Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

• Half of CISOs Now Report to CEO as Influence Grows - Infosecurity Magazine (infosecurity-magazine.com)

• Auditors more worried about cyber security than AI risks | Accounting Today

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• CEOs concerned about organisations’ ability to avert cyber attacks, despite understanding their impact: Report - The Hindu

• Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar

• Warning as more businesses fall victim to cyber attacks | Insurance Times

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)

• 90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)

• The world was already horrifying — technology is making it more so - The Hustle

• State of Cyber Awareness in the Boardroom (harvard.edu)

• What The Board Needs To Know: Cyber Attack Costs - WSJ

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cyber Security | Jackson Lewis P.C. - JDSupra

• Cyber security should be a business priority for CEOs - Help Net Security

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• The undeniable benefits of making cyber resiliency the new standard | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• Cyber insurance costs pressure business budgets - Help Net Security

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023

• New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)

• Should businesses follow Google’s footsteps in cyber security? | TechRadar

• Cyber security is booming but it comes at a human cost (betanews.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)

• 6 steps to getting the board on board with your cyber security program (welivesecurity.com)

Threats

Ransomware, Extortion and Destructive Attacks

• First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine

• Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber criminals can go from click to compromise in less than a day - Help Net Security

• Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)

• Almost 60% Of Businesses Are 'Very' To 'Extremely' Concerned About Ransomware Attacks - Hornetsecurity Annual Ransomware Survey (Prnewswire.Com)

• Ransomwared health insurer wasn't using anti-virus software • The Register

• Everest searching for corporate insiders amid rare pivot • The Register

• HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)

• How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)

Ransomware Victims

• MGM Suffers $100mn loss following cyber attack, hopes insurance cover will be sufficient (insuranceinsider.com)

• Cyber attack victim Estes making ‘steady progress’ - FreightWaves

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Ransomwared health insurer wasn't using anti-virus software • The Register

• BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)

• Ransomware group starts leaking data allegedly from NJ cardiology consultants group (databreaches.net)

Phishing & Email Based Attacks

• The looming threat of a single phishing click to your business (cms-lawnow.com)

• Hackers are using AI for phishing | Windows Central

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Phishing, the campaigns that are affecting Italy (securityaffairs.com)

BEC – Business Email Compromise

• What is business email compromise (BEC)? | ITPro

Other Social Engineering; Smishing, Vishing, etc

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Artificial Intelligence

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• 'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)

• Cyber security pros predict rise of malicious AI - Help Net Security

• Downing Street trying to agree statement about AI risks with world leaders | Artificial intelligence (AI) | The Guardian

• Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Hackers are using AI for phishing | Windows Central

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

• US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)

• Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)

• How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)

2FA/MFA

• Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication (pcmag.com)

Malware

• Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)

• Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)

• How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)

• Endpoint malware attacks decline as campaigns spread wider - Help Net Security

Mobile

• Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)

• Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)

• 5 quick tips to strengthen your Android phone security today | ZDNET

Botnets

• Mirai DDoS malware botnet variant expands targets with 13 router exploits (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)

• Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert

Internet of Things – IoT

• Connected vehicles can be at risk of hacking, consumer awareness paramount: experts - Victoria Times Colonist

• Automotive cyber security: A decade of progress and challenges - Help Net Security

• Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

• Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week

• Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)

Data Breaches/Leaks

• 3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)

• US Smashes Annual Data Breach Record With Three Months Left - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)

• Hackers compile database of people of Jewish descent using stolen 23andMe user data - Washington Times

• DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)

• Lyca Mobile says customer data was stolen during cyber attack | TechCrunch

• Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Air Europa customers urged to cancel cards following hack on payment system (therecord.media)

• Dymocks breach happened while changing providers | Information Age | ACS

• 88% of Hospitals And Other Health-Care Organisations Faced Cyber Attacks Last Year (databreaches.net)

• Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The cyber villains are getting bolder. Businesses need to up their game - Raconteur

• Minister:  ‘Cyber criminals are often in uncooperative jurisdictions – making international collaboration essential’ – PublicTechnology

• Protecting your business against the cyber criminal enterprise (techuk.org)

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

Insider Risk and Insider Threats

• Everest searching for corporate insiders amid rare pivot • The Register

• Time to safeguard the financial sector? Navigating employee turnover to defend against cyber attacks - Digital Journal

• Former US soldier accused of trying to pass secrets to China • The Register

• The Mind of the Inside Attacker (informationweek.com)

• Understanding the human factor of digital safety | TechRadar

Fraud, Scams & Financial Crime

• Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media

• Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• UK users of illicit streaming services warned of risk of fraud or police visit | TV streaming | The Guardian

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• Never click on bank-draining words if message pops up, expert warns (ladbible.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Deepfakes

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

AML/CFT/Sanctions

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

Insurance

• Cyber insurance costs pressure business budgets - Help Net Security

• Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News

• Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)

Supply Chain and Third Parties

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• Cyber attack hits electronics firm Volex (cityam.com)

Software Supply Chain

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

Cloud/SaaS

• The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)

• Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology

• Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (thehackernews.com)

• Securely Moving Financial Services to the Cloud (darkreading.com)

Identity and Access Management

• Why identity infrastructure is the new cyber attack surface (siliconrepublic.com)

Encryption

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

API

• You can't avoid APIs, so you need to secure them (betanews.com)

Open Source and Linux

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

• US Government Issues Open-Source Security Guidance for Critical Infras - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA publishes top 10 most common security misconfigurations • The Register

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

Social Media

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)

• What should you do if your Facebook is hacked? (pocket-lint.com)

Parental Controls and Child Safety

• New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise (thehackernews.com)

Regulations, Fines and Legislation

• SEC Adopts New and Burdensome Cyber Cecurity Disclosure Rules | Kohrman Jackson & Krantz LLP - JDSupra

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

Models, Frameworks and Standards

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

Data Protection

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

Careers, Working in Cyber and Information Security

• Work-related stress “keeps cyber professionals up at night” | ITPro

• Fifth of UK Cyber Security Pros Work Excessive Hours - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security is booming but it comes at a human cost (betanews.com)

• eBook: Cyber security career hacks for newcomers - Help Net Security

• Turning military veterans into cyber security experts - Help Net Security

• CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week

• Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)

Law Enforcement Action and Take Downs

• European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

• Cyber Attacks Targeting Israel Are on the Rise After Hamas Attack | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

• Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)

• Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week

• Israel Cyber Attacks: What MSSPs Need to Know | MSSP Alert

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

• The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cyber crime. (thecyberwire.com)

• Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)

• The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

Russia

• Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)

• Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)

• Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba

• Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

China

• A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)

• Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)

• Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Former US soldier accused of trying to pass secrets to China • The Register

• Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants (thehackernews.com)

Iran

• Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)

North Korea

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• North Korea's State-Sponsored APTs Organise & Align (darkreading.com)

Vulnerability Management

• Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)

• Microsoft Patch Tuesday turns 20 • The Register

• Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert

Vulnerabilities

• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws (securityaffairs.com)

• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)

• Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week

• Google Chrome 118 is a massive security update - gHacks Tech News

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)

• WhatsApp exploits commanding multi-million prices (computing.co.uk)

• High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)

• Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week

• Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)

• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

• New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)

• libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)

• D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• Apple releases iOS 16.7.1 to plug critical security holes | Macworld

• The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• 35 Squid proxy bugs still unpatched after 2 years • The Register

• Fortinet Releases Security Updates for Multiple Products | CISA

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

Tools and Controls

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

• 16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)

• A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)

• You can't avoid APIs, so you need to secure them (betanews.com)

• What is External Attack Surface Management (EASM)? | UpGuard

• Why You Should Phish In Your Own (informationsecuritybuzz.com)

• Why zero trust delivers even more resilience than you think - Help Net Security

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

• Unmasking the limitations of yearly penetration tests - Help Net Security

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Keep on keeping your organisation informed to stay cyber secure (techuk.org)

• Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)

Reports Published in the Last Week

• Global Incident Response Threat Report (vmware.com)

Other News

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Large law firms experiencing two 'cyber incidents' a month - Legal Futures

• Small businesses growing target for cyber criminals (planetradio.co.uk)

• The world was already horrifying — technology is making it more so - The Hustle

• Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)

• Subsea cable business seeks to plug its security holes (lightreading.com)

• Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)

• Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)

• Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star

• Proactive not reactive: adjusting the approach to cyber crime in education

• Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)

• As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security

• Social care and cyber-crime - Social care (blog.gov.uk)

• Electric Power System Cyber Security Vulnerabilities (trendmicro.com)

• Cable Giant Volex Targeted in Cyber Attack - Security Week

• Securing the Food Pipeline from Cyber Attacks (newswise.com)

• US construction giant reports cyber security incident • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Than Half of UK Organisations Know They Aren’t Well Protected

According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.

Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.

Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Sources: [IT Security Guru][Beta News]

Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare

A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.

The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.

For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.

Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]

Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]

Businesses Ignore Incident Response at Their Peril

According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.

Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.

One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it. 

Source: [Infosecurity Magazine]

Blame Culture: An Organisation’s Ticking Time Bomb

An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.

Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.

Source: [ IT Security Guru]

Spend to Save: CFOs and Cyber Security Investment

For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.

When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.

Source: [Security Intelligence]

Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors

An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.

Source: [News Week]

Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.

Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Source: [The Register] [Tech Monitor]

Common Tactics Used by Threat Actors to Weaponise PDFs

PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.

Source: [Cyber Security News]

Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.

The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.

Source: [The Register]

Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability.  Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.

Source: [IT Security Guru]

71% of Organisations are Impacted by Cyber Security Skills Shortage

Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.

Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.

Source: [Security Magazine] [Digital Journal]

Multiple Schools Hit by Cyber Attacks Before Term Begins

Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.

The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• The importance of CISOs is not recognised by senior leadership - IT Security Guru

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• More than half of UK organisations know they aren’t well protected against cyber threats - IT Security Guru

• Boards show confidence in their cyber security but still think they're at risk of attack (betanews.com)

• SEC tells companies to “show their work” on cyber security - Red Canary

• Cyber security: a life cycle, not a destination | Hydrocarbon Engineering

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Compliance budgets under strain as inflation and workload grow - Help Net Security

• Cyber Security pros battle discontent amid skills shortage - Help Net Security

• CISOs weigh in on building security-focused culture | Healthcare IT News

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Attackers access military data through fencing supplier • The Register

• Yes, Ransomware is Still a Huge Problem | CSO Online

• Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)

• Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)

• Ransomware attacks go beyond just data - Help Net Security

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Killware vs. Ransomware: What's the Difference? (makeuseof.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)

• Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)

• How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)

Ransomware Victims

• LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)

• Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)

• Maidstone: Secondary school hit by cyber attack - BBC News

• Debenham High School IT system hit by cyber attack - BBC News

• Highgate Wood School delays term by 6 days after cyber attack | This Is Local London

• Cyber attack hits Suffolk school (computing.co.uk)

• Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle

• Russian ransomware gang AlphV targets pathology company, law firms in latest string of attacks - ABC News

• LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) (securityaffairs.com)

• Ransomware gang claims credit for Sabre data breach | TechCrunch

• Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)

Phishing & Email Based Attacks

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• Spam is up, QR codes emerge as a significant threat vector - Help Net Security

• From unsuspecting click to data compromise - Help Net Security

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

• Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)

• What Is Spear Phishing? A Comprehensive Guide - Sapphire

Other Social Engineering; Smishing, Vishing, etc

• Emerging threat: AI-powered social engineering - Help Net Security

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (thehackernews.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Artificial Intelligence

• Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)

• AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)

• Emerging threat: AI-powered social engineering - Help Net Security

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)

• It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE

• Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)

• Cyber Security Concerns In AI: NCSC Flags Vulnerabilities In Chatbots And Language Models (informationsecuritybuzz.com)

• UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)

• Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK

• Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)

• How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)

• 3 ways to strike the right balance with generative AI - Help Net Security

• Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Malware

• Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)

• Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus (thehackernews.com)

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)

• Malware Report: The Evolution of BumbleBee - Understanding the Emerging New Threat (govinfosecurity.com)

• Malware configurations How to find and use them? (govinfosecurity.com)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)

• New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

Mobile

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld

Botnets

• It might be too soon to claim victory against Qakbot | Computer Weekly

Denial of Service/DoS/DDOS

• DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA

BYOD

• Many businesses still aren't using BYOD protection | TechRadar

Internet of Things – IoT

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• Tech Company Says Cars Collect 25 Gigabits of Data per Hour, Making Them Targets for Hacking | The Epoch Times

• Connected cars and cyber crime: A primer - Help Net Security

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• Why consumer drones represent a special cyber security risk (securityintelligence.com)

• Like privacy? Then smart devices are a dumb idea • The Register

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

Data Breaches/Leaks

• Electoral Commission failed basic security test before hack - BBC News

• Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)

• Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)

• Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)

• Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group (bitdefender.com)

• Thousands of Popular Websites Leaking Secrets - SecurityWeek

• Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)

• Northern Ireland police chief quits in wake of data breach • The Register

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Organised Crime & Criminal Actors

• Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru

• Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

• Cyber criminals target graphic designers with GPU miners (talosintelligence.com)

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

Insider Risk and Insider Threats

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Fraud, Scams & Financial Crime

• Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru

• Smishing Triad: China-Based Fraud Network Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security

• Three men arrested for stealing thousands of dollars by hacking into ATMs with a Raspberry Pi device | PC Gamer

• Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• District of Massachusetts | Russian Businessman Sentenced to Nine Years in Prison in $93 Million Hack-to-Trade Conspiracy | United States Department of Justice

• Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Impersonation Attacks

• 'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Deepfakes

• Emerging threat: AI-powered social engineering - Help Net Security

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

AML/CFT/Sanctions

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

Insurance

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

Dark Web

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums (bleepingcomputer.com)

Supply Chain and Third Parties

• Attackers access military data through fencing supplier • The Register

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Supply chain related security risks, and how to protect against them (malwarebytes.com)

• 5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)

• University of Sydney suffered a security breach caused by a third-party service provider (securityaffairs.com)

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• Creating a more cyber secure supply chain requires group effort - FreightWaves

• Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)

• Cyber attacks attempt to crash 6 media sites globally using US. company RayoByte - Committee to Protect Journalists (cpj.org)

Software Supply Chain

• Software Supply Chain Strategies to Parry Dependency Confusion Attacks (darkreading.com)

Cloud/SaaS

• Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Hybrid/Remote Working

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Attack Surface Management

• What OSINT is, and why it’s dangerous | Kaspersky official blog

• Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE

• Top 10 riskiest assets threatening global business - IT Security Guru

Encryption

• Government denies U-turn on encrypted messaging row - BBC News

• UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop

API

• API Vulnerabilities: 74% of Organisations Report Multiple Breaches - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Software industry urged to assume risk on open source security | CIO Dive

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica

• Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

• 75% of education sector attacks linked to compromised accounts - Help Net Security

Social Media

• Twitter accused of helping Saudi Arabia commit human rights abuses | Saudi Arabia | The Guardian

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

Malvertising

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

Parental Controls and Child Safety

• Children's snack recalled after its website caught serving porn (bleepingcomputer.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Regulations, Fines and Legislation

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• SEC tells companies to “show their work” on cyber security - Red Canary

• Verizon to pay feds $4M over cyber security lapse | Light Reading

• Government denies U-turn on encrypted messaging row - BBC News

• UK drops 'spy clause' for scanning encrypted messages • The Register

Models, Frameworks and Standards

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security

• Explaining The New NIST Cyber Security Framework to the C-Suite

Backup and Recovery

• Best practices for implementing a proper backup strategy - Help Net Security

Careers, Working in Cyber and Information Security

• 71% of organisations are impacted by cyber security skills shortage | Security Magazine

• Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV

• 6 free resources for getting started in cyber security - Help Net Security

• Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop

• Cyber security pros battle discontent amid skills shortage - Help Net Security

Law Enforcement Action and Take Downs

• FBI Qakbot Takedown: Unanswered Questions (trendmicro.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cops drill into chat apps to thwart coke-smuggling ring • The Register

Privacy, Surveillance and Mass Monitoring

• Revealed: Home Office secretly lobbied for facial recognition ‘spy’ company | Facial recognition | The Guardian

• Like privacy? Then smart devices are a dumb idea • The Register

• Streetlights as Spyware (techpolicy.press)

Misinformation, Disinformation and Propaganda

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online

• NCSC Report Reveals Persistent Threat and Russia’s Ongoing Cyber Operations in Ukraine | Defense Express (defence-ua.com)

• An inside look at Ukraine's cyber war with Russia : NPR

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)

• Attackers access military data through fencing supplier • The Register

• Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

China

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• How Microsoft's highly secure environment was breached (malwarebytes.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• German companies report more cyber attacks from Russia, China | Meta.mk

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Microsoft reveals hackers compromised engineer account to gain access to government accounts - SiliconANGLE

• Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica

• South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times

• Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)

Iran

• Hackers push anti-Iranian government messages to millions via breached app | CyberScoop

• Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)

North Korea

• Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)

• Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• North Korean hackers target security researchers with new zero-day (therecord.media)

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

Misc Nation State/Cyber Warfare

• Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine

• Global cyber weapon market set for substantial growth | Insurance Business America (insurancebusinessmag.com)

• Policy, Guns and Money: Cyber conflict, competition and cooperation | The Strategist (aspistrategist.org.au)

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

Vulnerability Management

• Years-old Microsoft bugs are still hot targets for criminals • The Register

• Old vulnerabilities are still a big problem - Help Net Security

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

Vulnerabilities

• How to detect and patch a Log4J vulnerability  - IBM Blog

• Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)

• Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News

• High-Severity Vulnerability Discovered in Popular CMS - Infosecurity Magazine (infosecurity-magazine.com)

• Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)

• Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek

• Adobe ColdFusion Critical Vulnerabilities Exploited Despite Patches - Infosecurity Magazine (infosecurity-magazine.com)

• Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)

• Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)

• ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• CISA Adds One Known Vulnerability to Catalog | CISA

• Cisco SSO authentication bug patched - Security - Networking - iTnews

• Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication (talosintelligence.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

• Security or performance? Zenbleed forces you to choose | Digital Trends

Tools and Controls

• Many businesses still aren't using BYOD protection | TechRadar

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Dangling DNS Used to Hijack Subdomains of Major Organisations  - SecurityWeek

• Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)

• Cut through cyber security vendor hype with these 6 tips | TechTarget

• IAM, cloud security to drive new cyber security spending | CSO Online

• Best practices for implementing a proper backup strategy - Help Net Security

Other News

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News

• Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog

• New Nozomi Networks Study Finds EU Critical Infrastructure Companies Are Not Ready for NIS2 Compliance - IT Security Guru

• Insecure by design: What you need to know about defending critical infrastructure | CSO Online

• Half of Switzerland's large companies have been the victim of a cyber attack | Euronews

• Dangling DNS Used to Hijack Subdomains of Major Organizations  - SecurityWeek

• Securing the future: Safeguarding cyber-physical systems | CSO Online

• The tangible threat of cyber-kinetic attacks | CSO Online

• 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy  - SecurityWeek

• Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com

• Trustwave SpiderLabs Report Highlights Hospitality Industry Cybersecurity Threats (hotelnewsresource.com)

• 10 old-school security principles that (still) rule | CSO Online

• Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

• Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

• Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

• Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

• 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

• Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

• AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

• Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

• Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

• Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

• The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

• Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

• Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

• Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/

Governance, Risk and Compliance

• CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security

• Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)

• AI, trust, and data security are key issues for finance firms and their customers | ZDNET

• Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies - SecurityWeek

• Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert

• UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch

• Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Financial Industry Faces Soaring Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)

• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)

• Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)

• BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

• Ransomware, From a Different Perspective (darkreading.com)

• BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)

Ransomware Victims

• Capita admits hackers also stole staff’s personal details (thetimes.co.uk)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Barts NHS hack leaves folks on tenterhooks over extortion • The Register

• Deutsche Bank customer data leaked | Cybernews

• Scottish university cyber attack under investigation | The National

Phishing & Email Based Attacks

• New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)

• Number of email-based phishing attacks surges 464% - Help Net Security

• Chinese hackers compromised emails of US Government agencies- -Security Affairs

• Microsoft: Government agencies breached in email attacks | TechTarget

• RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security

• Top 10 Email Security Best Practices in 2023 (gbhackers.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)

• How hackers are now targeting your voice and how to protect yourself | Fox News

Artificial Intelligence

• How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• NIST Launches Generative AI Working Group (darkreading.com)

• ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)

• ‘Police are going to have a very difficult time with AI,’ says cyber security advisor – Channel 4 News

• ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

• Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop

2FA/MFA

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Malware

• 20% of malware attacks bypass antivirus protection - Help Net Security

• Malware delivery to Microsoft Teams users made easy - Help Net Security

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

• What’s up with Emotet? | WeLiveSecurity

• Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)

• Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News

• New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld

• BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

• Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

Mobile

• Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs

• The FCC aims to stop SIM swappers with new rules - The Verge

• Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)

• Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security

• Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy

Internet of Things – IoT

• Compliance seizes spotlight in the connected devices arena - Help Net Security

Data Breaches/Leaks

• So you gave personal info to a company caught in a data breach. Now what? | CBC News

• HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)

• US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Capita attackers reportedly stole data from pension fund • The Register

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

• Twenty Manx public authorities reprimanded for data breach - BBC News

• Bangladesh government website leaked data of millions of citizens-Security Affairs

Organised Crime & Criminal Actors

• British teens accused of hacks against Uber and Rockstar Games's Grand Theft Auto 6 (bitdefender.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

• Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• What’s up with Emotet? | WeLiveSecurity

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers have stolen $3 billion in crypto - Panda Security

• Cyber security professional accused of stealing $9M in crypto | TechCrunch

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

Insider Risk and Insider Threats

• How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

Fraud, Scams & Financial Crime

• E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Amazon Prime Day Draws Out Cyber Scammers (darkreading.com)

• Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Fewer Than 100 Scammers Responsible For Global Email Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• The FCC aims to stop SIM swappers with new rules - The Verge

• Hackers have stolen $3 billion in crypto - Panda Security

Insurance

• Zurich Unwraps New Cyber Insurance for Mid-Market Companies - MSSP Alert

• Rethinking Cyber Insurance | Mimecast

Dark Web

• Understanding Dark Web vs. Deep Web (geekflare.com)

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

Supply Chain and Third Parties

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Capita attackers reportedly stole data from pension fund • The Register

• MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

Cloud/SaaS

• Only 45% of cloud data is currently encrypted - Help Net Security

• Microsoft alleges China behind attack on Exchange Online • The Register

• For stronger public cloud data security, use defence in depth | TechTarget

• Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)

• Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

Hybrid/Remote Working

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

Attack Surface Management

• Attack Surface Management: Identify and protect the unknown - Help Net Security

Identity and Access Management

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

Encryption

• Only 45% of cloud data is currently encrypted - Help Net Security

API

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

Open Source

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Popular WordPress Security Plugin Caught Logging Plaintext Passwords - SecurityWeek

Social Media

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)

Travel

• Cyber security best practices while working in the summer - Help Net Security

Regulations, Fines and Legislation

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)

• A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly

Models, Frameworks and Standards

• NIST Launches Generative AI Working Group (darkreading.com)

• How to map security gaps to the Mitre ATT&CK framework | TechTarget

• Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget

Data Protection

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• Twenty Manx public authorities reprimanded for data breach - BBC News

Careers, Working in Cyber and Information Security

• Global Hacking Competition Addresses Critical Increase in Cybersecurity Threats for Businesses (darkreading.com)

• Free entry-level cyber security training and certification exam - Help Net Security

Law Enforcement Action and Take Downs

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• France 's government is giving the police more surveillance power-Security Affairs

Misinformation, Disinformation and Propaganda

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog

• NATO Countries Must Work Together to Counter the Russian Cyber-Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)

• Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)

• Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)

• Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• APT Profile: FIN7 - SOCRadar® Cyber Intelligence Inc.

• Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)

• Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)

• Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert

• Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

China

• China 'aggressively' targeting UK – but government has 'no strategy' to tackle it, Intelligence and Security Committee of MPs says | Politics News | Sky News

• Chinese hackers compromised emails of US Government agencies-Security Affairs

• UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent

• Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)

Iran

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

North Korea

• North Korean hackers have stolen $3 billion in crypto - Panda Security

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

Vulnerabilities

• MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)

• After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek

• Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack (thehackernews.com)

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek

• Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)

• Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari (thehackernews.com)

• Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)

• Raising concerns over Google Authenticator’s new features | TechRadar

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)

• Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek

• Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)

• Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

• Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs

• Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)

• Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs

OT/ICS Vulnerabilities

• Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organisations - SecurityWeek

• Critical RCE Vulnerability in Rockwell Automation PLCs Zaps ICS (darkreading.com)

• 3 Critical RCE Bugs Threaten Industrial Solar Panels (darkreading.com)

Tools and Controls

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

• Infrastructure upgrades alone won't guarantee strong security - Help Net Security

• Cyber Security Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions (darkreading.com)

• What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget

• Overcoming user resistance to passwordless authentication - Help Net Security

• Understanding The Difference Between DDR and EDR - GBHackers - Latest Cyber Security News | Hacker News

• Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)

• New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security (thehackernews.com)

• 3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)

• The history, evolution and current state of SIEM | TechTarget

• Attack Surface Management: Identify and protect the unknown - Help Net Security

• How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)

• Guide to Operationalizing Zero Trust (trendmicro.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

• Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)

• Intrusion Detection & Prevention Systems Guide (trendmicro.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

• Wi-Fi AP placement best practices and security policies | TechTarget

• For stronger public cloud data security, use defence in depth | TechTarget

Other News

• Growing reliance on satellites requires new approach to cyber security in space, expert says | CyberScoop

• White House Urged to Quickly Nominate National Cyber Director (darkreading.com)

• The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)

• Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop

• Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security

• White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

• One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

• Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

• Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

• Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

• Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

• Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

• 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

• Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

• What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Governance, Risk and Compliance

• Cyber Security experts have become targets for board seats (cnbc.com)

• The Impacts of Data Loss on Your Organisation -Security Affairs

• One third of security breaches go unnoticed by security professionals - Help Net Security

• Small organisations face security threats on a limited budget - Help Net Security

• How to cultivate a culture of continuous cyber Security improvement - Help Net Security

• CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

• Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of consumers prepared to ditch brands hit by ransomware - Help Net Security

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)

• Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

• Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)

• The rise in cyber extortion attacks and its impact on business security - Help Net Security

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek

• Microsoft Can Fix Ransomware Tomorrow (darkreading.com)

• Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs

• Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs

• Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity (yahoo.com)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Thirty-three US Hospitals Hit By Ransomware This Year - Infosecurity Magazine (infosecurity-magazine.com)

• How ransomware impacts the healthcare industry - Help Net Security

• Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW Vault | SC Media (scmagazine.com)

• June saw flurry of ransomware attacks on education sector | TechTarget

• Decryption tool for Akira ransomware available for free | Tripwire

• Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert

• What is WannaCry Ransomware? | Definition from TechTarget

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Ransomware Victims

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• One million NHS patients’ data compromised after cyber Attack on University of Manchester | The Independent

• Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

• Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• TSMC says IT supplier extorted by LockBit • The Register

• MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg

• UCLA among victims of worldwide cyber attack – NBC Los Angeles

• BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg

• Chipmaker TSMC says supplier targeted in cyber Attack | Reuters

• MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• Suspicious Email Reports Up a Third as NCSC Trumpets Active Defence - Infosecurity Magazine (infosecurity-magazine.com)

• Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert

• Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)

BEC – Business Email Compromise

• 6 Steps To Outsmart Business Email Compromise Scammers (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Quishing on the rise: How to prevent QR code phishing | TechTarget

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Artificial Intelligence

• AI’s rise is ‘most profound’ tech shift to impact ‘all of our lives’, Google UK chief says | The Independent

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

• Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times

• AI-generated attack vectors cyber Security should watch for (fastcompany.com)

• The EU hasn’t got its AI Act together yet - The Verge

• OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• GPT-4 is great at infuriating telemarketing scammers • The Register

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Malware

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Meduza Stealer Targets Windows Users With Advanced Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Fileless attacks increase 1,400% - Help Net Security

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms (therecord.media)

• CISA: Truebot malware infecting networks in US, Canada | TechTarget

• Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)

• Android users at risk as banking trojan targets more apps | Fox News

• Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert

• We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Botnets

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

Denial of Service/DoS/DDOS

• CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics (thehackernews.com)

Data Breaches/Leaks

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• The Impacts of Data Loss on Your Organisation- Security Affairs

• Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone (thehackernews.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)

• OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop

• 28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek

Organised Crime & Criminal Actors

• Exploring the Dark Web Job Market (socradar.io)

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• Hackers stole millions of dollars worth of crypto assets from Poly Network platform- Security Affairs

Insider Risk and Insider Threats

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Fraud, Scams & Financial Crime

• Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)

• Support from British businesses crucial in removing over... - NCSC.GOV.UK

• GPT-4 is great at infuriating telemarketing scammers • The Register

• Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Scammers using AI voice technology to commit crimes - Help Net Security

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

AML/CFT/Sanctions

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)

• Cyber insurance rates drop 10% in June, report says | Reuters

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Dark Web

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring the Dark Web Job Market (socradar.io)

• Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)

Supply Chain and Third Parties

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

Software Supply Chain

• A CISO's Guide to Paying Down Software Supply Chain Security Debt (darkreading.com)

Cloud/SaaS

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Japan rebukes Fujitsu for cloud security fails • The Register

• Cloud security: Sometimes the risks may outweigh the rewards – Cyber Reports Cyber Security News & Information (cyber-reports.com)

• 53% of SaaS licenses remain unused - Help Net Security

• IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Attack Surface Management

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

Encryption

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Exploring the Dark Web Job Market (socradar.io)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• Security Experts Raise Major Concerns With Online Safety Bill - Infosecurity Magazine (infosecurity-magazine.com)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

API

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Mission Linux: How the open source software is now a lucrative target for hackers | CSO Online

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch

• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)

Social Media

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Malvertising

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

Regulations, Fines and Legislation

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• European companies slam the EU’s incoming AI regulations in open letter - The Verge

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

Models, Frameworks and Standards

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Careers, Working in Cyber and Information Security

• Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru

• 3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)

• Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)

• CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru

• Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)

• ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security

Law Enforcement Action and Take Downs

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Privacy, Surveillance and Mass Monitoring

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• TSA hopes to expand facial recognition over next ten years • The Register

• NJ cops must get wiretap order for real-time Facebook snoop • The Register

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Switzerland’s Security Report: Impact of Russia–Ukraine Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite system used by Russian military is hacked - The Washington Post

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)

China

• US authorities warn on China’s new counter-espionage la' • The Register

• Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research

• Chinese threat actor attacks diplomats across Europe • The Register

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

Iran

• Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks | SC Media (scmagazine.com)

North Korea

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• North Korean satellite had no military utility for spying • The Register

Misc/Other/Unknown

• Advanced Persistent Threats: A Wake-Up Call for Cyber Security (ts2.space)

Vulnerability Management

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

Vulnerabilities

• CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild | SC Media (scmagazine.com)

• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)

• Microsoft puts out Outlook fire, downplays Teams flaw • The Register

• Critical Flaw Exposes ArcServe Backup to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek

• Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)

• StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)

• Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic- Security Affairs

Tools and Controls

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Small organisations face security threats on a limited budget - Help Net Security

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• Mitigating Risk With Threat Intelligence (darkreading.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Reports Published in the Last Week

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com)

Other News

• Foreign spies hacked government 20 years ago (thetimes.co.uk)

• GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru

• Hacks targeting British exam boards raise fears of students cheating (therecord.media)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• Is your browser betraying you? Emerging threats in 2023 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

Last weekend, Barts Health NHS trust was breached in a cyber attack, with Russian-linked cyber crime gang ALPHV, also known as BlackCat. The attackers claimed to have acquired seven terabytes of internal documents from the trusts’ systems.  A selection of files including copies of driving licenses, passports and correspondence have already been leaked. It is believed that more is to come. This comes after other recent cyber attacks, such as the MOVEit hack, which has impacted over 130 organisations and 15 million individuals.

What’s the risk to me or my business?

The availability of such detailed personal information poses an increased risk of threat actors exploiting it for phishing purposes, and also increases the likelihood that the information could be used for identity fraud. With access data such as previous email chains with an individual, phishing attacks can appear more authentic as responses to legitimate requests, making them more likely to succeed.

What can I do?

To help mitigate the risk, Black Arrow strongly recommend maintaining a high level of vigilance and awareness. It is crucial to understand that the presence of personal or confidential information alone does not guarantee authenticity. Take the time to double-check any suspicious communication or requests before sharing sensitive information. By remaining cautious and verifying the legitimacy of any unexpected or unusual messages, you can reduce the likelihood of falling victim to phishing attacks. It is also recommended that individuals monitor their own personal accounts for suspicious activity including the information stored with credit unions such as Equifax and Transunion to identify potential cases of identity theft.

More information on the NHS Breach can be found here: https://www.telegraph.co.uk/news/2023/06/30/russia-may-have-hacked-nhs-trust-with-two-million-patients/

More information on the MOVEit attack can be found here: https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• How to Keep Cyber Attacks from Tanking Your Balance Sheet

According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.

The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.

When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.

https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet

• Company Size Doesn’t Matter When It Comes to Cyber Attacks

65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).

Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.

https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

• ‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.

Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.”  Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.

https://www.thetimes.co.uk/article/exceptional-cyberattacks-now-normal-says-bt-security-chief-nd2kfp3gc

• How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.

Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.

Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.

https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/

• Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.

In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.

https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/

• Don't be Polite When you Get a Text from a Wrong Number

You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.

https://www.kens5.com/article/money/consumer/wrong-number-text-messages/273-c94cd68b-6117-4add-bf16-e010f7e16726

• Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.

The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.

https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.

This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.

https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season

• Organisations Spend 100 Hours Battling Post-Delivery Email Threats

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.

Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.

https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/

• Ransomware Gangs Adopting Business-like Practices to Boost Profits

Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.

The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.

https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/

• The Sobering Truth about Ransomware—for the 80% Who Paid Up

Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.

Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.

Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.

https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up 

• The Great CISO Resignation: Why Security Leaders are Quitting in Droves

With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.

This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?

https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05/

• When is it Time for a Cyber Hygiene Audit?

Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.

Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.

An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.

https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html

Governance, Risk and Compliance

• Company size doesn't matter when it comes to cyber attacks - Help Net Security

• How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The great CISO resignation: Why security leaders are quitting in droves - SDxCentral

• ‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)

• Breaking Enterprise Silos and Improving Protection – Security Week

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Attackers leave organisations with no recovery option - Help Net Security

• Ransomware Gangs Adopting Business-like Practices to Boost Profits - Infosecurity Magazine (infosecurity-magazine.com)

• The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)

• Rogue IT security worker failed to cover his tracks | Tripwire

• Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week

• The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)

• Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment

• AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)

• BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)

• BlackCat claims the hack of the Casepoint legal technology platform used by US agencies - Security Affairs

• Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)

• Fighting ransomware: Perspectives from cyber security professionals - Help Net Security

Ransomware Victims

• New York county still dealing with ransomware 8 months later • The Register

• ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week

• MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)

• Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)

• Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability

Phishing & Email Based Attacks

• Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security

• Organisations spend 100 hours battling post-delivery email threats - Help Net Security

• Phishing remained the top identity abuser in 2022: IDSA report | CSO Online

• DocuSign-themed email leads to script-based infection

• New phishing technique poses as a browser-based file archiver | CSO Online

• Nigerian Cyber crime Ring's Phishing Tactics Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)

• North Korean phishing gang stole rocket tech info • The Register

Artificial Intelligence

• AI is 'a nuclear bomb and the entire world has already got it,' Palantir ethics expert warns (yahoo.com)

• Artificial intelligence is similar extinction risk as nuclear war and pandemics, say experts | Science & Tech News | Sky News

• AI: War crimes evidence erased by social media platforms - BBC News

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)

• What not to share with ChatGPT if you use it for work | Mashable

• Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends

• Generative AI: The new attack vector for trust and safety - Help Net Security

• What are the concerns around AI and are some of the warnings 'baloney'? | Science & Tech News | Sky News

2FA/MFA

• PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com)

Malware

• QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

• DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)

• Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)

• Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)

• PyPI malware ramps up the threat to the code repository • The Register

• Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)

• Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Mobile

• Don't be polite when you get a text from a wrong number | kens5.com

• Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)

• Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)

• Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)

Botnets

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Threatening botnets can be created with little code experience… – Unified Networking (unifiedguru.com)

• What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)

• CAPTCHA-Breaking Services with Human Solvers Helping Cyber criminals Defeat Security (thehackernews.com)

Denial of Service/DoS/DDOS

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

Internet of Things – IoT

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• How Safe Is Your Wearable Device? (darkreading.com)

• Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)

• Solar panels vulnerable to hackers, concern for network security - DutchNews.nl

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)

• Dutch watchdog looking into alleged Tesla data breach | Reuters

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• The root causes of API incidents and data breaches - Help Net Security

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Retailer Database Error Leaks Over One Million Customer Records - Infosecurity Magazine (infosecurity-magazine.com)

• Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs

Organised Crime & Criminal Actors

• Types of Cyber Crime: A Comprehensive Guide to Uncover and Prevent Digital Attacks - Security Boulevard

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

• What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online

• New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)

• Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)

Insider Risk and Insider Threats

• Report: ‘massive’ Tesla leak reveals data breaches, thousands of safety complaints | Tesla | The Guardian

• Rogue IT security worker failed to cover his tracks | Tripwire

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Fraud, Scams & Financial Crime

• Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

Insurance

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)

Dark Web

• The Dark Web: Exploring the Hidden Internet | TechSpot

Supply Chain and Third Parties

• Capita cyber attack: 90 organisations report data breaches | Capita | The Guardian

• Cyber Actors Impact Daily Life in Attacks on Critical Infrastructure, Supply Chains, Report Says - MSSP Alert

Software Supply Chain

• CISO-approved strategies for software supply chain security - Help Net Security

• Where SBOMs Stand Today (darkreading.com)

Cloud/SaaS

• One of Microsoft Azure's top tools has a serious security flaw | TechRadar

• Top public cloud security concerns for the media and entertainment industry - Help Net Security

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Why organisations should adopt a cloud cyber security framework - Help Net Security

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

• Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace (darkreading.com)

Hybrid/Remote Working

• Navigating cyber security in the age of remote work - Help Net Security

Shadow IT

• The shadow IT fight — 2023 style | Computerworld

Identity and Access Management

• Digital nomads drive changes in identity verification - Help Net Security

Encryption

• After 28 years, SSLv2 is still not gone from the internet... but we're getting there

API

• The root causes of API incidents and data breaches - Help Net Security

Open Source

• 2 Lenses for Examining the Safety of Open Source Software (darkreading.com)

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Passwords, Credential Stuffing & Brute Force Attacks

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Swiss real estate agency Neho fails to put a password on its systems - Security Affairs

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

Social Media

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• Twitter pulls out of voluntary EU disinformation code - BBC News

• AI: War crimes evidence erased by social media platforms - BBC News

Malvertising

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

Training, Education and Awareness

• Building an Effective Cyber security Training Program (hbr.org)

Travel

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)

• US court finds that border phone searches need a warrant • The Register

Parental Controls and Child Safety

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Regulations, Fines and Legislation

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

• Netflix warns it may remove content from UK catalogue over government media bill | The Independent

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Models, Frameworks and Standards

• Why organisations should adopt a cloud cyber security framework - Help Net Security

Data Protection

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

Careers, Working in Cyber and Information Security

• Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)

