Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 03/03/2024 Black Arrow Admin 03/03/2024

Black Arrow Cyber Threat Briefing 01 March 2024

Black Arrow Cyber Threat Intelligence Briefing 01 March 2024:

-Phishing, Smishing and Vishing Skyrocket 1,265%

-Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

-Vulnerabilities Count Set to Rise by 25% in 2024

-BYOD Increases Mobile Phishing; Risks Have Never Been Higher

-Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

-If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

-Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

-Why Governance, Risk and Compliance Must be Integrated with Cyber Security

-More and More UK Firms Concerned About Insider Threats

-98% of Businesses Linked to Breached Third Parties

-What Companies Should Know About Rising Legal Threats

-CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

2FA/MFA

Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Backup and Recovery

MTTR: The Most Important Security Metric (darkreading.com)

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defence Sectors (thehackernews.com)

North Korea

Vulnerability Management

Vulnerabilities

Tools and Controls

Reports Published in the Last Week

Other News

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 27/02/2024 Black Arrow Admin 27/02/2024

Black Arrow Cyber Informational 27 February 2024 – NIST Officially Release Version 2.0 of Globally used Cyber Security Framework

Executive summary

After a multi-year collaborative effort across industry, academia, and governments around the world, The US National Institute of Standards and Technology have released version 2.0 of their globally recognised and internationally respected cyber security framework (CSF). The new framework builds on it’s long standing principles, adding to governance to the original 5 functions (identify, protect, detect, respond and recover). The framework also directly addresses supply chain risk.

What can I do?

Businesses now have access to an updated framework which reflects, addresses and helps to mitigates the cyber threats we are seeing today. The framework offers a taxonomy of high-level cyber security outcomes that can be used by any organisation, regardless of size, sector or maturity, to better understand, assess, prioritise and communicate its cyber security efforts.

The official NIST release can be found below:

https://www.nist.gov/cyberframework

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 19/11/2023 Black Arrow Admin 19/11/2023

Black Arrow Cyber Threat Briefing 17 November 2023

Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:

-Cyber Resilience Requires Maturity, Persistence & Board Engagement

-Security is a Process, Not a Tool

-46% of SMBs and Enterprises Have Experienced a Ransomware Attack

-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

-Financial Services still Stubbornly Vulnerable to Cyber Disruption

-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks

-NCSC Warns UK Over Significant Threat to Critical Infrastructure

-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.

Source: [CSO Online]