Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 24 March 2023
Black Arrow Cyber Threat Briefing 24 March 2023:
-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority
-IT Security Spending to Reach Nearly $300 Billion by 2026
-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
-Board Cyber Shortage: Don’t Get Caught Swimming Naked
-Should Your Organisation Be Worried About Insider Threats?
-UK Ransomware Incident Volumes Surge 17% in 2022
-Financial Industry Hit by Rising Ransomware Attacks and BEC
-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
-Security Researchers Spot $36m BEC Attack
-New Victims Come Forward After Mass Ransomware Attack
-Ransomware Gangs’ Harassment of Victims is Increasing
-Wartime Hacktivism is Spilling Over Into the Financial Services Industry
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.
Controlling Third-Party Data Risk Should be a Top Cyber Security Priority
Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.
IT Security Spending to Reach Nearly $300 Billion by 2026
Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.
https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/
2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.
https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html
Board Cyber Shortage: Don’t Get Caught Swimming Naked
The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors.
Should your Organisation be Worried about Insider Threats?
Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.
https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/
UK Ransomware Incident Volumes Surge 17% in 2022
According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.
https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/
Financial Industry Hit by Rising Ransomware Attacks and BEC
According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.
55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.
Security Researchers Spot $36m BEC Attack
Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.
https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/
New Victims Come Forward After Mass Ransomware Attack
Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.
https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
Ransomware Gangs’ Harassment of Victims is Increasing
Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.
https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/
Wartime Hacktivism is Spilling Over into the Financial Services Industry
The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.
Threats
Ransomware, Extortion and Destructive Attacks
LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)
UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg
BianLian ransomware crew swaps encryption for extortion • The Register
New victims come forward after mass-ransomware attack | TechCrunch
Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)
LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)
Free decryptor released for Conti-based ransomware following data leak | Tripwire
New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek
Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert
US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs
Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online
Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)
Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)
Prevent Ransomware with Cyber security Monitoring (trendmicro.com)
Ferrari in a spin as crims steal customer data • The Register
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)
Phishing & Email Based Attacks
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)
Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)
Mobile
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Android apps are spying on you — with no easy way to stop them | Digital Trends
Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar
How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)
Botnets
Denial of Service/DoS/DDOS
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Internet of Things – IoT
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Google sounds alarm on Samsung modem bugs in Android devices • The Register
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Data Breaches/Leaks
Complacency of staff to blame for data breaches (thesundaily.my)
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
Data breaches cost businesses nearly $6M on average: Mastercard | CTV News
Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)
NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs
Lowe’s Market chain leaves client data up for grabs- Security Affairs
Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)
South Korea fines McDonalds for data leak from raw SMB share • The Register
A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt
General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Insider Risk and Insider Threats
Should Your Organisation Be Worried About Insider Threats? - IT Security Guru
Top 5 Insider Threats to Look Out For in 2023- Security Affairs
Preventing Insider Threats in Your Active Directory (thehackernews.com)
Fraud, Scams & Financial Crime
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)
Deepfakes
Insurance
SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET
Cyber insurance carriers expanding role in incident response | TechTarget
Supply Chain and Third Parties
Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)
Companies vulnerable to cyber-attack via suppliers - research | RNZ News
Why you should treat ChatGPT like any other vendor service - Help Net Security
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Software Supply Chain
Cloud/SaaS
How access management helps protect identities in the cloud | VentureBeat
Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)
The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch
Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)
The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley
New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)
4 Tips for Better AWS Cloud Workload Security (trendmicro.com)
Hybrid/Remote Working
Identity and Access Management
How access management helps protect identities in the cloud | VentureBeat
The impact of AI on the future of ID verification - Help Net Security
Preventing Insider Threats in Your Active Directory (thehackernews.com)
CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)
API
Open Source
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
BBC presses staff to uninstall TikTok from corporate kit • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Training, Education and Awareness
Regulations, Fines and Legislation
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
India’s infosec reporting rules observed by just 15 orgs • The Register
Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)
Governance, Risk and Compliance
How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)
How to best allocate IT and cyber security budgets in 2023 - Help Net Security
IT security spending to reach nearly $300 billion by 2026 - Help Net Security
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
How Your Cyber security Strategy Enables Better Business (trendmicro.com)
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
How Can CISOs Connect With the Board of Directors? (darkreading.com)
Achieving The Five Levels Of Information Security Governance (forbes.com)
Enhance security while lowering IT overhead in times of recession - Help Net Security
