tucson discloses data breach affecting over 123,000 people (bleepingcomputer.com)

• Optus Says ID Numbers of 2.1 Million Compromised in Data Breach | SecurityWeek.Com

• Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data (darkreading.com)

• 2K warns users their info has been stolen following breach of its help desk | Ars Technica

• Russian retail chain 'DNS' confirms hack after data leaked online (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Breaking: Scams Linked To Crypto Soared By 335% (informationsecuritybuzz.com)

• Hacker steals $566 million worth of crypto from Binance Bridge (bleepingcomputer.com)

• Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)

• Binance Says $100 Million Stolen in Latest Crypto Hack (gizmodo.com)

• Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)

Insider Risk and Insider Threats

• Why Don't CISOs Trust Their Employees? (darkreading.com)

• Meta sues app dev for stealing over 1 million WhatsApp accounts (bleepingcomputer.com)

• To avoid insider threats, try empathy - Help Net Security

• Microsoft publishes report on holistic insider risk management - Microsoft Security Blog

• Unearth offboarding risks before your employees say goodbye - Help Net Security

• Splunk alleges source code theft by former employee • The Register

• Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (thehackernews.com)

Fraud, Scams & Financial Crime

• ICO Fines Four "Predatory" Privacy-Invading Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers Feel Hopeless in Protecting Themselves Against Cyber crime, ISACA Reports - MSSP Alert

• BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)

• Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg

• Russians dodging mobilization behind flourishing scam market (bleepingcomputer.com)

• Scammers and rogue callers – can anything ever stop them? – Naked Security (sophos.com)

• Healthcare Company Owners Get Jail Time for $7m Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Online romance scam boss netted $9.5m, jailed for 25 years • The Register

Deepfakes

• How a deepfake Mark Ruffalo scammed half a million dollars from a lonely heart • Graham Cluley

Supply Chain and Third Parties

• Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)

• Supply Chain Attack Targets Customer Engagement Firm Comm100 | SecurityWeek.Com

Denial of Service DoS/DDoS

• DDoS Attacks Spike in First Half of 2022 to Highest Levels in Four Years - MSSP Alert

Cloud/SaaS

• How Will the Metaverse Affect Cloud Security? (trendmicro.com)

• Hardening data security in the cloud • The Register

• Monitoring Your Cloud And Hybrid IT Infrastructure: How To Find The Right Monitoring Solution (informationsecuritybuzz.com)

Encryption

• Loads of connected PostgreSQL systems do not use SSL • The Register

API

• More Than 30% of All Malicious Attacks Target Shadow APIs (darkreading.com)

• APIs are quickly becoming the most popular attack vector - Help Net Security

• The Problem of API Security and How To Fix It (informationsecuritybuzz.com)

• API authentication failures demonstrate the need for zero trust - Help Net Security

• Shadow APIs hit with 5 billion malicious requests - Help Net Security

Open Source

• When transparency is also obscurity: The conundrum that is open-source security - Help Net Security

• How Secure is Using Open Source Components? - IT Security Guru

Passwords, Credential Stuffing & Brute Force Attacks

• Microsoft warns Basic Auth users over password spray attacks • The Register

• Is mandatory password expiration helping or hurting your password security? - Help Net Security

• Detecting and preventing LSASS credential dumping attacks - Microsoft Security Blog

• Meta Says It Has Busted More Than 400 Login-Stealing Apps This Year | WIRED

Privacy, Surveillance and Mass Monitoring

• The gap between security and privacy, and what it will take to bridge it - Help Net Security

• ICO Fines Four "Predatory" Privacy-Invading Firms - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• New Telecoms Security Framework Comes Into Force (informationsecuritybuzz.com)

Models, Frameworks and Standards

• CIS Controls v8: Safeguards to mitigate the most prevalent cyber-attacks - Help Net Security

Secure Disposal

• The astronomical costs of an asset disposal program gone wrong | CSO Online

• New forensic analysis of electronical devices unveils dangers of inadequate data disposal for individuals and businesses - Business in the News

Backup and Recovery

• Giving Away the Keys to Your Backups? Here’s How to Keep Out Hackers (darkreading.com)

Law Enforcement Action and Take Downs

• Police arrest teen for using leaked Optus data to extort victims (bleepingcomputer.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Relentless Russian Cyber attacks on Ukraine Raise Important Policy Questions (darkreading.com)

• Finnish intelligence warns of Russia's cyber espionage activities - Security Affairs

• Kazakhstan Pins Wave Of Cyber attacks On Foreign Actors | OilPrice.com

• Albania weighed invoking NATO’s Article 5 over Iranian cyber attack - POLITICO

• Russian Hackers Take Aim at Kremlin Targets: Report - Infosecurity Magazine (infosecurity-magazine.com)

• We breached Russian satellite network, say pro-Ukraine partisans | Cybernews

• Ukrainian forces report Starlink outages during push against Russia | Financial Times (ft.com)

• Android Spyware 'RatMilad' Targets Enterprise Devices in Iran - Infosecurity Magazine (infosecurity-magazine.com)

