Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 December 2023
Black Arrow Cyber Threat Intelligence Briefing 29 December 2023:
-UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
-Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
-The Most Popular Passwords of 2023 are Easy to Guess and Crack
-Dangerous Malware Pretends to be Some of Your Most Used Business Software
-MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
-Ransomware Leak Site Victims Reached Record-High in November
-MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
-Europol Warns 443 Online Shops Infected with Credit Card Stealers
-Physical Access Systems Open Door to IT Networks
-Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
-Daily Malicious Files Rise to 411,000 a day in 2023
-Android Malware Actively Infecting Devices to Take Full Control
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.
The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.
Source: [iNews]
Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.
Sources: [The Record] [Security Affairs]
The Most Popular Passwords of 2023 are Easy to Guess and Crack
NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.
Source: [gHacks]
Dangerous Malware Pretends to be Some of Your Most Used Business Software
Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.
Source: [TechRadar]
MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.
Source: [Help Net Security]
Ransomware Leak Site Victims Reached Record-High in November
Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.
Source: [Infosecurity Magazine]
MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.
Source: [TechCrunch]
Europol Warns 443 Online Shops Infected with Credit Card Stealers
Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.
Source: [Bleeping Computer]
Physical Access Systems Open Door to IT Networks
Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.
Source: [Dark Reading]
Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.
Source: [Pymnts]
Daily Malicious Files Rise to 411,000 a day in 2023
Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.
Source: [Infosecurity Magazine]
Android Malware Actively Infecting Devices to Take Full Control
Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.
Source: [GBhackers]
Threats
Ransomware, Extortion and Destructive Attacks
Rethinking data security in the age of ransomware and AI - SiliconANGLE
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Do the casino ransomware attacks make the case to pay? • The Register
Windows CLFS and five exploits used by ransomware operators | Securelist
Cyber crime experts reveal how to infiltrate ransomware gangs • The Register
How ransomware operators try to stay under the radar | Malwarebytes
How many times are you going to think about ransomware in 2024? (betanews.com)
Ransomware Victims
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)
Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)
Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week
Indian IT services giant HCL Technologies hit by ransomware | TechRadar
LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops
Artificial Intelligence
Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Rethinking data security in the age of ransomware and AI - SiliconANGLE
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)
The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week
Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)
2FA/MFA
Malware
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)
This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)
Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)
Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)
How the new Instegogram threat creates liability for organisations | CSO Online
Mobile
TikTok makes users give iPhone passwords, reasons unclear (nypost.com)
Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)
Chameleon Android Malware Can Bypass Biometric Security - Security Week
SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Essential DDoS statistics for understanding attack impact - Help Net Security
How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)
In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)
Internet of Things – IoT
Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch
Physical Access Systems Open Door to IT Networks (darkreading.com)
Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru
Data Breaches/Leaks
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)
Real estate agency exposes details of 690k customers (securityaffairs.com)
Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx
Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week
Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)
Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian
Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)
CBS, Paramount owner National Amusements says it was hacked | TechCrunch
Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)
Customers warned after major car dealership group Eagers Automotive hacked | The West Australian
Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times
Organised Crime & Criminal Actors
Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon
3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)
Supply Chain and Third Parties
Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Cloud/SaaS
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Data security and cost are key cloud adoption challenges for financial industry - Help Net Security
The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)
Encryption
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Linux and Open Source
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Social Media
Regulations, Fines and Legislation
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
Europe classifies three adult sites as worthy of its toughest internet regulations • The Register
5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)
EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)
Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)
How leaders can look after information security professionals | ITPro
Building Mental Resilience: A CISO's Journey - GovInfoSecurity
What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Nation State Actors
China
Russia
Ukrainian remote workers targeted in new espionage campaign (therecord.media)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)
Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Iran
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
North Korea
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week
Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)
Windows CLFS and five exploits used by ransomware operators | Securelist
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)
Tools and Controls