• Managing mental health in cyber security - Help Net Security

• ISACA pledges to help grow cyber security workforce in Europe | CSO Online

Law Enforcement Action and Take Downs

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

Privacy, Surveillance and Mass Monitoring

• The answer to the FBI's advanced persistent threat • The Register

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Twitter pulls out of voluntary EU disinformation code - BBC News

• The 2024 race promises to be 'very, very active' in terms of foreign and domestic meddling, says former CISA chief | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine war blurs lines between cyber crims and state hacks • The Register

• Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED

• Chinese State-Backed Cyber Operatives Threaten Critical Infrastructure in Espionage Campaign - MSSP Alert

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Predator may have more spyware capabilities than we know • The Register

• Cyber Army! US Mulls Creating A New Military Unit That Can 'Track & Whack' Chinese, Russian Aggression (eurasiantimes.com)

• Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)

• Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• AI: War crimes evidence erased by social media platforms - BBC News

Nation State Actors

• How APTs target SMBs - Help Net Security

• Chinese hackers seeking ways to cripple infrastructure 'likely to have targeted UK operators' (inews.co.uk)

• China hacking Guam: Can the US stop foreign cyber attacks? | The Week

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• Investigation Launched After London City Airport Website Hacked (simpleflying.com)

• Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times

• North Korea says spy satellite launch crashed into sea - BBC News

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)

• The next Chinese tech threat is already here | The Spectator

• North Korean phishing gang stole rocket tech info • The Register

• North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Vulnerability Management

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• 3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them (thehackernews.com)

• Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)

Vulnerabilities

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Zero-day vulnerability in MoveIt Transfer under attack | TechTarget

• Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)

• Chrome 114 Released With 18 Security Fixes – Security Week

• WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)

• WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)

• Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)

• Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security

• Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)

• Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

• Barracuda Email Security Gateway under active attack • The Register

• MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)

• FTC accuses Amazon of nightmare IoT security fails • The Register

• Critical Vulnerabilities Found in Faronics Education Software – Security Week

Tools and Controls

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• 6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cyber crime (thehackernews.com)

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• Digital nomads drive changes in identity verification - Help Net Security

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• The Top 10 endpoint security challenges and how to overcome them | VentureBeat

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Disaster recovery challenges enterprise CISOs face - Help Net Security

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru

Reports Published in the Last Week

• Global Threat Intelligence Report April (blackberry.com)

• Top Cyber attacks Revealed in New Threat Intelligence Report (darkreading.com)

Other News

• Undetected Attacks Against Middle East Targets Conducted Since 2020 (darkreading.com)

• 8 best practices for securing your Mac from hackers in 2023 (techrepublic.com)

• Hot Pixels attack checks CPU temp, power changes to steal data (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Business Email Compromise Attacks Can Take Just Hours

Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.

https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.

https://www.itsecurityguru.org/2023/03/08/research-reveals-password-still-the-most-common-term-used-by-hackers-to-breach-enterprise-networks/

Just 10% of Firms Can Resolve Cloud Threats in an Hour

Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/

MSPs in the Crosshairs of Ransomware Gangs

Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.

https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/

Stolen Credentials Increasingly Empower the Cyber Crime Underground

Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.

https://www.csoonline.com/article/3690409/stolen-credentials-increasingly-empower-the-cybercrime-underground.html#tk.rss_news

It’s Time to Assess the Potential Dangers of an Increasingly Connected World

As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.

https://www.imf.org/en/Blogs/Articles/2023/03/02/mounting-cyber-threats-mean-financial-firms-urgently-need-better-safeguards

Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022

Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.

https://www.darkreading.com/application-security/inside-threat-developers-leaked-10m-credentials-passwords-2022

Cyber Threat Detections Surges 55% In 2022

Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.

https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/

European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.

https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6

Employees Are Feeding Sensitive Business Data to ChatGPT

1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.

https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears

Is Ransomware Declining? Not So Fast Experts Say

Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).

https://www.techtarget.com/searchsecurity/news/365532201/Is-ransomware-declining-Not-so-fast-experts-say

Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims

The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.

https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/

Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.

https://www.zdnet.com/article/faced-with-likelihood-of-ransomware-attacks-businesses-still-choosing-to-pay-up/

Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.

https://www.theglobeandmail.com/business/careers/article-experts-see-growing-need-for-cybersecurity-workers-as-one-in-six-jobs/

Threats

Ransomware, Extortion and Destructive Attacks

• Faced with likelihood of ransomware attacks, businesses still choosing to pay up | ZDNET

• MSPs in the Crosshairs of Ransomware Gangs - MSSP Alert

• Is ransomware declining? Not so fast, experts say | TechTarget

• FBI and CISA warn of increasing Royal ransomware attack risks (bleepingcomputer.com)

• City of Oakland Faces Major Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Indigo Books Refuses LockBit Ransomware Demand (darkreading.com)

• Anatomy of a Ransomware Attack

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• Ransom House ransomware attack hit Hospital Clinic de Barcelona- - Security Affairs

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems (darkreading.com)

• Ransomware review: March 2023 (malwarebytes.com)

• Ransomware gang posts video of data stolen from Minneapolis schools (bleepingcomputer.com)

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

• Examining Ransomware Payments From a Data-Science Lens (trendmicro.com)

• DND: Black & McDonald reported ransomware attack | CTV News

• Cyble — BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow

Phishing & Email Based Attacks

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Catches of the Month: Phishing Scams for March 2023 - IT Governance UK Blog

• Emotet starts post-break phishing campaign • The Register

BEC – Business Email Compromise

• Microsoft: Business email compromise attacks can take just hours (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• Defeating the Deepfake Danger - SecurityWeek

• Does Your Help Desk Know Who's Calling? (thehackernews.com)

2FA/MFA

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• DrayTek VPN routers hacked with new malware to steal data, evade detection (bleepingcomputer.com)

• Malicious PyPI package signals direction of cyber crime • The Register

• How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)

• Snake Keylogger Malware Removal Guide (makeuseof.com)

• Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

• New malware infects business routers for data theft, surveillance (bleepingcomputer.com)

• Old Windows ‘Mock Folders’ UAC bypass used to drop malware (bleepingcomputer.com)

• Emotet malware attacks return after three-month break (bleepingcomputer.com)

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Custom Chinese Malware Found on SonicWall Appliance - SecurityWeek

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• FBI and international cops catch a NetWire RAT • The Register

Mobile

• Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (thehackernews.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Denial of Service/DoS/DDOS

• Akamai mitigated a record-breaking DDoS that peaked 900Gbps- Security Affairs

Internet of Things – IoT

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

Data Breaches/Leaks

• Preventing corporate data breaches starts with remembering that leaks have real victims - Help Net Security

• The LastPass Hack Somehow Gets Worse | WIRED

• LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach (thehackernews.com)

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• Popular fintech apps expose valuable, exploitable secrets - Help Net Security

• PayPal Sued Over Data Breach that Impacted 35,000 users (hackread.com)

• Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (hackread.com)

• Brazilian Conglomerate Suffers 3TB Data Breach: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Data breach exposed millions of Verizon customers' account info (androidpolice.com)

• Congress’ Social Security Numbers Leaked in DC Health Link Hack (gizmodo.com)

• Data protection vendor Acronis admits to data leak • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Organised Crime & Criminal Actors

• At Least 30% of "Cyber-Criminals" Are Women: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• BidenCash leaks 2.1M stolen credit/debit cards- Security Affairs

• Malicious PyPI package signals direction of cyber crime • The Register

• Where are the women in cyber security? • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

Insider Risk and Insider Threats

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Fraud, Scams & Financial Crime

• Scams Security Pros Almost Fell For (darkreading.com)

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers using voice-cloning A.I. to mimic relatives | Fortune

• Alleged security breach leaves millions of dollars missing from Flutterwave accounts | TechCrunch

• UK Government Plans Skills Boost for Public Sector Fraud Fight - Infosecurity Magazine (infosecurity-magazine.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• New Rise In ChatGPT Scams Reported By Fraudsters (informationsecuritybuzz.com)

Deepfakes

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• Defeating the Deepfake Danger - SecurityWeek

Insurance

• Talking Cyber Insurance With Munich Re - SecurityWeek

Dark Web

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Supply Chain and Third Parties

• Snap CISO talks risky supply chain security business • The Register

• SolarWinds IR lead: supply-chain attacks 'getting bigger' • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Software Supply Chain

• SBOMs become a security staple for the software supply chain • The Register

Cloud/SaaS

• Just 10% of Firms Can Resolve Cloud Threats in an Hour - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks (thehackernews.com)

• Hackers are quickly learning how to target cloud systems (axios.com)

• Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Asset Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Encryption

• New TPM 2.0 flaws could let hackers steal cryptographic keys (bleepingcomputer.com)

• New Steganography Breakthrough Enables “Perfectly Secure” Digital Communications (scitechdaily.com)

API

• API Security for UK companies - IT Security Guru

• Attackers exploit APIs faster than ever before - Help Net Security

Open Source

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Research Reveals 'Password' Still the Most Common Term Used by Hackers to Breach Enterprise Networks - IT Security Guru

• Stolen credentials increasingly empower the cyber crime underground | CSO Online

• The LastPass Hack Somehow Gets Worse | WIRED

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• The Role of Verifiable Credentials In Preventing Account Compromise (darkreading.com)

• Securing ways to share workplace passwords • The Register

• Young government workers show poor password management habits - Help Net Security

Social Media

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok unveils new European data security regime | Reuters

Training, Education and Awareness

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Regulations, Fines and Legislation

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Government Claims New UK GDPR Will Save Firms Billions - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Why do Businesses Need to Focus More on Cyber security (hackread.com)

• Flashpoint: Threat vectors converging, increasing damage | TechTarget

• How to achieve and shore up cyber resilience in a recession - Help Net Security

• The cyber security landscape in the era of economic instability – Help Net Security

Models, Frameworks and Standards

• Open letter demands OWASP overhaul, warns of mass project exodus | CSO Online

• PCI Compliance Requirements Guide (trendmicro.com)

• NIST Retooling Cyber security Framework to Reflect Changing Cyber scape – MSSP Alert

Data Protection

• Government Claims New UK GDPR Will Save Firms Billions – Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Experts see growing need for cyber security workers as one in six jobs go unfilled – The Globe and Mail

• How to Jump-Start Your Cyber security Career (darkreading.com)

Law Enforcement Action and Take Downs

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• FBI and international cops catch a NetWire RAT • The Register

Privacy, Surveillance and Mass Monitoring

• Secret Service and ICE break the law with fake phone towers • The Register

• Thought you'd opted out of online tracking? Think again • The Register

Artificial Intelligence

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)

• You can poison AI datasets for just $60, a new study shows (fastcompany.com)

• Microsoft and MITRE developed a tool to prepare security teams for attacks on ML systems - Help Net Security

• Thousands scammed by AI voices mimicking loved ones in emergencies | Ars Technica

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• Criminals will use ChatGPT to unleash wave of fraud, warns Darktrace (telegraph.co.uk)

Misinformation, Disinformation and Propaganda

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Pegasus spyware used to spy on a Polish mayor- Security Affairs

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese cyber spies target unpatched SonicWall gear • The Register

• What is Cyberwarfare? | Definition from TechTarget

Nation State Actors

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Russia Bans Messengers, Including WhatsApp, Telegram, And More (informationsecuritybuzz.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

• China-aligned APT is exploring new technology stacks for malicious tools - Help Net Security

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (thehackernews.com)

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese firm got Covid contract despite trying to hack NHS data, minister says | Politics | The Guardian

• Chinese cyber spies target unpatched SonicWall gear • The Register

• TikTok unveils new European data security regime | Reuters

• Lazarus group infiltrated South Korean finance firm twice last year | CSO Online

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Chinese regulatory body expected to streamline data governance rules | CSO Online

Vulnerability Management

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations

• Zero Day Threat Protection for Your Network (trendmicro.com)

• 557 CVEs Added to CISA's Known Exploited Vulnerabilities Catalog in 2022 - SecurityWeek

• Machine Learning Improves Prediction of Exploited Vulnerabilities (darkreading.com)

• Security Patch Management Strengthens Ransomware Defense (trendmicro.com)

• VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022 | TechTarget

Vulnerabilities

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers discover 'kill switch' in Starlink terminals - Security - iTnews

• PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security

• CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (thehackernews.com)

• Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing - SecurityWeek

• Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com)

• Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies… | by Fat Selimi | Feb, 2023 | InfoSec Write-ups (infosecwriteups.com)

• Chinese cyber spies target unpatched SonicWall gear • The Register

• Chrome 111 Patches 40 Vulnerabilities - SecurityWeek

• Bitwarden flaw can let hackers steal passwords using iframes (bleepingcomputer.com)

• Veeam warns to install patches to fix a bug in Backup & Replication- Security Affairs

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks - SecurityWeek

• Jenkins Server Vulnerabilities Chained for Remote Code Execution  - SecurityWeek

Tools and Controls

• The LastPass Hack Somehow Gets Worse | WIRED

• 3 Ways Security Teams Can Use IP Data Context (darkreading.com)

• Two-Thirds of European Firms Have Started Zero Trust - Infosecurity Magazine (infosecurity-magazine.com)

• What is zero trust? A model for more effective security | CSO Online

• Too Many SOAR Vendors are Failing MSSPs - MSSP Alert

• Why enterprise SecOps strategies must include XDR and MDR | TechTarget

Other News

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Tracking device technology: A double-edged sword for CISOs | CSO Online

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• What CISOs need to understand about document signing - Help Net Security

• Thousands of websites hacked as part of redirection campaign- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber War in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools

Amid the heightened fear of ransomware in 2022, threat intelligence emerged as a core requirement of doing business in a world gone mad.