• Report: Mexico Continued to Use Spyware Against Activists | SecurityWeek.Com

Nation State Actors

Nation State Actors – China

• US authorities name China's 20 favourite vulns to exploit • The Register

• Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs

Nation State Actors – North Korea

• Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs

Vulnerability Management

• CISA mandates vulnerability detection and reporting rules • The Register

• The Zero Day Dilemma | SecurityWeek.Com

Vulnerabilities

• Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities (thehackernews.com)

• Fortinet warns admins to patch critical auth bypass bug immediately (bleepingcomputer.com)

• Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products | SecurityWeek.Com

• Atlassian, Microsoft bugs make CISA’s must-patch list • The Register

• US authorities name China's 20 favourite vulns to exploit • The Register

• October 2022 Patch Tuesday forecast: Looking for treats, not more tricks - Help Net Security

• Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub (bleepingcomputer.com)

• CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability | SecurityWeek.Com

• No fix in sight for mile-wide loophole plaguing a key Windows defence for years | Ars Technica

• Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (thehackernews.com)

• Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs

• Unpatched Zimbra flaw under attack is letting hackers backdoor servers | Ars Technica

• macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks (darkreading.com)

• Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (thehackernews.com)

• VMware fixed a high-severity bug in vCenter Server - Security Affairs

• BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (thehackernews.com)

Reports Published in the Last Week

• 2022 State of the Threat Report | Secureworks

• Building a Holistic Insider Risk Management Program

Other News

• Guilty verdict in the Uber breach case makes personal liability real for CISOs | CSO Online

• Cyber attackers view smaller organisations as easier targets - Help Net Security

• Moody's turns up the heat on 'riskiest' sectors for attacks • The Register

• 5 reasons why security operations are getting harder | CSO Online

• Former NSA Employee Faces Death Penalty for Selling Secrets (darkreading.com)

• Fast Company Is Back From the Dead After Being Hacked (gizmodo.com)

• Ready Or Not, Web 3 Is Coming And With It Comes Cybersquatting 2.0 (informationsecuritybuzz.com)

• Cyber Hygiene: 5 Best Practices for Company Buy-In (trendmicro.com)

• School Is in Session: 5 Lessons for Future Cyber Security Pros (darkreading.com)

• Want More Secure Software? Start Recognizing Security-Skilled Developers (thehackernews.com)

• Incident responders increasingly seek out mental health assistance - Help Net Security

• You Are Not Alone If You're Unclear About Extended Detection and Response (XDR) - MSSP Alert

• Why digital trust is the bedrock of business relationships - Help Net Security

• Incident Responders Driven by Sense of Duty, Handcuffed by Volume of Cyber attacks, IBM Reports - MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving

Ransomware is the biggest cyber security threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.

"Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they're increasingly offered by gangs as a service, lowering the bar for entry into cyber crime," said Lindy Cameron, CEO of the NCSC in a speech at Tel Aviv Cyber Week.

She added that the NCSC has dealt with "nationally significant incidents" along with hundreds of general cyber incidents that "affect the UK more widely every year".

While she didn't detail any specific instances of responding to ransomware incidents, Cameron warned that "these complex attacks have the potential to affect our societies and economies significantly", and implied that if it weren't for the work of NCSC incident responders, alongside their counterparts in the industry and international counterparts, the attacks could have had a major impact.

https://www.zdnet.com/article/ransomware-attacks-are-the-biggest-global-cyber-threat-and-still-evolving-warns-cybersecurity-chief/

• Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion

Titaniam, Inc., the data security platform, announced the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organisations have an existing set of prevention, detection, and backup solutions, nearly 40% of organisations have been hit with ransomware attacks in the last year, and more than 70% have experienced one in the previous five years, proving existing solutions to be woefully inadequate in managing the risks and impacts from these attacks.

Data exfiltration during ransomware attacks is up 106% relative to where it was five years ago. We are seeing the emergence of a new trend where cyber criminals are no longer limiting themselves to just encrypting entire systems—they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim. The survey found that 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60% say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59% of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.

Data is being exposed for theft and extortion in other ways too. Nearly half (47%) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78%), prevention & detection (75%), and backup and recovery (73%) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks.

https://www.darkreading.com/attacks-breaches/study-reveals-traditional-data-security-tools-have-a-60-failure-rate-against-ransomware-and-extortion

• Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Attacks against companies spiked in Q1 2022 with patchable and preventable external vulnerabilities responsible for the bulk of attacks.

Eighty-two percent of attacks on organisations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.

The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyber attacks against United States organisations between January and March 2022.

The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credentials are still major factors in attacks against organisations.

https://threatpost.com/lead-causes-of-q1-attacks/180096/

• Three in Four Vulnerability Management Programs Ineffective

How at risk are organisations to unsecured vulnerabilities in their networks? NopSec, a threat and exposure management provider, gives us the answers in a new study of some 430 cyber security professionals.

Are security teams finding successful approaches to their vulnerability management, or are “open doors around their attack surface” leaving them susceptible to disaster in their organisation? The answer, as it turns out, is that some organisations are better at detection, response and remediation of their vulnerabilities.

Perhaps more importantly, others are not as locked down as they believe, according to the report. Keeping track of known vulnerabilities and responding quickly is one thing, but locating flaws they did not previously know existed is quite another.