Physical Access Systems Open Door to IT Networks (darkreading.com)
Even cyber security pros don't fully trust AI just yet | TechRadar
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Verification roadblocks cause frustration for digital nomads - Help Net Security
Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)
API security in 2024: Predictions and trends - Help Net Security
Other News
5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)
Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra
All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)
New insights into the global industrial cyber security landscape - Help Net Security
NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)
Unveiling the true cost of healthcare cyber security incidents - Help Net Security
Hackers see wealth of information to steal in kids' school records (cnbc.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 November 2023
Black Arrow Cyber Threat Intelligence Briefing 24 November 2023:
-The Human Element- Cyber Security’s Great Challenge
-Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
-Despite Increasing Ransomware Attacks, Some Companies in Denial
-A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
-The True Cost of a Ransomware Attack
-Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
-Cyber Security Investment Involves More Than Just Technology
-Questions Leaders Must Ask Themselves on Security Culture
-There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
-Cyber Attack on British Library Highlights Lack of UK Resilience
-Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
-The Cyber Security Lawsuit Boards are Talking About
-UK and Republic of Korea Issue Warning About North Korea State-Linked Cyber Actors Attacking Software Supply Chains
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
The Human Element- Cyber Security’s Great Challenge
According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.
Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.
Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.
Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]
Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.
The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.
Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.
Sources [Computer Weekly] [Beta News] [Beta News]
Despite Increasing Ransomware Attacks, Some Companies are in Denial
A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.
Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.
In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.
Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]
A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.
In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.
Sources: [The Register] [Computer Weekly]
The True Cost of a Ransomware Attack
While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.
For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [ITPro]
Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.
The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.
Source: [TechXplore]
Cyber Security Investment Involves More Than Just Technology
C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Dark Reading]
Questions Leaders Must Ask Themselves on Security Culture
In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.
Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.
Source: [AT&T]
There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.
Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.
Sources: [The Currency]
Cyber Attack on British Library Highlights Lack of UK Resilience
A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).
The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.
Source: [FT]
Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.
With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.
Sources: [Help Net Security] [Help Net Security]
The Cyber Security Lawsuit Boards are Talking About
For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.
Source: [The New York Times]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget
Companies step up investment in ransomware protection (betanews.com)
CISOs can marry security and business success - Help Net Security
7 must-ask questions for leaders on security culture (att.com)
The human element -- cyber security's greatest challenge (betanews.com)
Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Cyber security Investment Involves More Than Just Technology (darkreading.com)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
Only 9% of IT budgets are dedicated to security - Help Net Security
Why transparency and accountability are important in cyber security | Computer Weekly
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Internal audit leaders are wary of key tech investments - Help Net Security
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
Stressed staff put enterprises at risk of cyber attack (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)
More than money: The true cost of a ransomware attack | ITPro
Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert
Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Companies step up investment in ransomware protection (betanews.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)
The shifting sands of the war against cyber extortion - Help Net Security
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Ransomware groups rack up victims among corporate America | CyberScoop
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio
UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology
Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)
Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)
4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)
Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal
Ransomware Victims
Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor
British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International
London & Zurich ransomware attack causes customer chaos • The Register
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek
Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)
Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar
Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)
St Helens Council suspected cyber attack caused significant disruption - BBC News
Western Isles Council backup systems 'inaccessible' following cyber attack | STV News
Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)
BlackCat claims attack on Fidelity National Financial • The Register
Phishing & Email Based Attacks
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon
Artificial Intelligence
Cyber threats reached a new high this year, with AI playing a major role | TechRadar
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)
Smaller businesses embrace GenAI, overlook security measures - Help Net Security