Why organisations shouldn't fold to cyber criminal requests - Help Net Security
Models, Frameworks and Standards
Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Backup and Recovery
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch
How to protect online privacy in the age of pixel trackers - Help Net Security
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
French govt clears AI facial scans for Paris Olympics • The Register
Artificial Intelligence
EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews
ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
We need to create guardrails for AI | Financial Times (ft.com)
GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)
Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom
The impact of AI on the future of ID verification - Help Net Security
7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online
Why you should treat ChatGPT like any other vendor service - Help Net Security
Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch
French govt clears AI facial scans for Paris Olympics • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)
BBC presses staff to uninstall TikTok from corporate kit • The Register
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Nation State Actors
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
BBC presses staff to uninstall TikTok from corporate kit • The Register
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
The pressing threat of Chinese-made drones flying above US critical infrastructure | CyberScoop
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online
Vulnerability Management
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant
10 Vulnerabilities Types to Focus On This Year (darkreading.com)
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Vulnerabilities
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)
CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)
Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)
Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs
Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)
Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs
WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)
Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)
Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar
Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)
ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)
Tools and Controls
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Complacency of staff to blame for data breaches (thesundaily.my)
How access management helps protect identities in the cloud | VentureBeat
Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware
The Ethics of Network and Security Monitoring (darkreading.com)
Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica
How network perimeters secure enterprise networks | TechTarget
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Other News
Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News
Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica
What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)
Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)
Top ways attackers are targeting your endpoints - Help Net Security
What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)
Techno-nationalism explained: What you need to know (techtarget.com)
How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru
Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 March 2023
Black Arrow Cyber Threat Briefing 10 March 2023:
-Business Email Compromise Attacks Can Take Just Hours
-Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks
-Just 10% of Firms Can Resolve Cloud Threats in an Hour
-MSPs in the Crosshair of Ransomware Gangs
-Stolen Credentials Increasingly Empower the Cyber Crime Underground
-It’s Time to Assess the Potential Dangers of an Increasingly Connected World
-Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards
-Developers Leaked 10m Credentials Including Passwords in 2022
-Cyber Threat Detections Surges 55% In 2022
-European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks
-Employees Are Feeding Sensitive Business Data to ChatGPT
-Is Ransomware Declining? Not So Fast Experts Say
-Preventing Corporate Data Breaches Starts With Remembering That Leaks Have Real Victims
-Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up
-Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Email Compromise Attacks Can Take Just Hours
Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.
Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks
In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.
Just 10% of Firms Can Resolve Cloud Threats in an Hour
Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.
https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/
MSPs in the Crosshairs of Ransomware Gangs
Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.
https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/
Stolen Credentials Increasingly Empower the Cyber Crime Underground
Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.
It’s Time to Assess the Potential Dangers of an Increasingly Connected World
As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.
Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards
According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.
Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022
Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.
Cyber Threat Detections Surges 55% In 2022
Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.
https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/
European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks
The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.
https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6
Employees Are Feeding Sensitive Business Data to ChatGPT
1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.
Is Ransomware Declining? Not So Fast Experts Say
Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).
Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims
The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.
https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/
Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up
In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.
Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled
A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.
Threats
Ransomware, Extortion and Destructive Attacks
Faced with likelihood of ransomware attacks, businesses still choosing to pay up | ZDNET
Is ransomware declining? Not so fast, experts say | TechTarget
FBI and CISA warn of increasing Royal ransomware attack risks (bleepingcomputer.com)
City of Oakland Faces Major Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Indigo Books Refuses LockBit Ransomware Demand (darkreading.com)
Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)
Ransom House ransomware attack hit Hospital Clinic de Barcelona- - Security Affairs
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware gang posts video of data stolen from Minneapolis schools (bleepingcomputer.com)
IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)
Examining Ransomware Payments From a Data-Science Lens (trendmicro.com)
Cyble — BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow
Phishing & Email Based Attacks
AI is taking phishing attacks to a whole new level of sophistication - Help Net Security