Seventy percent of respondent say their vulnerability management program (VMP) is only somewhat effective or worse, blind spots and shadow IT remain top challenges, and vulnerabilities take too long to patch.

https://www.msspalert.com/cybersecurity-research/three-in-four-vulnerability-management-programs-ineffective-study-finds/

• EMEA Continues to Be a Hotspot for Malware Threats

Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.

Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.

The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.

https://www.helpnetsecurity.com/2022/06/30/emea-malware-threats/

• A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.

So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive, and remain undetected, is the hallmark of a highly sophisticated threat actor.

"While compromising small office/home office (SOHO) routers as a vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organisation."

The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.

https://www.wired.com/story/zuorat-trojan-malware-hacking-routers/

• What Are Shadow IDs, and How Are They Crucial in 2022?

Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)

Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems that new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT.

"Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services, are often created using a simple email-and-password-based registration. Cloud access security broker (CASB) and corporate single-sign-on (SSO) solutions are limited to a few sanctioned applications, and are not widely adopted on most websites and services either. This means, that a large part of an organisation's external surface - as well as its user identities - may be completely invisible.

https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html

• Zero-Days Aren't Going Away Anytime Soon, and What Leaders Need to Know

Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just recently, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. And because the internal security teams have no time to prepare or patch their systems to defend against these software vulnerabilities, crafty threat actors can take advantage, taking their time after they've accessed an organisation's environment to observe and exfiltrate data while remaining completely unseen.

And though sophisticated threat actors and nations have exploited zero-days for nearly two decades, last year saw a historic rise in the number of vulnerabilities detected. Both Google and Mandiant tracked a record number of zero-days last year, with the caveat that more zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal, though. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there's some basic cyber hygiene strategies that can keep your organisation sufficiently prepared to mitigate zero-day exploits.

https://www.darkreading.com/attacks-breaches/zero-days-aren-t-going-away-anytime-soon-and-what-leaders-need-to-know

• Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities

Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.

According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organisations applied more comprehensive patching.

“On top of that, four of the 2022 zero-days are variants of 2021 in-the-wild zero-days. Just 12 months from the original in-the-wild zero-day being patched, attackers came back with a variant of the original bug,” Stone says.

The most recent of these issues is the Follina vulnerability in the Windows platform. Tracked as CVE-2022-30190, it is a variant of an MSHTML zero-day tracked as CVE-2021-40444.

CVE-2022-21882 is another Windows vulnerability that is a variant of an in-the-wild zero-day that was improperly resolved last year, namely CVE-2021-1732.

An iOS IOMobileFrameBuffer bug (CVE-2022-22587) and a type confusion flaw in Chrome’s V8 engine (CVE-2022-1096) are two other zero-days that are variants of exploited security flaws found last year – CVE-2021-30983 and CVE-2021-30551, respectively.

Other 2022 zero-days that are variants of improperly addressed security defects are CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence), and CVE-2022-26925 (Windows flaw called PetitPotam).

https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities

• Human Error Remains the Top Security Issue

Human error remains the most effective vector for conducting network infiltrations and data breaches.

The SANS Institute security centre issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also tracked the maturity level of respondents' security awareness programs and their effectiveness in reducing human risk.

"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it," the cyber security training and education organisation said.

"These larger teams are more effective at working with the security team to identify, track, and prioritise their top human risks, and at engaging, motivating, and training their workforce to manage those risks."

The SANS Institute study ranked maturity by five levels, from lowest to highest: nonexistent, compliance-focused, promoting awareness and behaviour change, long-term sustainment and culture change, and metrics framework. The report found that while approximately 400 respondents said their programs promote awareness and behaviour change - the highest such response for any maturity level - the number represented a 10% decrease from the previous year's report.

https://www.techtarget.com/searchsecurity/news/252522226/SANS-Institute-Human-error-remains-the-top-security-issue

• Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks

Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyber attacks.

A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based business revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

Back in 2019, the security operations team spotted an internal email account sending spam to other addresses. It turned out miscreants had hijacked 124 employee Microsoft Office 365 email accounts, and were using them to send phishing emails to harvest more credentials. This, we're told, gave the intruders access to personal data on 180,000 Carnival employees and customers. It's likely the miscreants first broke in using phishing mails or brute-forcing passwords; either way, there was no multi-factor authentication.

Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.

https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/

• Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules

A federal judge on Tuesday said a former Uber Technologies Inc. security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.

The US Department of Justice had in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the US Federal Trade Commission.

https://www.reuters.com/business/uber-ex-security-chief-accused-hacking-coverup-must-face-fraud-charges-judge-2022-06-28/

Threats

Ransomware

• Ransomware market evolution results in fewer variants, but rise in off-the-shelf cyber crime kits continues | The Daily Swig (portswigger.net)

• Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts - MSSP Alert

• Cyber Security Experts Warn of Emerging Threat of "Black Basta" Ransomware (thehackernews.com)

• 5 years after NotPetya: Lessons learned | CSO Online

• AstraLocker 2.0 infects users directly from Word attachments (bleepingcomputer.com)

• Mitel VoIP Bug Exploited in Ransomware Attacks | Threatpost

• Black Basta Ransomware Gang Attacks 50 Companies, Cybereason Reports - MSSP Alert