A sizable amount of interest in the historically tech-centric discipline was fuelled in part by fear of cyber attacks tied to the war between Russia and Ukraine. In one example, the Ukrainian government warned the world that the Russian military was planning for multi-pronged attacks targeting the energy sector. Other nation-state cyber attack operations also contributed to the demand, including one June 2022 incident were Iran’s Cobalt Mirage exploited PowerShell vulnerabilities to launch ransomware attacks.

And of course, headlines of data breaches tied to vulnerabilities that organisations did not even know existed within their networks caught the attention not just of security teams, but the C-Suite and corporate board. A misconfigured Microsoft server, for example, wound up exposing years of sensitive data for tens of thousands of its customers, including personally identifiable information, user data, product and project details and intellectual property.

Indeed, according to 183 security pros surveyed by CyberRisk Alliance Business Intelligence in June 2022, threat intelligence has become critical in arming their security operations centres (SOCs) and incident response teams with operational data to help them make timely, informed decisions to prevent system downtime, thwart the theft of confidential data, and protect intellectual property.

Threat intelligence has emerged as a useful tool for educating executives. Many also credited threat intelligence for helping them protect their company and customer data — and potentially saving their organisation's reputation.

https://www.scmagazine.com/resource/threat-intelligence/2022-year-in-review-threat-intelligence-tools

• Cyber Premiums Holding Firms to Ransom

Soaring premiums for cyber security insurance are leaving businesses struggling to pay other bills, a key industry player has warned.

Mactavish, which buys insurance policies on behalf of companies, said that more than half of big businesses that had bought cyber security insurance had been forced to make cuts elsewhere to pay for it.

In a survey of 200 companies with a turnover above £10 million, Mactavish found that businesses were reducing office costs and staff bonuses and were cutting other types of insurance to meet the higher payments.

Last month Marsh, an insurance broker, revealed that costs for cyber insurance had increased by an average of 66 per cent in the third quarter compared with last year.

Meanwhile, the risk to businesses from hackers continues to rise. A government report on digital threats, published this month, showed the proportion of businesses experiencing cyber security incidents at least monthly had increased from 53 per cent to 60 per cent in the past year. Uber, Cisco and InterContinental Hotels Group were among high-profile targets this year.

https://www.thetimes.co.uk/article/cyber-safety-premiums-hold-firms-to-ransom-tnrsz3vs2

• Ransomware Ecosystem Becoming More Diverse for 2023

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratisation of ransomware is bad news for organisations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms.

Since 2019 the ransomware landscape has been dominated by big and professionalised ransomware operations that constantly made the news headlines and even looked for media attention to gain legitimacy with potential victims. We've seen ransomware groups with spokespeople who offered interviews to journalists or issued "press releases" on Twitter and their data leak websites in response to big breaches.

The DarkSide attack against Colonial Pipeline that led to a major fuel supply disruption along the US East Coast in 2021 highlighted the risk that ransomware attacks can have against critical infrastructure and led to increased efforts to combat this threat at the highest levels of government. This heightened attention from law enforcement made the owners of underground cyber crime forums reconsider their relationship with ransomware groups, with some forums banning the advertising of such threats. DarkSide ceased operations soon thereafter and was followed later in the year by REvil, also known as Sodinokibi, whose creators were indicted and one was even arrested. REvil was one of the most successful ransomware groups since 2019.

Russia's invasion of Ukraine in February 2022 quickly put a strain on the relationship between many ransomware groups who had members and affiliates in both Russia and Ukraine, or other former USSR countries. Some groups, such as Conti, rushed to take sides in the war, threatening to attack Western infrastructure in support of Russia. This was a departure from the usual business-like apolitical approach in which ransomware gangs had run their operations and drew criticism from other competing groups.

This was also followed by a leak of internal communications that exposed many of Conti's operational secrets and caused uneasiness with its affiliates. Following a major attack against the Costa Rican government the US State Department put up a reward of $10 million for information related to the identity or location of Conti's leaders, which likely contributed to the group's decision to shut down operations in May.

Conti's disappearance led to a drop in ransomware activity for a couple of months, but it didn't last long as the void was quickly filled by other groups, some of them newly set up and suspected to be the creation of former members of Conti, REvil and other groups that ceased operations over the past two years.

https://www.csoonline.com/article/3684248/ransomware-ecosystem-becoming-more-diverse-for-2023.html#tk.rss_news

• Attackers Evolve Strategies to Outmanoeuvre Security Teams

Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyber attacks in 2023, favoured over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to cyber security solution provider Titaniam.

The fast pace of change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers. To compete in the digital marketplace, large companies are adopting more cloud services, aggregating data, pushing code into production faster, and connecting applications and systems via APIs.

As a result, misconfigured services, unprotected databases, little-tested applications, and unknown and unsecured APIs abound, all of which can be exploited by attackers.

The top four threats in 2022 were malware (30%), ransomware and extortion (27%), insider threats (26%), and phishing (17%).

The study found that enterprises expected malware (40%) to be their biggest challenge in 2023, followed by insider threats (26%), ransomware and related extortion (21%), and phishing (16%).

Malware, however, has more enterprises worried for 2023 than it did for 2022. It is important to note that these threats can overlap, where insiders can have a hand in ransomware attacks, phishing can be a source of malware, etc.

Attackers are evolving their strategies to surprise and outmanoeuvre security teams, which have hardened ransomware defences and improved phishing detection. They’re using new malware, such as loaders, infostealers, and wipers to accelerate attacks, steal sensitive data and create mayhem.

They’re also buying and stealing employee credentials to walk in through the front door of corporate networks.

https://www.helpnetsecurity.com/2023/01/04/attackers-evolve-strategies-outmaneuver-security-teams/

• Building a Security-First Culture: The Key to Cyber Success

Everyone has heard a car alarm go off in the middle of the night, but how often does that notification actually lead to action? Most people will hear the alarm, glance in its direction and then hope the owner will quickly remedy the situation.

Cars alarms often fail because they go off too often, leading to apathy and annoyance instead of being a cause for emergency. For many, cyber security has also become this way. While we see an increase in the noise surrounding the need for organisations to improve the security skillset and knowledge base of employees, there continues to be little proactive action on this front. Most organisations only provide employees with elementary-grade security training, often during their initial onboarding process or as part of a standard training requirement.

At the same time, many organisations also make the grave mistake of leaving all of their security responsibilities and obligations in the hands of IT and security teams. Time and time again, this approach has proven to be highly ineffective, especially as cyber criminals refine their social engineering tactics and target user accounts to execute their attacks.

Alarmingly, recent research found that 30% of employees do not think that they play a role in maintaining their company’s cyber security posture. The same report also revealed that only 39% of employees say they are likely to report a security incident.

As traditional boundaries of access disintegrate and more employees obtain permissions to sensitive company data and systems to carry out their tasks, business leaders must change the mindset of their employees when it comes to the role they play in keeping the organisation safe from cyber crime. The key is developing an integrated cyber security strategy that incorporates all aspects—including all stakeholders—of the organisation. This should be a strategy that breaks down departmental barriers and creates a culture of security responsibility where every team member plays a part.

https://www.forbes.com/sites/forbestechcouncil/2023/01/03/building-a-security-first-culture-the-key-to-cyber-success/

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue

Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalogue to help federal agencies and critical infrastructure organisations identify and remediate vulnerabilities that are actively being exploited. CISA added 548 new vulnerabilities to the catalogue across 58 updates from January to end of November 2022, according to cyber security solution provider Grey Noise in its first-ever "GreyNoise Mass Exploits Report."

Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalogue's existence.

Actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalogue in 2022, Grey Noise found. Seventy-seven percent of the updates to the KEV catalogue were older vulnerabilities dating back to before 2022. Many of these vulnerabilities have been around for two decades.

Several of the vulnerabilities in the KEV catalogue are from products that have already entered end-of-life (EOL) and end-of-service-life (EOSL), according to an analysis by a team from cyber security solution provider Cyber Security Works. Even though Windows Server 2008 and Windows 7 are EOSL products, the KEV catalogue lists 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

Even though the catalogue was originally intended for critical infrastructure and public-sector organisations, it has become the authoritative source on which vulnerabilities are – or have been – exploited by attackers. This is key because the National Vulnerability Database (NVD) assigned Common Vulnerabilities and Exposures (CVE) identifiers for over 12,000 vulnerabilities in 2022, and it would be unwieldy for enterprise defenders to assess every single one to identify the ones relevant to their environments. Enterprise teams can use the catalogue's curated list of CVEs under active attack to create their priority lists.

https://www.darkreading.com/edge-threat-monitor/adobe-apple-cisco-microsoft-flaws-make-up-half-of-kev-catalog

• First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)

In the past week, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. The company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organisations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.

It’s possible that some or all of these breaches are related. The Internet relies on a massive ecosystem of content delivery networks, authentication services, software development tool makers, and other companies. Threat actors frequently hack one company and use the data or access they obtain to breach that company's customers or partners. That was the case with the August breach of security provider Twilio. The same threat actor targeted 136 other companies. Something similar played out in the last days of 2020 when hackers compromised Solar Winds, gained control of its software build system, and used it to infect roughly 40 Solar Winds customers.

For now, people should brace themselves for additional disclosures from companies they rely on. Checking internal system logs for suspicious entries, turning on multifactor authentication, and patching network systems are always good ideas, but given the current events, those precautions should be expedited. It’s also worth checking logs for any contact with the IP address 54.145.167.181, which one security practitioner said was connected to the CircleCI breach.

https://arstechnica.com/information-technology/2023/01/first-lastpass-now-slack-and-circleci-the-hacks-go-on-and-will-likely-worsen/

• Data of 235 Million Twitter Users Leaked Online

A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analysed it and confirmed the authenticity of many of the entries in the huge leaked archive.

In January 2022, a report claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data, and was present within the social media platforms application programming interface (API) from June 2021 until January 2022.

At the end of July 2022, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting the forementioned, now-fixed vulnerability in the popular social media platform. The scraped data was then put up for sale on various online cyber crime marketplaces. In August, Twitter confirmed that the data breach was caused by a now-patched zero-day flaw.

In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it. The seller claimed the database is private, and he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of special usernames.

https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html

• 16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, and Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.

Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personally identifiable information (PII) belonging to customers and employees, and account takeover, among others. The hacks targeted telematic systems, automotive APIs, and infrastructure.

Impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. The vulnerabilities were identified over the course of 2022. Car manufacturers were informed about the security holes and they released patches.

According to the researchers, they were able to send commands to Acura, Genesis, Honda, Hyundai, Kia, Infiniti, Nissan, and Porsche vehicles.

Using only the VIN (vehicle identification number), which is typically visible on the windshield, the researchers were able to start/stop the engine, remotely lock/unlock the vehicle, flash headlights, honk vehicles, and retrieve the precise location of Acura, Honda, Kia, Infiniti, and Nissan cars.

They could also lock users out of remote vehicle management and could change car ownership.

https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure

• Ransomware Gang Apologises, and Gives SickKids Hospital Free Decrypter

The LockBit ransomware gang has released a free decrypter for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organisation. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.

On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.

On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. Two days after SickKids' latest announcement, the LockBit ransomware gang apologised for the attack on the hospital and released a decrypter for free.