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
OII | Large Language Models pose risk to science with false answers, says Oxford study
Malware
5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)
Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE
Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
Mirai malware infects routers and cameras for new botnet • The Register
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)
Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)
Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)
How Ducktail steals Facebook accounts | Kaspersky official blog
Cyber criminals turn to ready-made bots for quick attacks - Help Net Security
3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)
New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)
Mobile
FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek
Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog
Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
4 data loss examples keeping backup admins up at night | TechTarget
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)
US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)
Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)
Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)
Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)
Sumo Logic says customer data untouched during breach • The Register
Organised Crime & Criminal Actors
Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Supply Chain and Third Parties
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)
Cloud/SaaS
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your password hygiene remains atrocious, says NordPass • The Register
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
UK watchdog threatens enforcement action over ad cookies • The Register
Models, Frameworks and Standards
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
US cyber cops trace and return nearly $9M stolen by scammers • The Register
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Why cyber war readiness is critical for democracies - Help Net Security
Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)
Nation State Actors
China
Russia
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)
Iran
Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg
Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online
North Korea
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg
Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)
Tools and Controls
Only 9% of IT budgets are dedicated to security - Help Net Security
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)
Companies step up investment in ransomware protection (betanews.com)
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
The 7 Deadly Sins of Security Awareness Training (darkreading.com)
Identity And Access Management: 18 Important Trends And Considerations
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
MFA under fire, attackers undermine trust in security measures - Help Net Security
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)
The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)
Other News
Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)
Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)
UK proposes 'super-complaints' to help keep internet safe • The Register
Consumers plan to be more consistent with their security in 2024 - Help Net Security
Security trends public sector leaders are watching | CyberScoop
Even gas pumps aren't safe from cyber attacks at the moment | TechRadar
Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider
The US government wants to offer better cyber security to major infrastructure firms | TechRadar
The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar
Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)
Shields Ready: Critical Infrastructure Security and Resilience
Crimeware and financial cyberthreat predictions for 2024 | Securelist
Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters
Read again: Decoding cyber security, safeguarding educational institutions | Edexec
What direction for the EU Cyber security Competence Centre? – EURACTIV.com
Unveiling the Most Common Cyber Threats in Retail – International Supermarket News
Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 November 2023
Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:
-Cyber Resilience Requires Maturity, Persistence & Board Engagement
-Security is a Process, Not a Tool
-46% of SMBs and Enterprises Have Experienced a Ransomware Attack
-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
-Financial Services still Stubbornly Vulnerable to Cyber Disruption
-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks
-NCSC Warns UK Over Significant Threat to Critical Infrastructure
-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.
Source: [Dark Reading]
Security is a Process, not a Tool
The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.
Source: [Dark Reading]
46% of SMBs and Enterprises Have Experienced a Ransomware Attack
A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.
Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.
Source: [Security Magazine] [IT Business]
Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.
Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.
Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.
Source: [welivesecurity]
67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.
Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.
Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.
Sources: [Tech Radar] [the HR Director]
The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.
This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.
Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Forbes] [Infosecurity Magazine] [ITPro]
Financial Services Still Stubbornly Vulnerable to Cyber Disruption
A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.
According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.
Source: [FTAdviser]
World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks
The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.
Sources: [SC Media] [Bit Defender]
NCSC Warns UK Over Significant Threat to Critical Infrastructure
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.
The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.
They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.
For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.
This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.
Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Sources: [Infosecurity Magazine] [Bleeping Computer]
Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).
Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.
Source: [TechRadar]
Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.