• How Dangerous Is BlackBasta Ransomware? (informationsecuritybuzz.com)

• LockBit 3.0 Debuts With Ransomware Bug Bounty Program (darkreading.com)

• Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit (trendmicro.com)

• Son of Conti: Ransomware tries its hand at politics - The Record by Recorded Future

• Kaseya Ransomware - Cyber Leader’s Thoughts & Learnings One Year Later (informationsecuritybuzz.com)

• Are Protection Payments the Future of Ransomware? (tripwire.com)

• Conti vs. LockBit: A Comparative Analysis of Ransomware Groups (trendmicro.com)

• This new malware is at the heart of the ransomware ecosystem | ZDNet

• Macmillan Publishing shuts down systems after likely ransomware attack (bleepingcomputer.com)

• Walmart denies being hit by Yanluowang ransomware attack (bleepingcomputer.com)

• Fake copyright infringement emails install LockBit ransomware (bleepingcomputer.com)

• Cisco Talos techniques uncover ransomware sites on dark web (techtarget.com)

• RansomHouse gang claims to have some stolen AMD data • The Register

• 'Prolific' NetWalker extortionist pleads guilty • The Register

Phishing & Email Based Attacks

• Google Warns About Hacker-for-Hire Services Trying to Phish Users (pcmag.com)

• Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)

• Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)

• How phishing attacks are becoming more sophisticated - Help Net Security

• How Evilnum Cyber Attacks Target Microsoft Office Files - MSSP Alert

• New Matanbuchus Campaign drops Cobalt Strike beacons - Security Affairs

• Kaspersky Reveals Phishing Emails That Employees Find Most Confusing (darkreading.com)

• Ukraine arrests cyber crime gang operating over 400 phishing sites (bleepingcomputer.com)

Malware

• Microsoft finds Raspberry Robin worm in hundreds of Windows networks (bleepingcomputer.com)

• Microsoft Exchange servers worldwide backdoored with new malware (bleepingcomputer.com)

• Microsoft warning: This malware that targets Linux just got a big update | ZDNet

• ZuoRAT Hijacks SOHO Routers From Cisco, Netgear (darkreading.com)

• XFiles info-stealing malware adds support for Follina delivery (bleepingcomputer.com)

• Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)

• Minors Use Discord Servers To Earn Extra Pocket Money Through Spreading Malware (informationsecuritybuzz.com)

• PyPi python packages caught sending stolen AWS keys to unsecured sites (bleepingcomputer.com)

Mobile

• Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine

• Google warns Hermit spyware is infecting phones. What is it and how do you protect yourself from it? | Mashable

• Phone Hackers: 9 Ways To Tell If You Have Fallen Victim (informationsecuritybuzz.com)

• Apple revokes certificates for Hermit spyware app - 9to5Mac

• Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru

Internet of Things – IoT

• Swarm of malfunctioning driverless taxis brings traffic to a halt for hours (telegraph.co.uk)

Data Breaches/Leaks

• Millions of free VPN user records leaked | TechRadar

• Leaky Access Tokens Exposed Amazon Photos of Users | Threatpost

• California gun dashboards expose 10 years of personal data • The Register

Organised Crime & Criminal Actors

• The strange business of cyber crime | CSO Online

• Russia-China cyber criminal collaboration could “destabilize” international order | CSO Online

• Canadian admits to hacking spree with Russian cyber-gang - BBC News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pentagon finds concerning vulnerabilities on blockchain | TechRepublic

• Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0daySecurity Affairs

• Hackers steal $100m from another breached crypto bridge | TechRadar

• Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine

• Dozens of cryptography libraries vulnerable to private key theft | The Daily Swig (portswigger.net)

• Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted - BBC News

• Singapore warns of ‘brutal, unrelentingly hard’ crypto regs • The Register

Insider Risk and Insider Threats

• Rogue HackerOne employee steals bug reports to sell on the side (bleepingcomputer.com)

• Japanese worker loses city's personal data in USB fail • The Register

• How you handle independent contractors may determine your insider threat risk | CSO Online

Fraud, Scams & Financial Crime

• Threat actors increasingly use third parties to run their scams - Help Net Security

• Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine

• Evolving online habits have paved the way for fraud. What can we do about it? - Help Net Security

Insurance

• Cyber Insurance: The Good, the Bad, and the Ugly - IT Security Guru

Software Supply Chain

• It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? (darkreading.com)

• Over a Decade in Software Security: What Have We learned? - IT Security Guru

Denial of Service DoS/DDoS

• Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)

Attack Surface Management

• Digital Shadows Weaken Your Attack Surface (securityintelligence.com)

Shadow IT

• Shadow IT Spurs 1 in 3 Cyber Attacks (darkreading.com)

• What is Shadow IT and why is it so risky? (thehackernews.com)

Open Source

• CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• RansomHouse Hackers Claim to Breach AMD With Bad Passwords (gizmodo.com)

• Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (bleepingcomputer.com)

• Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)

Social Media

• Verified Twitter accounts hacked to send fake suspension notices (bleepingcomputer.com)

• Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign (darkreading.com)