“We formally apologise for the attack on sikkids.ca and give back the decrypter for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate programme," stated the ransomware gang.

https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/

Threats

Ransomware, Extortion and Destructive Attacks

• Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)

• Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Rackspace: Customer email data accessed in ransomware attack (bleepingcomputer.com)

• Ransomware gang cloned victim’s website to leak stolen data (bleepingcomputer.com)

• Rackspace identifies hacking group responsible for early December ransomware attack | TPR

• Ransomware ecosystem becoming more diverse for 2023 | CSO Online

• Lockbit apologized for the attack on SickKids pediatric hospital and releases a free decryptor - Security Affairs

• The FBI's Perspective on Ransomware (thehackernews.com)

• Rackspace Sunsets Email Service Downed in Ransomware Attack (darkreading.com)

• Ransomware: The security debt collector - Help Net Security

• December ransomware disclosures reveal high-profile victims | TechTarget

• The Guardian ransomware attack hits week two as staff WFH • The Register

• Unraveling the techniques of Mac ransomware - Microsoft Security Blog

• Bitdefender releases free MegaCortex ransomware decryptor (bleepingcomputer.com)

• Ransomware Research: More than 200 US Infrastructure Organisations Attacked in 2022 - MSSP Alert

• Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 (bleepingcomputer.com)

• Guardian ransomware attack: Staff told work from home to 23 Jan (pressgazette.co.uk)

• Rail giant Wabtec discloses data breach after Lockbit ransomware attack (bleepingcomputer.com)

• Hackers target Arnold Clark in Christmas Eve cyber attack as bosses insist customer information is safe – Car Dealer Magazine

• Christmas Eve 'cyber attack' forced Arnold Clark's network down | STV News

• Royal ransomware claims attack on Queensland University of Technology (bleepingcomputer.com)

• LockBit: Sorry for SickKids, but not housing authority • The Register

• New Survey: 1 In 4 Schools Were Victims Of Cyber Attacks In the Last Year; Administrators To Increase Spending On Privacy and Security (darkreading.com)

• Canadian mining firm shuts down mill after ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Data of 235 million Twitter users leaked online - Security Affairs

• Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

• New Phishing Campaign Targets Cyber security Professionals Using Hacking Tool Flipper Zero - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

Malware

• Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (thehackernews.com)

• Hackers abuse Windows error reporting tool to deploy malware (bleepingcomputer.com)

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

• Bluebottle hackers used signed Windows driver in attacks on banks (bleepingcomputer.com)

• Dridex Returns, Targets MacOS Using New Entry Method (trendmicro.com)

• New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)

• PyTorch discloses malicious dependency chain compromise over holidays (bleepingcomputer.com)

• Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (thehackernews.com)

• WordPress Sites Under Attack from Newly Found Linux Trojan (darkreading.com)

• Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)

• Raspberry Robin Worm Hatches a Highly Complex Upgrade (darkreading.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

Denial of Service/DoS/DDOS

• War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)

Data Breaches/Leaks

• Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

• Five Guys Data Breach Puts HR Data Under a Heat Lamp (darkreading.com)

• Analysis Of Top 10 Countries Mostly Targeted By Data Breaches (informationsecuritybuzz.com)

• Twitter said to have suffered data breach as hackers expose 235 million users' information (thenationalnews.com)

• I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)

• Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs

• Toyota, Mercedes, BMW API flaws exposed owners’ personal info (bleepingcomputer.com)

• Threat actors stole Slack private source code repositories - Security Affairs

• Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

Organised Crime & Criminal Actors

• Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)

• A sneak peek into the dark web dealings | Nation

• Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online

• Cyber criminals we lost to law in 2022

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

Insider Risk and Insider Threats

• Software engineer busted after being inspired by Office Space scam | PC Gamer

• Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

Fraud, Scams & Financial Crime

• Avast: Expect Cyber crime "Scamdemic" to Continue in 2023 - MSSP Alert

• Software engineer busted after being inspired by Office Space scam | PC Gamer

• US regulators warn banks over cryptocurrency risks - BBC News

• What Is a Pig Butchering Scam? | WIRED

• RedZei Chinese Scammers Targeting Chinese Students in the UK (thehackernews.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)

AML/CFT/Sanctions

• Iran's Revolutionary Guards set to be labelled as terrorist group by UK - BBC News

Insurance

• Cyber safety premiums holding firms to ransom | Business | The Times

• How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security

Dark Web

• A sneak peek into the dark web dealings | Nation

Supply Chain and Third Parties

• First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica

Software Supply Chain

• There is no secure software supply-chain. - by John McBride (substack.com)

Cloud/SaaS

• Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online

Encryption

• Encryption Faces an Existential Threat in Europe | WIRED

• 2023 Will See Renewed Focus on Quantum Computing (darkreading.com)

• Chinese researchers claim to find way to break encryption using quantum computers | Financial Times (ft.com)

API

• API Security Is the New Black (darkreading.com)

• Car companies massively exposed to web vulnerabilities | The Daily Swig (portswigger.net)

• 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure | SecurityWeek.Com

• What Are Some Ways to Make APIs More Secure? (darkreading.com)

• Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs

Open Source

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

• New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)

Social Media

• Data of 235 million Twitter users leaked online - Security Affairs

• Twitter said to have suffered data breach as hackers expose 235 million users' information (thenationalnews.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

• Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)

• Meta fined €390m over use of data for targeted ads - BBC News

• More Political Storms for TikTok After US Government Ban | SecurityWeek.Com

Parental Controls and Child Safety

• Cops Catch Serial Child Abuser After Tech Breakthrough - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Meta fined €390m over use of data for targeted ads - BBC News

• Google will pay $29.5M to settle two lawsuits over its location tracking practices - Security Affairs

Governance, Risk and Compliance

• Cyber safety premiums holding firms to ransom | Business | The Times

• Cyber war in Ukraine, ransomware fears drive 2022 surge in demand for threat intelligence tools | SC Media (scmagazine.com)

• Attackers never let a critical vulnerability go to waste - Help Net Security

• Attackers evolve strategies to outmanoeuvre security teams - Help Net Security

• How to start planning for disaster recovery - Help Net Security

• Building A Security-First Culture: The Key To Cyber Success (forbes.com)

• Data backup is no longer just about operational fallback - Help Net Security

• Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)

• How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security

Secure Disposal

• I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)

Backup and Recovery

• Data backup is no longer just about operational fallback - Help Net Security

Data Protection

• Getting data loss prevention right - Help Net Security

Law Enforcement Action and Take Downs

• Cyber criminals we lost to law in 2022

• Cops Catch Serial Child Abuser After Tech Breakthrough - Infosecurity Magazine (infosecurity-magazine.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call centre - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• National security fears over police using Chinese tech | News | The Times

• Meta fined €390m over use of data for targeted ads - BBC News

• Google will pay $29.5M to settle two lawsuits over its location tracking practices - Security Affairs

Artificial Intelligence

• ChatGPT: An Easy Cyber crime Target For Cyber attacks (informationsecuritybuzz.com)

• OpenAI's ChatGPT previews how AI can help hackers breach more networks (axios.com)

• How hackers might be exploiting ChatGPT - Security Affairs

• NATO tests AI’s ability to protect critical infrastructure against cyber attacks | CSO Online

Misinformation, Disinformation and Propaganda

• It's time to focus on information warfare's hard questions (cyberscoop.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)

• Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online

• It's time to focus on information warfare's hard questions (cyberscoop.com)

• National security fears over police using Chinese tech | News | The Times

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

• Pro-Russia cyber attacks aim at destabilizing Poland - Security Affairs

• Poland warns of attacks by Russia-linked Ghostwriter hacking group (bleepingcomputer.com)

Nation State Actors

Nation State Actors – Russia

• Russia Cyber attacks, China Covid Are Overlooked 2023 Threats - Bloomberg

Nation State Actors – China

• National security fears over police using Chinese tech | News | The Times

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

Nation State Actors – Iran

• Iran's Revolutionary Guards set to be labelled as terrorist group by UK - BBC News

Nation State Actors – Misc

• Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)

Vulnerability Management

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)

• Attackers never let a critical vulnerability go to waste - Help Net Security

Vulnerabilities

• Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (bleepingcomputer.com)

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)

• Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)

• Zoho urges admins to patch severe ManageEngine bug immediately (bleepingcomputer.com)

• Android's First Security Updates for 2023 Patch 60 Vulnerabilities | SecurityWeek.Com

• Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (thehackernews.com)

• Qualcomm, Lenovo flag multiple high impact firmware vulnerabilities | SC Media (scmagazine.com)

• Netgear Wi-Fi routers need to be patched immediately | TechRadar

• Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers (thehackernews.com)

• Fortinet Releases Security Updates for FortiADC | CISA

Tools and Controls

• How Confidential Computing Can Change Cyber security (darkreading.com)

• Data backup is no longer just about operational fallback - Help Net Security

• Getting data loss prevention right - Help Net Security

• Things to know and do before you switch from VPN to ZTNA - Help Net Security

Other News

• The cyber security industry will undergo significant changes in 2023 - Help Net Security

• SecurityAffairs Top 10 cybersecurity posts of 2022 - Security Affairs

• BleepingComputer's most popular cybersecurity stories of 2022

• WordPress Security: 22 Ways To Protect Your Website (informationsecuritybuzz.com)

• Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats

In research conducted in the summer of 2022 by BlackBerry, the findings describe the situation facing organisations regardless of size or vertical.

The survey of 405 senior IT, networking, and security decision-makers in the US, Canada, and the UK revealed 83% of organisations agreed building cyber security programs is expensive due to required tools, licenses, and personnel, and 80% agreed it’s challenging to fill specialised security roles. Most organisations (78%) have an incident management process, but about half (49%) agree they lack the teams and tools to be effective 24x7x365. Evolving security threats (53%) and the task of integrating new technology (53%) are cited as top challenges in maintaining security posture.

While it’s likely these findings surprise no one, they do reveal the challenges facing organisations who are caught between limited resources and increased risk. The urgency increases if we look at the critical infrastructure that keeps things running–like utilities, banks, transportation, key suppliers, industrial controls, and more.

https://www.msspalert.com/cybersecurity-guests/research-finds-organizations-lack-tools-and-teams-to-address-cybersecurity-threats/

• Some 98% of Global Firms Suffer Supply Chain Breach in 2021

Just 2% of global organisations didn’t suffer a supply chain breach last year, with visibility into cyber risk getting harder as these ecosystems expand, according to BlueVoyant.

The security firm polled 2100 C-level execs with responsibility for supply chain and cyber risk management from companies with 1000+ employees to compile its study, The State of Supply Chain Defense: Annual Global Insights Report 2022.

It found the top challenges listed by respondents were:

• Awareness internally that third-party suppliers are part of their cyber security posture

• Meeting regulatory requirements and ensuring third-party cyber security compliance

• Working with third-party suppliers to improve their posture.

Supply chains are growing: the number of firms with over 1000 suppliers increased from 38% in 2021’s report to 50%. Although 53% of organisations audited or reported on supplier security more than twice annually, 40% still rely on suppliers to ensure security levels are sufficient. That means they have no way of knowing if an issue arises with a supplier.

Worse, 42% admitted that if they do discover an issue in their supply chain and inform their supplier, they cannot verify that the issue was resolved. Just 3% monitor their supply chain daily, although the number of respondents using security ratings services to enhance visibility and reduce cyber risk increased from 36% last year to 39% in this year’s report.

With the escalating threat landscape and number of high-profile incidents being reported, firms should focus more strategically on addressing supply chain cyber security risk. In the current volatile economic climate, the last thing any business needs is any further disruption to their operations, any unexpected costs, or negative impact on their brand.

https://www.infosecurity-magazine.com/news/98-global-firms-supply-chain/

• Only 30% of Cyber Insurance Holders Say Ransomware is Covered

Cyber insurance providers appear to be limiting policy coverage due to surging costs from claimants, according to a new study from Delinea.

The security vendor polled 300 US-based IT decision makers to compile its latest report, Cyber insurance: if you get it be ready to use it.

Although 93% were approved for specialised cyber insurance cover by their provider, just 30% said their policy covered “critical risks” including ransomware, ransom negotiations and payments. Around half (48%) said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines and third-party damages.

That may be because many organisations are regularly being breached and look to their providers for pay-outs, driving up costs for carriers. Some 80% of those surveyed said they’ve had to call on their insurance, and half of these have submitted claims multiple times, the study noted.

As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they’re allowed to sign up.

Half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA) and data backups.

However, high-level checks may not be enough to protect insurers from surging losses, as they can’t guarantee customers are properly deploying security controls.

Cyber insurance providers need to start advancing beyond simple checklists for security controls. They must require their customers to validate that their security controls work as designed and expected. They need their customers to simulate their adversaries to ensure that when they are attacked, the attack will not result in a breach. In fact, we're already starting to see government regulations and guidance that includes adversary simulation as part of their proactive response to threats.

https://www.infosecurity-magazine.com/news/cyberinsurance-ransomware-cover/

• Companies Hit by Ransomware Often Targeted Again, Research Says

It has been reported that more than a third of companies who paid a ransom to cyber criminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report.

The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data.

The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data.

The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems while 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.

https://informationsecuritybuzz.com/companies-hit-by-ransomware-often-targeted-again-research-says-and-expert-comments/

• Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz

According to an Allianz Global Corporate & Specialty cyber report, ransomware remains a top cyber risk for organisations globally, while the threat of state-sponsored cyber attacks grows.

There were a record 623 million attacks in 2021, which was double that of 2020, says Allianz.

It also notes that despite the frequency reducing 23% globally during H1 of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period. Allianz suggests that ransomware is forecast to cause $30bn in damages to organisations globally by 2023.

It adds that from an Allianz perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.

The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.

Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.

Many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.

Allianz observes that geopolitical tensions, such as the war in Ukraine, are a major factor reshaping the cyber threat landscape as the risks of espionage, sabotage, and destructive cyber-attacks against companies with ties to Russia and Ukraine increase, as well as allies and those in neighbouring countries.

https://www.reinsurancene.ws/ransomware-remains-top-cyber-risk-for-organisations-globally-says-allianz/

• How Geopolitical Turmoil Changed the Cyber Security Threat Landscape

ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.

With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.

However, the geopolitical situations particularly the Russian invasion of Ukraine have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase of the number of threats, we also see a wider range of vectors emerge such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.

EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cyber security threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”

State sponsored, cyber crime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.

ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.

• Ransomware: 60% of affected organisations may have paid ransom demands

• Malware: 66 disclosures of zero-day vulnerabilities observed in 2021

• Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing

• Threats against data: Increasing in proportionally to the total of data produced

• Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service

• Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020

• Threats against availability:

  • Largest denial of service (DDoS) attack ever was launched in Europe in July 2022

  • Internet: destruction of infrastructure, outages and rerouting of internet traffic.

https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/

• Swiss Re Wants Government Bail Out as Cyber Crime Insurance Costs Spike

As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap.

Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates. In a study published this week, the insurance giant forecasted 20 percent annual growth to 2025, with premiums rising to $23 billion over the next few years.

Meanwhile, annual cyber attack-related losses total about $945 billion globally, and about 90% of that risk remains uninsured, according to insurance researchers at the Geneva Association.

While Forrester estimates a typical data breach costs an average $2.4 million for investigation and recovery, only 55 percent of companies currently have cyber insurance policies. Additionally, less than 20 percent have coverage limits in excess of $600,000, which the analyst firm cites as the median ransomware demand in 2021.

https://www.theregister.com/2022/11/08/government_cyber_insurance/

• Extortion Economics: Ransomware's New Business Model

Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialised roles in service of ill-gotten gains.

Did you know that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cyber criminals have become emboldened by the underground ransomware economy.

And yet many threat actors work within a relatively small and interconnected ecosystem of players. This pool of cyber criminals has created specialised roles and consolidated the cyber crime economy, fuelling ransomware-as-a-service (RaaS) to become the dominant business model. In doing so, they've enabled a wider range of criminals to deploy ransomware regardless of their technical expertise and forced all of us to become cyber security defenders in the process.

Ransomware takes advantage of existing security compromises to gain access to internal networks. In the same way businesses hire gig workers to cut costs, cyber criminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.

This flourishing RaaS economy allows cyber criminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. What we think of as ransomware gangs are actually RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and payloads.

RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs can have 50 or more "affiliates," as they refer to their users, with varying tools, tradecraft, and objectives. Anyone with a laptop and credit card who is willing to search the Dark Web for penetration-testing tools or out-of-the-box malware can join this maximum efficiency economy.

https://www.darkreading.com/microsoft/extortion-economics-ransomware-s-new-business-model

• Confidence in Data Recovery Tools Low

A recent IDC and Druva survey asked 505 respondents across 10 industries about their ransomware experiences and found that many organisations struggle to recover after an attack. In the survey, 85% of the respondents said their organisations had a ransomware recovery plan. The challenge seems to lie in effectively executing that plan.

"A majority of organisations suffered significant consequences from ransomware attacks including long recoveries and unrecoverable data despite paying a ransom," states the "You Think Ransomware Is Your Only Problem? Think Again" report.

Data resiliency is such an important element of cyber security that 96% of respondents considered it a top priority for their organisations, with a full 77% placing it in the top 3. What's striking about the survey results is that only 14% of respondents said they were "extremely confident" in their tools, even though 92% called their data resiliency tools "efficient" or "highly efficient."

When data is spread across hybrid, cloud, and edge environments, data resiliency becomes much more complicated. A plan might seem to cover everything, but then you realise that you lost your backup or can't find the latest restore point.

The ability to recover from an attack is vital, since the growth in ransomware makes it likely that your organisation will get hit. This is why agencies like NIST recommend preparing for when an attacker pierces your defences rather than trying to keep out every intruder. That mindset also shifts the priority to preparation and planning; you need to create a disaster recovery plan that includes policy on restore points and recovery tools — and you need to practice implementing that plan before disaster strikes.

The report lists three key performance indicators that reveal the success of an organisation's recovery from a cyber attack:

• The ability to fully recover encrypted or deleted data without paying a ransom.

• Zero data loss in the process of recovering the data.

• Rapid recovery as defined by applicable service-level requirements.

When a recovery fails to meet these criteria, then the organisation may suffer financial loss, loss of reputation, permanently lost customers, and reduced employee productivity.

https://www.darkreading.com/tech-trends/confidence-in-data-recovery-tools-low

• Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus

Russia-based ransomware gangs are some of the most prolific and aggressive, in part thanks to an apparent safe harbour the Russian government extends to them. The Kremlin doesn't cooperate with international ransomware investigations and typically declines to prosecute cyber criminals operating in the country so long as they don't attack domestic targets. A long-standing question, though, is whether these financially motivated hackers ever receive directives from the Russian government and to what extent the gangs are connected to the Kremlin's offensive hacking. The answer is starting to become clearer.

New research presented at the Cyberwarcon security conference in Arlington, Virginia, this week looked at the frequency and targeting of ransomware attacks against organisations based in the United States, Canada, the United Kingdom, Germany, Italy, and France in the lead-up to these countries' national elections. The findings suggest a loose but visible alignment between Russian government priorities and activities and ransomware attacks leading up to elections in the six countries.

The project analysed a data set of over 4,000 ransomware attacks perpetrated against victims in 102 countries between May 2019 and May 2022. The analysis showed a statistically significant increase in ransomware attacks from Russia-based gangs against organisations in the six victim countries ahead of their national elections. These nations suffered the most total ransomware attacks per year in the data set, about three-quarters of all the attacks.

The data was used to compare the timing of attacks for groups believed to be based out of Russia and groups based everywhere else. They looked at the number of attacks on any given day, and what they found was an interesting relationship where for these Russia-based groups, there was an increase in the number of attacks starting four months before an election and moving three, two, one month in, up to the event.

The findings showed broadly that non-Russian ransomware gangs didn't have a statistically significant increase in attacks in the lead-up to elections. Whereas two months out from a national election, for example, the researchers found that organisations in the six top victim countries were at a 41 percent greater chance of having a ransomware attack from a Russia-based gang on a given day, compared to the baseline.

https://www.wired.com/story/russia-ransomware-gang-connections/

• Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs

Twelve percent of all employees take sensitive intellectual property (IP) with them when they leave an organisation.

The data comes from workforce cyber intelligence and security company Dtex, which published a report about top insider risk trends for 2022. “Customer data, employee data, health records, sales contacts, and the list goes on,” reads the document. “More and more applications are providing new features that make data exfiltration easier. For example, many now provide the ability to maintain clipboard history and sync across multiple devices.”

Case in point, the report also suggests a 55% increase in unsanctioned application usage, including those making data exfiltration easier by allowing users to maintain clipboard history and sync IP across multiple devices. “Bring Your Own Applications (BYOA) or Shadow IT can be a source of intelligence for business innovation,” Dtex wrote. “Still, they pose a major risk if the security team has not tested these tools thoroughly.”

Further, the new data highlight a 20% increase in resignation letter research and creation from employees taking advantage of the tight labour market to switch positions for higher wages.

“In most cases, an individual planning to leave the business is not pleased with the company’s product, co-workers, work environment, or compensation,” reads the report. “Disgruntled employees are usually jaded by a business that has not shown any steps to alleviate concerns, even after communication attempts.”

Finally, the Dtex report says the industry has witnessed a 200% increase in unsanctioned third-party work on corporate devices from a high prevalence of employees engaged in side gigs.

https://www.infosecurity-magazine.com/news/12-of-employees-take-ip-when/

• Why a Clear Cyber Policy is Critical for Companies

In October, Joe Sullivan, Uber’s former head of security, was convicted of covering up a 2016 data breach at the ride hailing giant by hiding details from US regulators and then paying off the hackers.

It was a trial followed nervously by cyber security professionals around the world — coming eight years after an incident that had compromised the personal information of more than 57mn people.

“Any news about another company dealing with a data security incident can strike a bit of fear across industries,” notes Mary Pothos, chief privacy officer at digital travel company Booking.com. She adds that incidents like these cause “many companies to pause, rethink or revisit their internal processes to make sure that they are operating effectively”.

These incidents, and threats, are growing at lightning speed, too. War in Ukraine is now being played out as much in cyber space as on the battlefield. The Covid pandemic has forced businesses to rethink where their employees work, and handle or access data. At the same time, the sheer number of web-connected devices is multiplying.

“We need to be people who can predict what is coming along the line, predict the future, almost” said Victor Shadare, head of cyber security at media company Condé Nast, at a recent FT event on cyber security.

Palo Alto Networks, a specialist security company, found that cyber extortion grew rapidly in 2021. Some 35 new ransomware gangs emerged, the average ransom demand increasing 144 per cent that year to $2.2mn, and the average payment rose by 78 per cent to $541,010.

Meanwhile, cyber security personnel have found themselves hemmed in by increasingly onerous regulations. These include threats of legal action if the right people are not informed about breaches, or if products come to market that are not safe enough. On September 15, for example, the European Commission presented a proposal for a new Cyber Resilience Act to protect consumers from products with inadequate security features.

“New domains of security have sprung up over the past years, so it’s not just an information technology problem any more, it’s really a full company risk issue,” says Kevin Tierney, vice-president of global cyber security at automotive group General Motors. He warns that automated and connected vehicles have thrown up additional threats to be addressed.

“You have to start out with the right governance structure and the right policies and procedures — that’s step one of really getting the company to understand what it needs to do,” he says. These include clear rules on how to disable access to tech equipment, on data protection and storage, on transferring and disposing of data, on using corporate networks, and on reporting any data breaches.

Security experts also tend to agree that there need to be robust systems of governance and accountability, to prevent the sort of trouble that befell Sullivan at Uber. Perhaps most crucially, staff across the organisation, from C-suite to assistants, need to know how to spot and manage a threat.

https://www.ft.com/content/0bb6df09-7d77-4605-aac3-89443ed65a18

Threats

Ransomware and Extortion

• Medibank: Hackers release abortion data after stealing Australian medical records - BBC News

• Medical data hacked from 10m Australians begins to appear on dark web | World news | The Guardian

• HSE cyber attack: More than 100,000 people whose personal data stolen to be contacted – The Irish Times

• How ransomware gangs and malware campaigns are changing - Help Net Security

• Thales confirms hackers have released its data on the dark web | Reuters

• More NHS dentists could be forced to close after major cyber attack leaves some nearing financial ruin (inews.co.uk)

• Most SMBs Fear Ransomware Attack Amid Heightened Geopolitical Tensions - MSSP Alert

• Australia to consider banning paying of ransoms to cyber criminals | Reuters

• LockBit gang claims to have stolen data from Kearney & Company - Security Affairs

• Azov Ransomware is a wiper, destroying data 666 bytes at a time (bleepingcomputer.com)

• Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million | SecurityWeek.Com

• Canadian food retail giant Sobeys hit by Black Basta ransomware (bleepingcomputer.com)

• LockBit affiliate uses Amadey Bot malware to deploy ransomware (bleepingcomputer.com)

• Man Arrested in Ontario For Alleged LockBit Ransomware Involvement - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs

• Conti Affiliates Black Basta, BlackByte Continue to Attack Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• US Health Dept warns of Venus ransomware targeting healthcare orgs (bleepingcomputer.com)

• Ransomware attacks on hospitals take toll on patients (nbcnews.com)

• Hackers post Hereford schoolchildren's data records on dark web | Hereford Times

• CISA and Spain Partnership to Develop Tool to Help Countries Combat Ransomware - MSSP Alert

Phishing & Email Based Attacks

• What is no-hook phishing? | IT PRO

• Phishing threats are increasingly convincing and evasive - Help Net Security

• Robin Banks phishing-as-a-service platform continues to evolve - Security Affairs

• Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)

• Massive Phishing Campaigns Target India Banks’ Clients (trendmicro.com)

BEC – Business Email Compromise

• Instagram star gets 11 years for $300m BEC conspiracy • The Register

Malware

• Advanced RAT AgentTesla Most Prolific Malware in October - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)

• Cloud9 Malware Offers a Paradise of Cyber attack Methods (darkreading.com)

• More malware is being hidden in PNG images, so watch out | TechRadar

• Attackers Using IPFS for Distributed, Bulletproof Malware Hosting | SecurityWeek.Com

• Malicious extension lets attackers control Google Chrome remotely (bleepingcomputer.com)

• New hacking group uses custom 'Symatic' Cobalt Strike loaders (bleepingcomputer.com)

• New StrelaStealer malware steals your Outlook, Thunderbird accounts (bleepingcomputer.com)

Mobile

• 5 Common Smartphone Security Myths, Debunked (makeuseof.com)

• Oh, look: More malware in the Google Play store • The Register

• Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan - Security Affairs

• Malicious droppers on Google Play deliver banking malware to victims - Help Net Security

• Samsung phones are being targeted by some seriously shady zero-days | TechRadar

• Vultur Android Banking Trojan Reaches 100,000+ Downloads on Google Play Store - Infosecurity Magazine (infosecurity-magazine.com)

• New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)

• Worok hackers hide new malware in PNGs using steganography (bleepingcomputer.com)

Internet of Things – IoT

• Cyber security 'Nutrition' Labels Still a Work in Progress (darkreading.com)

• Knock, Knock: Aiphone Bug Allows Cyber attackers to Literally Open (Physical) Doors (darkreading.com)

Organised Crime & Criminal Actors

• Cyberwar and Cyber crime Go Hand in Hand (darkreading.com)

• An initial access broker claims to have hacked Deutsche Bank - Security Affairs

• Cyber crime costs to hit $10.5tn by 2025 hears Saudi forum - Arabian Business

• 4 Types of Cyber Crime Groups (trendmicro.com)

• Cyber crime Group OPERA1ER Stole $11M From 16 African Businesses (darkreading.com)

• Instagram star gets 11 years for $300m BEC conspiracy • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX says it is probing ‘abnormal transactions’ after potential hack | Financial Times

• Kraken's CSO Claims To Have Identified The $600 Million FTX Hacker (coingape.com)

Insider Risk and Insider Threats

• The 'Great Resignation' Caused Insider Threats to Peak in Q3 2022, Kroll Finds - Infosecurity Magazine (infosecurity-magazine.com)