It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CSO Online]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
29% of organisations cite data loss as top security breach result | Security Magazine
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)
Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar
6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
Should cyber security overconfidence be on your threat radar? | TechRadar
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Every Business Owner Should Be Thinking About Improving Online Security | Inc.com
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)
How to withstand the onslaught of cyber security threats - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Law practices and government agencies experience the largest ransomware spikes - Digital Journal
Orgs still losing logs, powerless to speedy ransomware • The Register
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine
Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
The Persistent Menace: Understanding And Combating Ransomware (forbes.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Ransomware tracker: The latest figures [November 2023] (therecord.media)
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)
Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Uncovering the ransomware threat from global supply chains | ITPro
Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Success eludes the International Counter Ransomware Initiative - Help Net Security
New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)
How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)
Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)
New approaches to fighting ransomware are emerging | Mimecast
FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK
FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)
FBI pumping 'significant' resources into Scattered Spider • The Register
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)
It ain’t what you store, it’s the way you restore it. • The Register
Ransomware Victims
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
How a cyber attack crippled the world's largest bank for hours | Euronews
ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)
FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)
Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)
Tri-City Medical Center cyber attack impacting patient care (10news.com)
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
LockBit leaks Boeing files after failed ransom negotiations • The Register
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
British Library’s Halloween cyber scare was ransomware | Computer Weekly
Royal Mail ransomware recovery to cost at least $12 million • The Register
9 million patients had data stolen after US medical transcription firm hacked | TechCrunch
Clorox CISO flushes self after multimillion-dollar attack • The Register
Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)
Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News
Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week
Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)
Stellantis production affected by cyber attack at auto supplier - The Columbian
Phishing & Email Based Attacks
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)
Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)
Artificial Intelligence
UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)
UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK
AI disinformation campaigns pose major threat to 2024 elections - Help Net Security
Microsoft blocks internal access to ChatGPT over security • The Register
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)
How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker
Malware
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Infostealers and the high value of stolen data - Help Net Security
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
Ducktail Malware Targets the Fashion Industry (darkreading.com)
Mobile
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
How to spot a fake data blocker that could hack your computer in seconds | ZDNET
Denial of Service/DoS/DDOS
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online
How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)
Internet of Things – IoT
How to protect your organisation from IoT malware | TechTarget
Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)
Data Breaches/Leaks
Infostealers and the high value of stolen data - Help Net Security
29% of organisations cite data loss as top security breach result | Security Magazine
McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)
Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)
Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)
Fourth time unlucky: Okta hit by new cyber attack - Digital Journal
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
The real cost of healthcare cyber security breaches - Help Net Security
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)
Samsung warns some customers their data may have been stolen by hackers | TechRadar
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)
Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)
Morgan Stanley fined over computers with personal data (cnbc.com)
Samsung says hackers accessed customer data during year-long breach | TechCrunch
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED
Organised Crime & Criminal Actors
Russian admits building now-dismantled IPStorm proxy botnet • The Register
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ethereum hacked to steal millions from users across the world | TechRadar
Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)
Insider Risk and Insider Threats
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Insurance
Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News
Supply Chain and Third Parties
Uncovering the ransomware threat from global supply chains | ITPro
How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)
Cloud/SaaS
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
Traditional cloud security isn't up to the task - Help Net Security
Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security
Identity and Access Management
Encryption
The new frontier in online security: Quantum-safe cryptography (techxplore.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
TETRA encryption algorithms entering the public domain • The Register
Passwords, Credential Stuffing & Brute Force Attacks
70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)
Google Workspace security flaws could see hackers easily snaffle your password | TechRadar
Stop using weak passwords for streaming services - it's riskier than you think | ZDNET
The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot
Social Media
Meta and YouTube face criminal surveillance complaints • The Register
How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)
Malvertising
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
Training, Education and Awareness
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Regulations, Fines and Legislation
EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)
Meta and YouTube face criminal surveillance complaints • The Register
SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)
Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Clorox CISO flushes self after multimillion-dollar attack • The Register
Morgan Stanley fined over computers with personal data (cnbc.com)
White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop
Models, Frameworks and Standards
What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra
Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security
Backup and Recovery
Data Protection
Web browsing data collected in more detail than previously known, report finds (ft.com)
Online ad auction data harms national security – claim • The Register
Careers, Working in Cyber and Information Security
The challenges and opportunities of working in cyber security | TechRadar
How US SEC legal actions put CISOs at risk and what to do about it | CSO Online
Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)
Russian admits building now-dismantled IPStorm proxy botnet • The Register
European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity
Cyber Warfare and Cyber Espionage