• New YTStealer malware steals accounts from YouTube Creators (bleepingcomputer.com)

• Facebook 2FA phish arrives just 28 minutes after scam domain created – Naked Security (sophos.com)

Training, Education and Awareness

• Time Constraints Hamper Security Awareness Programs (darkreading.com)

Privacy

• ‘Supercookies’ Have Privacy Experts Sounding the Alarm | WIRED

• UK should immediately ban use of live facial recognition, warns report | Financial Times (ft.com)

• Snoopers’ Charter Ruled Partially Unlawful - Infosecurity Magazine

• We must stop sleepwalking towards a surveillance state | Financial Times (ft.com)

Parental Controls and Child Safety

• How parents can talk about online safety and personal info protection with their kids - Help Net Security

Regulations, Fines and Legislation

• Manx government department fined over data breach - BBC News

• Clearview fine: The unacceptable face of modern surveillance - Help Net Security

• UK security services must seek approval to access telecoms data, judges rule | UK security and counter-terrorism | The Guardian

Law Enforcement Action and Take Downs

• Global Police Crack Down on Online Sexual Exploitation - Infosecurity Magazine

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Lethal drinking water, runs on banks and panic buying: What a real Undeclared War cyber attack could mean (inews.co.uk)

• Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation | CSO Online

• Clear Rules Needed to Prevent Conflict and Struggle in Cyber Space, Says NCSC Chief - Infosecurity Magazine

• NATO to create cyber rapid response force, increase cyber defence aid to Ukraine - CyberScoop

• Could the Russian cyber attack on Lithuania draw a military response from NATO? | World News | Sky News

• Evilnum hackers return in new operation targeting migration orgs (bleepingcomputer.com)

• Commercial cyber products must be used responsibly, says NCSC CEO (computerweekly.com)

• G7 to tackle cyber threats and disinformation from Russia: communique | Reuters

• Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru

• Apple revokes certificates for Hermit spyware app - 9to5Mac

• China lured graduate jobseekers into digital espionage | Ars Technica

• FCC commissioner calls TikTok Chinese spyware and wants it pulled from mobile app stores (androidpolice.com)

• Google warns Hermit spyware is infecting phones. What is it and how do you protect yourself from it? | Mashable

Nation State Actors

Nation State Actors – Russia

• Ukraine targeted by almost 800 cyber attacks since the war started (bleepingcomputer.com)

• Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas - Security Affairs

• Russian Hacker Group Says Cyber Attacks Continue On Lithuania (informationsecuritybuzz.com)

• Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)

• Russia's Killnet hacker group says it attacked Lithuania | Reuters

Nation State Actors – China

• Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia | SecurityWeek.Com

• Chinese Hackers Target Building Management Systems | SecurityWeek.Com

• China lured graduate jobseekers into digital espionage | Ars Technica

Nation State Actors – North Korea

• Experts blame North Korea-linked Lazarus APT for Harmony hack - Security Affairs

Vulnerability Management

• 18 Zero-Days Exploited So Far in 2022 (darkreading.com)

• Why more zero-day vulnerabilities are being found in the wild | CSO Online

• Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)

• Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree (thehackernews.com)

• Microsoft's quiet mishandling of vulnerabilities is becoming a public mess - OnMSFT.com

Vulnerabilities

• MITRE shares this year's list of most dangerous software bugs (bleepingcomputer.com)

• Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (darkreading.com)

• How and why threat actors target Microsoft Active Directory | CSO Online

• Atlassian Confluence Exploits Peak at 100K Daily (darkreading.com)

• Patch Now: Linux Container-Escape Flaw in Azure Service Fabric (darkreading.com)

• Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (bleepingcomputer.com)

• OpenSSL 3.0.5 awaits release to fix potential security flaw • The Register

• CISA: Adopt Modern Auth now for Exchange Online • The Register

• CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)

• CISA orders agencies to patch Windows LSA bug exploited in the wild (bleepingcomputer.com)

• Mitel VoIP Bug Exploited in Ransomware Attacks | Threatpost

• Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware (trendmicro.com)

• Jenkins discloses dozens of zero-day bugs in multiple plugins (bleepingcomputer.com)

• New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)

Sector Specific

Critical National Infrastructure (CNI)

• Stress and Burnout Could Lead to Exodus of CNI Cyber Security Leaders - Infosecurity Magazine

Financial Services Sector

• Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine

FinTech

• A Fintech Horror Story: How One Company Prioritizes Cyber Security (darkreading.com)

• Security and compliance concerns limit ‘open finance’ expansion, say executives (scmagazine.com)

Telecoms

• Why the next-gen telecom ecosystem needs better regulations (techtarget.com)

OT, ICS, IIoT, SCADA and Cyber-Physical Systems

• APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (thehackernews.com)

• Cyber-Physical Security: Benchmarking to Advance Your Journey | SecurityWeek.Com

• Critical Security Flaws Identified in CODESYS ICS Automation Software (thehackernews.com)

• Microsoft Exchange bug abused to hack building automation systems (bleepingcomputer.com)

• 5 Cyber Security Tips for Smart Buildings - IT Security Guru

• Chinese Hackers Target Building Management Systems | SecurityWeek.Com

• OT security: Helping under-resourced critical infrastructure organisations - Help Net Security