Fraud, Scams & Financial Crime

• Fifth Of 18 To 34-year-olds Have Fallen Victim To Financial Scams – Information Security Buzz

• Ukrainian Cyber Cops Bust $200m Fraud Ring - Infosecurity Magazine (infosecurity-magazine.com)

• Retail Sector Prepares for Annual Holiday Cyber crime Onslaught (darkreading.com)

• Online payment fraud is evolving - Help Net Security

• US seized 18 web domains used for recruiting money mules (bleepingcomputer.com)

Insurance

• Rising cost of cyber attacks sends insurance policy charges soaring | Financial Times (ft.com)

• Just 25% of businesses are insured against cyber attacks. Here's why (theconversation.com)

• Re-Focusing Cyber Insurance with Security Validation (thehackernews.com)

• Swiss Re: Cyber-Insurance Industry Must Reform - Infosecurity Magazine (infosecurity-magazine.com)

Dark Web

• DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs

• Silk Road drugs market hacker pleads guilty, faces 20 years inside – Naked Security (sophos.com)

Supply Chain and Third Parties

• Evolving From Third-Party Risk Management To The Extended Enterprise – Information Security Buzz

Hybrid Working

• Remote work pushes video conferencing security to the fore - Help Net Security

Attack Surface Management

• Managing and Mitigating Risk From Unknown Unknowns (darkreading.com)

Identity and Access Management

• A Better Way to Resist Identity-Based Cyber Threats (darkreading.com)

API

• Top 5 API Security Myths That Are Crushing Your Business (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Microsoft Password Hacking Increase – Information Security Buzz

• False sense of safety undermines good password hygiene - Help Net Security

• Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen | ZDNET

Social Media

• Twitter C-Level Resignations Continue As Blue Program Creates New Cyber-Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter blue check unavailable after impostor accounts erupt on platform | Twitter | The Guardian

• Twitter chief information security officer Lea Kissner departs | TechCrunch

Privacy, Surveillance and Mass Monitoring

• World Cup apps pose a data security and privacy nightmare • The Register

• Surveillance 'Existential' Danger of Tech: Signal Boss | SecurityWeek.Com

Regulations, Fines and Legislation

• SEC Announces 'Enforcement Action' For SolarWinds Over 2020 Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Experian, T-Mobile fined $16m for spilling 18m people's data • The Register

Careers, Working in Cyber and Information Security

• Three million empty seats: What can we do about the cyber skills shortage? (computerweekly.com)

• Cyber security, cloud and coding: Why these three skills will lead demand in 2023 | ZDNET

• Cyber security leaders want to quit. Here's what is pushing them to leave | ZDNET

Law Enforcement Action and Take Downs

• DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyberwar and Cyber crime Go Hand in Hand (darkreading.com)

• Red Cross seeks digital equivalent of its emblems • The Register

• Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless | WIRED

• EU calls for joint cyber defence in response to Russia • The Register

• Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft | SecurityWeek.Com

• What Ukraine’s cyber defence tactics can teach other nations | Financial Times (ft.com)

• Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs

• APT29 abused Windows Credential Roaming in attacks - Security Affairs

• Android RAT Group Targets Indian Defence Personnel - Infosecurity Magazine (infosecurity-magazine.com)

• Dutch MEP says illegal spyware ‘a grave threat to democracy’ | European Commission | The Guardian

• Greece Is Banning Spyware After Predator Phone-Tapping Scandal (gizmodo.com)

• British embassy security guard David Smith admits spying for Russia - BBC News

Nation State Actors

Nation State Actors – Russia

• EU calls for joint cyber defence in response to Russia • The Register

• Ukraine war: Russians kept in the dark by internet search - BBC News

• Microsoft links Russia’s military to cyber attacks in Poland and Ukraine | Ars Technica

• Putin ally Yevgeny Prigozhin admits interfering in US elections | Russia | The Guardian

• Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs

Nation State Actors – China

• New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)

Nation State Actors – Misc

• Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)

Vulnerability Management

• Why CVE Management as a Primary Strategy Doesn't Work (darkreading.com)

• Why it's time to review your Microsoft patch management options | CSO Online

• Risk-Based Vulnerability Management: Understanding the RBVM Trend (darkreading.com)

• How can CISOs catch up with the security demands of their ever-growing networks? - Help Net Security

• Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)

• Types of vulnerability scanning and when to use each (techtarget.com)

Vulnerabilities

• Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws (bleepingcomputer.com)

• VMware fixes three critical auth bypass bugs in remote access tool (bleepingcomputer.com)

• Citrix ADC and Citrix Gateway are affected by a critical auth bypass - Security Affairs

• Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products | SecurityWeek.Com

• Microsoft Patches MotW Zero-Day Exploited for Malware Delivery | SecurityWeek.Com

• Apple out-of-band patches fix RCE bugs in iOS and macOS - Security Affairs

• Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (bleepingcomputer.com)

• SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 | SecurityWeek.Com

• Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica

• Foxit Patches Several Code Execution Vulnerabilities in PDF Reader | SecurityWeek.Com

• LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover | SecurityWeek.Com

Reports Published in the Last Week

• 2022 Cloud Data Security Report - Help Net Security

• Report on DDoS attacks in Q3 2022 | Securelist

• Cyber security Trends Report: Check Point Software Predicts Hikes in Hacking and Exploits - MSSP Alert

• Data Security Trust is Down, Anxiety is Up, Rubrik Zero Labs Reports - MSSP Alert

Other News

• Majority of Security Managers Lack Threat Intelligence Skills - Infosecurity Magazine (infosecurity-magazine.com)

• What Is Threat Hunting? A Definition for MSPs and Channel Partners - MSSP Alert

• Cyber security: These are the new things to worry about in 2023 | ZDNET

• Cyber Professionals Now Tasked with Securing Society, Says Mikko Hyppönen - Infosecurity Magazine (infosecurity-magazine.com)

• Corporations Confident in Data Protection Programs but Scrutiny is Lacking, New Report Finds - MSSP Alert

• What We Really Mean When We Talk About ‘Cyber security’ (darkreading.com)

• Personal cyber security is now a company problem - Help Net Security

• History of Computer Viruses & Malware | What Was Their Impact? (esecurityplanet.com)

• 5 Reasons to Consolidate Your Tech Stack (thehackernews.com)

• Attacks on Microsoft SQL have seen a huge rise | TechRadar

• Cookies for MFA Bypass Gain Traction Among Cyber attackers (darkreading.com)

• 2FA, 3FA, MFA… What does it all mean? - Help Net Security

• Qatar World Cup Firms Urged to Upgrade Cyber-Threat Model - Infosecurity Magazine (infosecurity-magazine.com)

• Common lateral movement techniques and how to prevent them (techtarget.com)

• Beyond the Pen Test: How to Protect Against Sophisticated Cyber criminals (darkreading.com)

• Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one colour - Help Net Security

• 5 ways to overcome multifactor authentication vulnerabilities (techtarget.com)

• The security dilemma of data sprawl - Help Net Security

• 15,000 sites hacked for massive Google SEO poisoning campaign (bleepingcomputer.com)

• Unencrypted Traffic Still Undermining Wi-Fi Security (darkreading.com)

• Researchers Devise Wi-Peep Drone That Can 'See Through Walls' (gizmodo.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Gen Z, Millennials Really Don’t Care About Workplace Cyber Security

When it comes to cyber security in the workplace, younger employees don’t really seem to care that much, which is putting their organisations in serious harm’s way, new research has claimed.

Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cyber security than their Boomer counterparts in adhering to their employer's safety policies.

This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.

When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.

Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.

Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it. Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cyber criminals looking to exploit any hole in security. 

If an organisation's cyber security practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.

https://www.techradar.com/news/younger-workers-dont-care-about-workplace-cybersecurity

• Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind

The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.

“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software, so having an understanding of their origins is critical to vulnerability response. Many organisations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”

Log4Shell is a critical vulnerability discovered in November 2021 in Log4j, a widely popular open-source Java library used for logging and bundled in millions of enterprise applications and software products, often as an indirect dependency. According to Sonatype’s monitoring, as of August 2022, the adoption rate for fixed versions of Log4j sits at around 65%. Moreover, this doesn’t even account for the fact that the Log4Shell vulnerability originated in a Java class called JndiManager that is part of Log4j-core, but which has also been borrowed by 783 other projects and is now found in over 19,000 software components.

Log4Shell served as a watershed moment, highlighting the inherent risks that exist in the open-source software ecosystem – which sits at the core of modern software development – and the need to manage them properly. It also led to several initiatives to secure the software supply chain by private organisations, software repository managers, the Linux Foundation, and government bodies. Yet, most organisations are far from where they need to be in terms of open-source supply chain management.

https://www.csoonline.com/article/3677228/supply-chain-attacks-increased-over-600-this-year-and-companies-are-falling-behind.html#tk.rss_news

• Cyber-Enabled Crimes Are Biggest Police Concerns

Cyber-related crimes such as money laundering, ransomware and phishing pose the biggest threat to society, according to the first ever Interpol Global Crime Trend report.

The inaugural study was compiled from data received from the policing organisation’s 195 member countries, as well as information and analysis from external sources.

Money laundering was ranked the number one threat, with 67% of respondents claiming it to be a “high” or “very high” risk. Ransomware came second (66%) but was the crime type that most (72%) expected to increase in the next 3–5 years.

Of the nine top crime trends identified in the report, six are directly cyber-enabled, including money laundering, ransomware, phishing, financial fraud, computer intrusion and child sexual exploitation.

Interpol warned that the pandemic had fomented new underground offerings like “financial crime-as-a-service,” including digital money laundering tools which help to lower the barrier to entry for criminal gangs. It also claimed that demand for online child sexual exploitation and abuse (OCSEA) content surged during the pandemic. Some 62% of respondents expect it to increase or significantly increase in the coming years.

The findings represent something of a turnaround from pre-pandemic times, when drug trafficking regularly topped the list of police concerns. Thanks to a surge in corporate digitalisation, home working and online shopping, there are now rich pickings to be had from targeting consumers and business users with cyber-scams and attacks, Interpol claimed.

https://www.infosecurity-magazine.com/news/cyberenabled-crimes-are-biggest/

• List of Common Passwords Accounts for Nearly All Cyber Attacks

Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.

Tens of millions of credential-based attacks targeting two common types of servers boiled down to a small fraction of the passwords that formed a list of leaked credentials, known as the RockYou2021 list.

Vulnerability management firm Rapid7, via its network of honeypots, recorded every attempt to compromise those servers over a 12-month period, finding that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords (99.997%) are included in a common password list — the RockYou2021 file, which has 8.4 billion entries — suggesting that attackers, or the subset of threat actors attacking Rapid7's honeypots, are sticking to a common playbook.

The overlap in all the attacks also suggest attackers are taking the easy road, said Rapid7. "We know now, in a provable and demonstrable way, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet," they said. "Therefore, it's very easy to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls."

Every year, security firms present research suggesting users are continuing to pick bad passwords. In 2019, an evaluation of passwords leaked to the Internet found that the top password was "123456," followed by "123456789" and "qwerty," and unfortunately things have not got much better since then.

https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks

• Shared Responsibility or Shared Fate? Decentralised IT Means We Are All Cyber Defenders

Does your organisation truly understand the shared responsibility model? Shared responsibility emerged from the early days of cloud computing as a way to delineate responsibilities between cloud providers and their customers, but often there's a gap between what shared responsibility means and how it is interpreted. With the decentralisation of IT, this gap is getting worse.

Applications, servers, and overall technology used to be under the purview and control of the IT department, yet with the shift to cloud, and specifically software-as-a-service (SaaS), this dynamic has changed. Whether it's the sales team bringing in a customer relationship management (CRM) system like Salesforce, or the HR department operating a human resources information system (HRIS) like Workday, there's a clear "expanding universe" of IT that no longer sits where it used to. Critical business workflows exist in separate business units far from IT and security and are managed as such. Our corporate IT footprints have become decentralised.

This is not some minor, temporary trend. With the ease and speed of adopting new SaaS applications and the desire to "lift and shift" code into cloud-based environments, this is the future. The future is decentralised.

The shift to business-owned and -operated applications puts security teams in a position where risk management is their responsibility; they are not even able to log into some of these critical systems. It's like asking your doctor to keep you healthy but not giving her access to your information or having regular check-ups. It doesn't work that way.

Beyond the challenging human skills gap, there's technical entropy and diversity everywhere, with different configuration settings, event logs, threat vectors, and data sensitivities. On the access side, there are different admins, users, integrations, and APIs. If you think managing security on Windows and Mac is a lot, try it across many huge applications.

With this reality, how can the security team be expected to combat a growing amount of decentralised business technology risk?

We must operate our technology with the understanding that shared responsibility is the vertical view between cloud provider and customer, but that enterprise-owned piece of shared responsibility is the burden of multiple teams horizontally across an organisation. Too often the mentality is us versus them, availability versus security, too busy to care about risk, too concerned with risk to understand "the business."

https://www.darkreading.com/vulnerabilities-threats/shared-responsibility-or-shared-fate-decentralized-it-means-we-are-all-cyber-defenders

• Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers

The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.

Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows. “The war is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” according to the firm. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.

The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs. Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals. The group is increasingly inviting resentment from competing threat groups and possibly former members.