NCSC Annual Review on 'state-aligned actors' | Professional Security
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com
Nation State Actors
China
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
ICBC/ransomware: China’s cyber security industry moves out of the shadows
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Labour warns against watering down of UK’s takeover screening powers
Russia
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)
Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert
EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)
Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)
Iran
North Korea
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)
Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerabilities
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)
Adobe Releases Security Updates for Multiple Products | CISA
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)
SAP Patches Critical Vulnerability in Business One Product - Security Week
Critical flaw fixed in SAP Business One product (securityaffairs.com)
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)
An email vulnerability let hackers steal data from governments around the world (engadget.com)
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)
Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr
Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)
Tools and Controls
Building resilience to shield your digital transformation from cyber threats - Help Net Security
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Web Application Attacks | Types of Web Application Attacks | Mimecast
Traditional cloud security isn't up to the task - Help Net Security
National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
NCSC backs use of security.txt for cyber resilience | UKAuthority
New approaches to fighting ransomware are emerging | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
The new imperative in API security strategy - Help Net Security
How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)
Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)
Threat Intel: To Share or Not to Share is Not the Question - Security Week
As perimeter defences fall, the identify-first approach steps into the breach | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics
Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs
Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)
Kubernetes adoption creates new cyber security challenges - Help Net Security
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Hundreds of websites cloned to run ads for Chinese gambling • The Register
AI helps leaders optimize costs and mitigate risks - Help Net Security
It ain’t what you store, it’s the way you restore it. • The Register
Reports Published in the Last Week
Other News
'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT
National security at risk from web browsing data collection, report finds (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Collaborative strategies are key to enhanced ICS security - Help Net Security
Web Application Attacks | Types of Web Application Attacks | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 November 2022
Black Arrow Cyber Threat Briefing 25 November 2022:
-Hackers Hit One Third of Organisations Worldwide Multiple Times
-Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
-90% of Organisations have Microsoft 365 Security Gaps
-Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
-“Password” Continues to Be the Most Common Password in 2022
-Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
-European Parliament Declares Russia to be a State Sponsor of Terrorism – then Gets Attacked
-The Changing Nature of Nation-State Cyber Warfare
-Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers Hit One Third of Organisations Worldwide Multiple Times
Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.
The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.
Overall, respondents rated the following as the top cyber threats in 1H 2022:
Business Email Compromise (BEC)
Clickjacking
Fileless attacks
Ransomware
Login attacks (Credential Theft)
Here are some key findings from the study:
The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.
The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.
The number now expected to be compromised over the coming year has also increased from 76% to 85%.
From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0
By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.
You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.
Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.
Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.
According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.
The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.
These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.
Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.
Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.
The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.
In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.
Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.
https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/
90% of Organisations have Microsoft 365 Security Gaps
A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?
Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:
90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins
87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)
Only 17% of companies had strong password requirements that were being consistently followed.
Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.
In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:
The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.
17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.
Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.
https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.
The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.
“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.
“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.
As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.
The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.
https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.
In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.
A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.
Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.
"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.
Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.
A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.
Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.
https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html
“Password” Continues to Be the Most Common Password in 2022
You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.
But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.
As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.
“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.
“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”
Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.
“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.
The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).
Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.
It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.
At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.
https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked
On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.
As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.
In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.
Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.
The Changing Nature of Nation-State Cyber Warfare
Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.
The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.
Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.
The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.
https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/
Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.
Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.
Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.
With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.
But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.
Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.