Energy & Utilities

Oil, Gas and Mining

Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia | SecurityWeek.Com

Food and Agriculture

• Wiltshire Farm Foods Cyberattack (informationsecuritybuzz.com)

Education and Academia

• Threat Actor Claims Responsibility For IBM and Stanford University Hack - Infosecurity Magazine (infosecurity-magazine.com)

Web3

• Securing the Metaverse and Web3 | SecurityWeek.Com

• Cyber security and the metaverse: Identifying the weak spots | VentureBeat

Reports Published in the Last Week

• State of Email Security | Mimecast

• Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf

• State of Data Exfiltration and Extortion 2022 - Titaniam

• SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organisation’s Cyber Security | SANS Institute

• Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues

Other News

• Cyber Attacks Gain Steam in Early '22: Tetra Defense Report - MSSP Alert

• FBI warns crooks are using deepfake videos in job interviews • The Register

• Destructive firmware attacks pose a significant threat to businesses - Help Net Security

• 48% of security practitioners seeing 3x increase in alerts per day - Help Net Security

• Adversarial machine learning explained: How attackers disrupt AI and ML systems | CSO Online

• Companies are desperate for cyber security workers—more than 700K positions need to be filled | Fortune

• 82% Cyber Breaches In Verizon’s Report Preventable, Says MyCena (informationsecuritybuzz.com)

• SolarWinds hack explained: Everything you need to know (techtarget.com)

• Properly securing APIs is becoming increasingly urgent - Help Net Security

• 97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors - Infosecurity Magazine

• LGBTQ+ folks warned of dating app extortion scams • The Register

• What is Zero Trust and why would you want it? • The Register

• Tencent admits to poisoned QR code attack on QQ accounts • The Register

• Exploring the insecurity of readily available Wi-Fi networks - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Phishing Attacks Show High-Ranking Execs May Be ‘Most Valuable Asset,’ and ‘Greatest Vulnerability’

Cyber criminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets.

https://www.scmagazine.com/home/security-news/phishing/phishing-scheme-shows-ceos-may-be-most-valuable-asset-and-greatest-vulnerability/

Insurers 'Funding Organised Crime' by Paying Ransomware Claims

Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack, Britain’s former top cybersecurity official has warned.

https://www.theguardian.com/technology/2021/jan/24/insurers-funding-organised-by-paying-ransomware-claims

Emotet: Police raids take down botnet that hacked 'millions of computers worldwide'

Emotet, one of the world's most dangerous cyber crime services, has been taken down following one of the largest ever internationally-coordinated actions against cyber criminals. Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool leased out to cyber criminals to break into victim computer networks and install additional malicious software.

https://news.sky.com/story/emotet-police-raids-take-down-botnet-that-hacked-millions-of-computers-worldwide-12200460

After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face

Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March, a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients.

https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face

FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack

Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack.

https://securityaffairs.co/wordpress/113752/cyber-warfare-2/fsb-fears-retaliation-solarwinds-hack.html

Update your iPhone — Apple just disclosed hackers may have 'actively exploited' a vulnerability in its iOS

On Tuesday released a new iOS software update that includes fixes for three security weaknesses in the former version.  Its support website that it is aware of the three security bugs and that they "may have been actively exploited. “Also, it does not disclose details regarding security issues "until an investigation has occurred."

https://www.businessinsider.com/apple-ios-14-update-hackers-security-bugs-iphone-software-2021-1?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Top Cyber Attacks of 2020

"Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. Nation-state hacker groups mounted attacks against organisations involved in the coronavirus pandemic response, including the World Health Organization and Centres for Disease Control and Prevention, some in an attempt to politicize the pandemic.

https://thehackernews.com/2021/01/top-cyber-attacks-of-2020.html

Threats

Ransomware

• Nefilim Ransomware Gang Hits Jackpot with Ghost Account

• Cyber Criminals use deceased staff accounts to spread Nemty ransomware

• US and Bulgarian authorities disrupt NetWalker ransomware operation

• Former UK Cyber Security Chief Says Laws Are Needed to Stop Ransomware Payouts

BEC

• BEC attack techniques exploit Microsoft 365 messages

Phishing

• Targeted Phishing Attacks Strike High-Ranking Company Executives

Other Social Engineering

• Google warns of ‘novel social engineering method’ used to hack security researchers

Malware

• DreamBus botnet targets enterprise apps running on Linux servers

• These are the biggest threats facing WordPress sites today

• Trickbot is back again - with fresh phishing and malware attacks

Mobile

• A New Credential Stealing Android Malware

• Beware — A New Wormable Android Malware Spreading Through WhatsApp

Vulnerabilities

• Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges

• Vulnerability found in top messaging apps let hackers eavesdrop

• Cisco DNA Center Bug Opens Enterprises to Remote Attack

• Experts Detail A Recent Remotely Exploitable Windows Vulnerability

• Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team

• KindleDrip exploit – Hacking a Kindle device with a simple email

Data Breaches

• Australian securities regulator discloses security breach

• Hacker leaks data of 2.28 million dating site users

• Grindr fined £8.6m in Norway over sharing personal information

Charities

• A month after a high-level cyber attack, charity says many IT systems are still offline

Insider Threats

• Man arrested after UK school finds wiped hard drives on devices connected to network

Nation-State Actors

• More Security Vendors Admit to SolarWinds Attacks 

Denial of Service

• DDoS attacks: Big rise in threats to overload business networks

Privacy

• These malicious tracking apps have already been downloaded over a billion times

• Banks rush to spy on traders’ Signal chats amid WhatsApp exodus

Reports Published in the Last Week

• Cyber fraud a national security issue, says RUSI report

Other News

• Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

• TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

386 million user records stolen in data breaches — and they're being given away for free

A notorious hacker or group of hackers is giving away copies of databases said to contain 386 million user records, after posting links to the databases on a marketplace used by cyber criminals.