Catches of the Month: Phishing Scams for March 2023 - IT Governance UK Blog
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)
Vishing attacks increasing, but AI's role still unclear | TechTarget
2FA/MFA
NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)
Malware
DrayTek VPN routers hacked with new malware to steal data, evade detection (bleepingcomputer.com)
Malicious PyPI package signals direction of cyber crime • The Register
How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)
Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica
New malware infects business routers for data theft, surveillance (bleepingcomputer.com)
Old Windows ‘Mock Folders’ UAC bypass used to drop malware (bleepingcomputer.com)
Emotet malware attacks return after three-month break (bleepingcomputer.com)
AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)
Custom Chinese Malware Found on SonicWall Appliance - SecurityWeek
FBI and international cops catch a NetWire RAT • The Register
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs
Popular fintech apps expose valuable, exploitable secrets - Help Net Security
PayPal Sued Over Data Breach that Impacted 35,000 users (hackread.com)
Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (hackread.com)
Data breach exposed millions of Verizon customers' account info (androidpolice.com)
Congress’ Social Security Numbers Leaked in DC Health Link Hack (gizmodo.com)
Data protection vendor Acronis admits to data leak • The Register
AT&T confirms 9m wireless accounts exposed by third part • The Register
Organised Crime & Criminal Actors
BidenCash leaks 2.1M stolen credit/debit cards- Security Affairs
Malicious PyPI package signals direction of cyber crime • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)
Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)
Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)
Scammers using voice-cloning A.I. to mimic relatives | Fortune
Alleged security breach leaves millions of dollars missing from Flutterwave accounts | TechCrunch
New Rise In ChatGPT Scams Reported By Fraudsters (informationsecuritybuzz.com)
Deepfakes
Insurance
Dark Web
Supply Chain and Third Parties
Snap CISO talks risky supply chain security business • The Register
SolarWinds IR lead: supply-chain attacks 'getting bigger' • The Register
AT&T confirms 9m wireless accounts exposed by third part • The Register
Software Supply Chain
Cloud/SaaS
Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks (thehackernews.com)
Hackers are quickly learning how to target cloud systems (axios.com)
Attack Surface Management
Asset Management
Encryption
New TPM 2.0 flaws could let hackers steal cryptographic keys (bleepingcomputer.com)
New Steganography Breakthrough Enables “Perfectly Secure” Digital Communications (scitechdaily.com)
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Stolen credentials increasingly empower the cyber crime underground | CSO Online
Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs
The Role of Verifiable Credentials In Preventing Account Compromise (darkreading.com)
Young government workers show poor password management habits - Help Net Security
Social Media
NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
Inadequate patches and advisories increase cyber risk - Help Net Security
Why do Businesses Need to Focus More on Cyber security (hackread.com)
Flashpoint: Threat vectors converging, increasing damage | TechTarget
How to achieve and shore up cyber resilience in a recession - Help Net Security
The cyber security landscape in the era of economic instability – Help Net Security
Models, Frameworks and Standards
Open letter demands OWASP overhaul, warns of mass project exodus | CSO Online
NIST Retooling Cyber security Framework to Reflect Changing Cyber scape – MSSP Alert
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)
FBI and international cops catch a NetWire RAT • The Register
Privacy, Surveillance and Mass Monitoring
Secret Service and ICE break the law with fake phone towers • The Register
Thought you'd opted out of online tracking? Think again • The Register
Artificial Intelligence
AI is taking phishing attacks to a whole new level of sophistication - Help Net Security
Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)
You can poison AI datasets for just $60, a new study shows (fastcompany.com)
Thousands scammed by AI voices mimicking loved ones in emergencies | Ars Technica
Vishing attacks increasing, but AI's role still unclear | TechTarget
AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)
Criminals will use ChatGPT to unleash wave of fraud, warns Darktrace (telegraph.co.uk)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
What can security teams learn from a year of cyber warfare? | Computer Weekly
Pegasus spyware used to spy on a Polish mayor- Security Affairs
Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)
Sharp Panda targets government entities in Southeast Asia- Security Affairs
Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert
Chinese cyber spies target unpatched SonicWall gear • The Register
Nation State Actors
What can security teams learn from a year of cyber warfare? | Computer Weekly
Russia Bans Messengers, Including WhatsApp, Telegram, And More (informationsecuritybuzz.com)
Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)
China-aligned APT is exploring new technology stacks for malicious tools - Help Net Security
Sharp Panda targets government entities in Southeast Asia- Security Affairs
Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert
Chinese cyber spies target unpatched SonicWall gear • The Register
Lazarus group infiltrated South Korean finance firm twice last year | CSO Online
New Chinese regulatory body expected to streamline data governance rules | CSO Online
Vulnerability Management
Inadequate patches and advisories increase cyber risk - Help Net Security
Build Cyber Resiliency With These Security Threat-Mitigation Considerations
Zero Day Threat Protection for Your Network (trendmicro.com)
557 CVEs Added to CISA's Known Exploited Vulnerabilities Catalog in 2022 - SecurityWeek
Machine Learning Improves Prediction of Exploited Vulnerabilities (darkreading.com)
Security Patch Management Strengthens Ransomware Defense (trendmicro.com)
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022 | TechTarget
Vulnerabilities
Researchers discover 'kill switch' in Starlink terminals - Security - iTnews
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (thehackernews.com)
Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing - SecurityWeek
Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com)
Chinese cyber spies target unpatched SonicWall gear • The Register
Bitwarden flaw can let hackers steal passwords using iframes (bleepingcomputer.com)
Veeam warns to install patches to fix a bug in Backup & Replication- Security Affairs
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)
Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks - SecurityWeek
Jenkins Server Vulnerabilities Chained for Remote Code Execution - SecurityWeek
Other News
Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)
Tracking device technology: A double-edged sword for CISOs | CSO Online
From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)
What CISOs need to understand about document signing - Help Net Security
Thousands of websites hacked as part of redirection campaign- Security Affairs
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.