Threats
Ransomware and Extortion
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Fake subscription invoices lead to corporate data theft and extortion - Help Net Security
Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)
New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)
Donut extortion group also targets victims with ransomware (bleepingcomputer.com)
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)
Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)
An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs
Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
Cybereason warns of fast-moving Black Basta campaign (techtarget.com)
Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)
Montreal-area city hit by ransomware: Report | IT World Canada News
Phishing & Email Based Attacks
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)
World Cup phishing emails spike in Middle Eastern countries • The Register
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
SocGholish finds success through novel email techniques | SC Media (scmagazine.com)
BEC – Business Email Compromise
Malware
Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online
A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot
Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs
All You Need to Know About Emotet in 2022 (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)
This new malware is able to bypass all of Microsoft's security warnings | TechRadar
Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)
Mobile
'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)
Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)
Your iPhone may be collecting more personal data than you think | Digital Trends
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WhatsApp data leak: 500 million user records for sale | Cybernews
Internet of Things – IoT
Data Breaches/Leaks
WhatsApp data leak: 500 million user records for sale - Security Affairs
California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com
Organised Crime & Criminal Actors
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)
DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News
Hackers are locking out Mars Stealer operators from their own servers | TechCrunch
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)
Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)
Fraud, Scams & Financial Crime
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Beware - Black Friday online shopping scams are here now | TechRadar
Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online
Pig butchering domains seized and slaughtered by the Feds • The Register
Insurance
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Hybrid/Remote Working
Identity and Access Management
Encryption
API
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Three security design principles for public REST APIs - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
Guess the most common password. Hint: We just told you • The Register
World Cup Players Among Most Breached Passwords - IT Security Guru
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)
Social Media
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)
Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)
Musk to abused Twitter users: Your tormentors will return • The Register
Facebook sued for collecting personal data to sell adverts | News | The Times
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop
Law Enforcement Action and Take Downs
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
iPhones are not as privacy-focused as Apple claims, researchers point out - India Today
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine shows how space is now central to warfare | Financial Times (ft.com)
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
EU Parliament Putin things back together after cyber attack • The Register
Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post
Scotland's broadband builder linked to Israeli spyware | HeraldScotland
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)
Nation State Actors
Nation State Actors – Russia
Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors – China
Vulnerability Management
Vulnerabilities
73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
AWS fixes 'confused deputy' vulnerability in AppSync • The Register
How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)
Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)
Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)
Security experts are laying Mastodon's flaws bare | TechRadar
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Reports Published in the Last Week
Other News
Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online
Security Culture Matters when IT is Decentralized (trendmicro.com)
Legacy IT system modernization largely driven by security concerns - Help Net Security
Been Doing It The Same Way For Years? Think Again. (thehackernews.com)
Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)
How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)
Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews
Deloitte reveals 10 strategic cyber security predictions for 2023 | VentureBeat
The Biden administration has racked up a host of cyber security accomplishments | CSO Online
US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 November 2022
Black Arrow Cyber Threat Briefing 18 November 2022:
-Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
-Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
-Is Your Board Prepared for New Cyber Security Regulations?
-Unwanted Emails Steadily Creeping into Inboxes
-People Are Still Using the Dumbest Passwords Available
-Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
-44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
-MFA Fatigue Attacks Are Putting Your Organisation at Risk
-Cyber Security Training Boosts Risk Posture, Research Finds
-MI5 Chief: UK will have to tackle Russian Aggression ‘for Years to Come’
-Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
-Do Companies Need Cyber Insurance?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.
The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.
Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.
Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.
Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.
What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.
Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.
Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.
Is Your Board Prepared For New Cyber Security Regulations?
Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.
Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.
Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.
Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.
In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”
The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:
whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,
the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,
whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.
https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations
Unwanted Emails Steadily Creeping into Inboxes
A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.
This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.
HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.
New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.
For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
People Are Still Using the Dumbest Passwords Available
If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.
Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.
Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.
NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”
NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.
https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818
Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.
Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.
That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.
Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.
Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.
The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.
On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.
And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.
https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.
Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.
Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.
All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.
Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.
MFA Fatigue Attacks Are Putting Your Organisation at Risk
The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.
Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.
One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.
Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.
MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.
Cyber Security Training Boosts Risk Posture, Research Finds
Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.
The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.
The study’s key findings include:
73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.
62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.
Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.
67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.
53% invested in professional cyber security training due to a cyber security insurance audit.
48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.