The threat actor, who goes by the name ShinyHunters, claims to have data stolen from 18 different websites in the past seven months. According to reports, ShinyHungers last week began uploading the databases to a forum where anyone can download them free of charge.

ShinyHunters is believed to have played a role in high-profile data breaches at HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad and even Microsoft's GitHub account. Many of these records were previously offered for sale online.

Why this matters:

Any details stolen from one site or service will be used against other sites and services, this is why it is critical that passwords are not reused across different sites and that all passwords are unique. Using multi factor authentication is also very effective at safeguarding against these types of attacks.

Read more here: https://www.tomsguide.com/news/shinyhunters-breach-giveaway

Twitter says spear-phishing attack on employees led to breach

Twitter said a large hack two weeks ago targeted a small number of employees through a phone “spear-phishing” attack.

The social media platform said the hackers targeted about 130 accounts, tweeted from 45, accessed the inboxes of 36, and were able to download Twitter data from seven.

Attackers also targeted specific employees who had access to account support tools, Twitter said. The company added it has since restricted access to its internal tools and systems.

Twitter suffered a major security breach on 15 July that saw hackers take control of the accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple.

The hack unfolded over the course of several hours, and in the course of halting it, Twitter stopped all verified accounts from tweeting – an unprecedented measure.

Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

Why this matters?

It is nearly always a lot easier for attackers to attack your users than it is to attack your systems. IT controls alone cannot protect against social engineering attacks so making sure your staff are trained so they don’t fall for social engineering attacks is a critical part of your defence.

Read more here: https://www.theguardian.com/technology/2020/jul/30/twitter-breach-hackers-spear-phishing-attack

Cyber-Criminals Continue to Exploit #COVID19 During Q2

Cyber-criminals’ exploitation of the COVID-19 pandemic to target individuals and businesses has continued unabated during the second quarter of 2020, according to one Cyber Security firm’s Q2 2020 Threat Report published today. The findings highlight how the crisis is defining the cybersecurity landscape in Q2 in a similar way as it did in Q1 after the pandemic first struck.

The firm observed a continuous focus on phishing using COVID-19 lures in this period. This included criminals taking advantage of the rise in online shopping that has occurred during the pandemic, with a 10-fold increase in phishing emails impersonating one of the world’s leading package delivery services found in comparison to Q1.

The shift to remote working as a result of the pandemic has also led to increased targeting of Remote Desktop Protocol’s in recent months.

Ransomware tactics were found to be “rapidly developing” in this period, with operators moving away from doxing and random data leaking towards auctioning the stolen data on dedicated underground sites.

Why does this matter?

The Coronavirus crisis gave criminals an efficient lure to bait phishing emails with and for as long as it is working they will continue to exploit this crisis. It’s like we always say “cyber criminals will never let a good crisis or tragedy go to waste”

Read more here: https://www.infosecurity-magazine.com/news/cyber-criminals-exploit-covid/

FBI Releases Flash Alert on Netwalker Ransomware

The US Federal Bureau of Investigations (FBI) released a flash alert in which it warned organisations about the dangers of Netwalker ransomware.

The FBI said that it had received notifications of attacks involving Netwalker against U.S. and foreign government organisations along with entities operating in the healthcare and education sectors.

In its alert, the FBI noted that those responsible for Netwalker had used COVID-19 phishing emails and unpatched vulnerabilities affecting VPN apps to gain entry into an organisation. The malicious actors had then used their crypto-malware to harvest administrator credentials and steal data from their victims. Ultimately, the attackers uploaded that stolen information to a file-sharing service.

Once they had come into possession of a victim’s data, the nefarious individuals activated the ransomware’s encryption routine. This step led the threat to encrypt all connected Windows-based devices and information before dropping a ransom note on the infected machine.

Why does this matter?

Ransomware remains one of the biggest risks for all firms, organisations and individuals, and the majority of the time the ransomware infection will stem from a phishing email that a user within an organisation clicked on. As with all social engineering attacks IT controls alone are of limited effectiveness and defending against these attacks comes down to educating your users and instilling in them the importance of the role they play in defending an organisation.

Read more here: https://www.tripwire.com/state-of-security/security-data-protection/fbi-releases-flash-alert-on-netwalker-ransomware/

Garmin may have paid hackers ransom, reports suggest

Fitness wearable and Navtech supplier Garmin may have given in to the demands of cyber criminals who encrypted its systems with ransomware, according to news reports that suggest the firm has obtained a decryption key to recover its files, strongly suggesting it has either paid up, or brokered some kind of deal.

In a statement issued four days after its services first went offline, Garmin finally confirmed it had been the victim of a cyber attack, having previously limited its response to saying it was experiencing an outage. It has not yet confirmed it was the victim of a ransomware incident, although this is now all but certain.

A spokesperson said: “Garmin today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer-facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation,” said the firm.

“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Why does this matter?

Ransomware can affect firms of any size, from the smallest to the largest, no firm or organisation is immune and even firms that are spending millions or tens of millions on advanced protections and controls can still fall victim. These types of attacks go after the people working for an organisation, not the organisations technical infrastructure and technical controls are of limited use in defending against these types of attacks. An organisation needs to ensure their users are efficient at spotting phishing emails, it only takes one user clicking on one malicious email to take down a multinational corporation.

Read more here: https://www.computerweekly.com/news/252486775/Garmin-may-have-paid-hackers-ransom-reports-suggest

Cyber-security agencies from the UK and the US say 62,000 QNAP NAS devices have been infected with the QSnatch malware

The UK NCSC and US CISA published a joint security alert this week about QSnatch, a strain of malware that has been infecting network-attached storage (NAS) devices from Taiwanese device maker QNAP.

In alerts  by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC), the two agencies say that attacks with the QSnatch malware have been traced back to 2014, but attacks intensified over the last year when the number of reported infections grew from 7,000 devices in October 2019 to more than 62,000 in mid-June 2020.

Of these, CISA and the NSCS say that approximately 7,600 of the infected devices are located in the US, and around 3,900 in the UK.

Why this matters?

Vulnerable devices can be used to steal credentials (usernames and passwords) and exfiltrate information from devices on the network. It is important to keep devices up to date with the latest security patches to close any vulnerabilities before they can be exploited.

Read more here: https://www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/

Hackers actively exploit high-severity networking vulnerabilities

Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks run by FTSE100/Fortune 500 companies and government organisations.

The most serious exploits are targeting a critical vulnerability in F5’s Big-IP advanced delivery controller, a device that’s typically placed between a perimeter firewall and a Web application to handle load balancing and other tasks. The vulnerability, which F5 patched three weeks ago, allows unauthenticated attackers to remotely run commands or code of their choice. Attackers can then use their control of the device to hijack the internal network it’s connected to.

Why this matters?

Vulnerable devices such as this can be used to gain access to internal networks. It is important to keep devices up to date with the latest security patches to close any vulnerabilities before they can be exploited. When a vendor releases updates they should be installed as soon as possible, ideally having been tested before updates are applied in your live environment.

Read more here: https://arstechnica.com/information-technology/2020/07/hackers-actively-exploit-high-severity-networking-vulnerabilities/

27% of consumers hit with pandemic-themed phishing scams

Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic, according to new research.

Among consumers reporting being targeted with digital COVID-19 schemes globally, 27% said they were hit with pandemic-themed phishing scams.

Identity fraud is a primary way fraudsters leverage stolen consumer data from phishing and other social engineering schemes. It can have long-term impacts for consumers such as the compromise of multiple online accounts and bringing down credit scores, which we anticipate will increase during pandemic reconstruction.

To better understand the impacts of COVID-19 on consumers, 7,384 adults in Canada, Colombia, Hong Kong, South Africa, the U.K., and the U.S. have been surveyed between June 30 and July 6, 2020.

It asked the consumers if they had been targeted by digital COVID-19 fraud and if so, which digital fraud scheme(s) related to COVID-19 were they targeted with. Globally, 32% said they had been targeted by digital fraud related to COVID-19 with the below being the top types of COVID-19 fraud they faced:

Top global online COVID-19 scams targeting consumers:

Why this matters?

Whatever works for criminals they will continue doing. Until consumers, as well as businesses, get better at detecting these scams and get better at spotting phishing emails criminals will carry on using the latest crisis or tragedy to get users to click on malicious emails and open their networks to attackers.

Read more here: https://www.helpnetsecurity.com/2020/07/24/pandemic-themed-phishing-scams/

New Netflix phishing scam uncovered - here’s how to stay safe

Security analysts have uncovered a dangerous and highly convincing new Netflix phishing scam, capable of evading traditional email security software.

The phishing email masquerades as a billing error alert, pressing the victim to update their payment details within 24 hours or have their Netflix subscription voided.

The link provided in the email redirects to a functioning CAPTCHA form, used in legitimate scenarios to distinguish between humans and AI. Although this step adds a layer of friction to the process, it serves to enhance the sense of legitimacy the attacker is attempting to cultivate.

After handing over account credentials, billing address and payment card information, the victim is then redirected to the genuine Netflix home page, unaware their data has been compromised.

Why does this matter?

Phishing campaigns like this cast a wide net and only need a small number of victims to fall for it to turn a profit, and that means these types of scams are not going to go away any time soon. If no one fell for them they would stop. Always question any email that urges you to take action quickly under the guise of some threat.

Read more here: https://www.techradar.com/news/dangerous-new-netflix-phishing-scam-hits-the-scene-heres-what-you-need-to-know

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.