41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.
Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.
MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’
Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.
Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.
The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.
Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.
McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.
Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.
Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.
Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.
Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.
Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.
However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.
Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.
The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.
While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”
Here are some macro highlights from the survey:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.
Do Companies Need Cyber Insurance?
Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.
Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.
This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.
A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.
Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.
Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.
https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance
Threats
Ransomware and Extortion
Ransomware is a global problem that needs a global solution | TechCrunch
FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)
The psychological fallout of a ransomware crisis - Help Net Security
New extortion scam threatens to damage sites’ reputation, leak data (bleepingcomputer.com)
Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data | SecurityWeek.Com
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
Hive Ransomware Has Made $100m to Date - Infosecurity Magazine (infosecurity-magazine.com)
LockBit Remains Most Prolific Ransomware in Q3 - Infosecurity Magazine (infosecurity-magazine.com)
DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog
Transportation sector targeted by both ransomware and APTs - Help Net Security
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Ransomware on Healthcare Organisations cost Global Economy $92 bn - IT Security Guru
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
Australia to ‘stand up and punch back’ against cyber crims • The Register
LockBit ransomware activity nose-dived in October (techtarget.com)
How to deal with the trauma of the Medibank cyber breach | Andrea Szasz | The Guardian
Researchers secretly helped decrypt Zeppelin ransomware for 2 years (bleepingcomputer.com)
Vanuatu: Hackers strand Pacific island government for over a week - BBC News
Canadian Supermarket Chain Sobeys Hit by Ransomware Attack | SecurityWeek.Com
Two public schools in Michigan hit by a ransomware attack - Security Affairs
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
Top enterprise email threats and how to counter them - Help Net Security
China-Based Sophisticated Phishing Campaign Uses 42,000 Domains - Information Security Buzz
Mass Email Extortion Campaign Claims Server Hack - Infosecurity Magazine (infosecurity-magazine.com)
Netflix Phishing Emails Surge 78% - Infosecurity Magazine (infosecurity-magazine.com)
Earth Preta Spear-Phishing Governments Worldwide (trendmicro.com)
Email Security Best Practices for Phishing Prevention (trendmicro.com)
Malware
Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' (darkreading.com)
QBot phishing abuses Windows Control Panel EXE to infect devices (bleepingcomputer.com)
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper (darkreading.com)
Study: Almost 50% of macOS malware only comes from one app - Neowin
Notorious Emotet botnet returns after a few months off • The Register
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Google Wins Lawsuit Against Glupteba Botnet Operators | SecurityWeek.Com
Mobile
Internet of Things – IoT
Shocker: EV charging infrastructure is seriously insecure • The Register
Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com
Data Breaches/Leaks
Police published sexual assault victims' names and addresses on its website (bitdefender.com)
Whoosh confirms data breach after hackers sell 7.2M user records (bleepingcomputer.com)
Organised Crime & Criminal Actors
Long-Standing Chinese Cyber crime Campaign Spoofs Over 400 Brands | SecurityWeek.Com
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Australia's Hack-Back Plan Against Cyber attackers Raises Familiar Concerns (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
'Three quarters' of retail Bitcoin investors are in the red • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Massive adware campaign spoofs top brands to trick users | TechRadar
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON (darkreading.com)
UK Shoppers Lost £15m+ to Scammers Last Winter - Infosecurity Magazine (infosecurity-magazine.com)
How scammers are now exploiting cashless parking (telegraph.co.uk)
Experts Advice On International Fraud Awareness Week - Information Security Buzz
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
Impersonation Attacks
42,000 sites used to trap users in brand impersonation scheme (bleepingcomputer.com)
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
2022 holiday DDoS protection guide - Microsoft Security Blog
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Cloud/SaaS
Cloud data protection trends you need to be aware of - Help Net Security
Cyber security implications of using public cloud platforms - Help Net Security
Evolving Security for Government Multiclouds (darkreading.com)
Encryption
Why companies can no longer hide keys under the doormat - Help Net Security
Quantum Cryptography Apocalypse: A Timeline and Action Plan (darkreading.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Advertising giant warns clients to stay off Twitter (telegraph.co.uk)
Meta keeps booting small-business owners for being hacked on Facebook | Ars Technica
Guinness, Cadbury’s and Nissan told to avoid ‘toxic’ and ‘dangerous’ Twitter (telegraph.co.uk)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Electronics repair technicians snoop on your data - Help Net Security
Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location (thehackernews.com)
Security firms hijack New York trees to monitor workers • The Register
Governance, Risk and Compliance
Careers, Working in Cyber and Information Security
Cyber security jobs: Five ways to help you build your career | ZDNET
Google cloud wants CISOs to do more about diversity • The Register
Amazon poaches top National Cyber Security Centre exec Levy | Business News | Sky News
Law Enforcement Action and Take Downs
Zeus Botnet Suspected Leader Arrested in Geneva - Infosecurity Magazine (infosecurity-magazine.com)
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Police dismantle pirated TV streaming network with 500,000 users (bleepingcomputer.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Chinese hackers target government agencies and defence orgs (bleepingcomputer.com)
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
COP27 Delegates Given Burner Phones To Combat Spying - Information Security Buzz
Avast details Worok espionage group's compromise chain - Security Affairs
Biden set to approve expansive authorities for Pentagon to carry out cyber operations - CyberScoop
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Europe’s spyware scandal is a global wakeup call. (slate.com)
Koch-funded group sues US state over mobile 'spyware' • The Register
Nation State Actors
Nation State Actors – Russia
UK Banks Bolstering Defences As Russian Cyber Threat Rises - Information Security Buzz
EXCLUSIVE Russian software disguised as American finds its way into U.S. Army, CDC apps | Reuters
Pro-Russian hackers claim cyber attack on FBI website: Report | Fox News
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Nation State Actors – China
China playing ‘long game’ as it co-opts UK assets, warns MI5 chief | Financial Times (ft.com)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Chinese Cyber espionage Group 'Billbug' Targets Certificate Authority | SecurityWeek.Com
Previously undetected Earth Longzhi APT is a subgroup of APT41 - Security Affairs
Rishi Sunak to hold surprise meeting with Chinese president at G20 | Financial Times (ft.com)
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
State-sponsored hackers in China compromise certificate authority | Ars Technica
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide (thehackernews.com)
Reports of Chinese police stations in US worry FBI - BBC News
Nation State Actors – North Korea
Nation State Actors – Iran
US govt: Iranian hackers breached federal agency using Log4Shell exploit (bleepingcomputer.com)
CISA: Iranian APT actors compromised federal network (techtarget.com)
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j | SecurityWeek.Com
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Microsoft Office lets hackers execute arbitrary code, update now | TechRadar
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says (darkreading.com)
Exploit released for actively abused ProxyNotShell Exchange bug (bleepingcomputer.com)
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ (bleepingcomputer.com)
Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com
Firefox 107 Patches High-Impact Vulnerabilities | SecurityWeek.Com
Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data (darkreading.com)
Mastodon users vulnerable to password-stealing attacks | The Daily Swig (portswigger.net)
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (thehackernews.com)
Tools and Controls
Reports Published in the Last Week
Other News
Cyber Resilience: The New Strategy to Cope With Increased Threats | SecurityWeek.Com
The 4 horsemen of the cyber security apocalypse | Security Magazine
The Top Five Cyber security Trends of 2023: KnowBe4 Makes Its Predictions - MSSP Alert
Build a mature approach for better cyber security vendor evaluation | CSO Online
Almost half of customers have left a vendor due to poor digital trust: Report | CSO Online
Global 2000 companies failing to adopt key domain security measures | CSO Online
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Repair technicians caught snooping on customer data • The Register
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.