Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 12 January 2024
Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:
-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
-Cyber Insecurity and Misinformation Top WEF Global Risk List
-Why Effective Cyber Security and Risk Management are Crucial for Business Growth
-The Cost of Dealing with a Cyber Attack Doubled Last Year
-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
-Mandiant, SEC Lose Control of X Accounts Without 2FA
-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
-Cyber Security is the Number One Priority for the Financial Sector Again
-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.
When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.
Sources: [Lexology] [Security Brief]
Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.
Sources: [Data Breaches] [UK mortgage news] [The Hacker News]
Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.
Source: [TechRadar]
Cyber Insecurity and Misinformation Top WEF Global Risk List
In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.
Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.
Source: [Infosecurity Magazine]
Why Effective Cyber Security and Risk Management are Crucial for Business Growth
Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.
Source: [World Economic Forum]
The Cost of Dealing with a Cyber Attack Doubled Last Year
New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.
Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.
Source: [TechRadar]
Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.
The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.
Source: [Security Week] [Dark Reading]
Mandiant, SEC Lose Control of X Accounts Without 2FA
While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.
In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.
Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.
Source: [Dark Reading]
If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling. Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.
Source: [Help Net Security]
82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.
Sources: [Infosecurity Magazine] [SecurityWeek]
Cyber Security is the Number One Priority for the Financial Sector Again
In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.
Sources: [The Fintech Times] [Islamic Finance News]
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.
Source: [Security Boulevard]
Governance, Risk and Compliance
If you prepare, a data security incident will not cause an existential crisis - Help Net Security
IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)
The cost of dealing with a cyber attack doubled last year | TechRadar
Board Priorities 2024: Cyber preparedness & resilience - Lexology
Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)
Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
The expanding scope of CISO duties in 2024 - Help Net Security
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
The power of basics in 2024's cyber security strategies - Help Net Security
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
Threats
Ransomware, Extortion and Destructive Attacks
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)
There is a Ransomware Armageddon Coming for Us All (thehackernews.com)
Ransomware victims targeted in follow-on extortion attacks • The Register
Swatting: The new normal in ransomware extortion tactics • The Register
Another top US mortgage firm hit by major cyber attack | TechRadar
Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Babuk ransomware decryptor updated with Tortilla support • The Register
"Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)
Ransomware payment ban: Wrong idea at the wrong time • The Register
Ransomware Victims
In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard
Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin
Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)
Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)
LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)
Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch
HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week
Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im
Ransomware wrecks Paraguay’s largest telco (databreaches.net)
Phishing & Email Based Attacks
Uncovering the hidden dangers of email-based attacks - Help Net Security
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
Female cyber pros group targeted in phishing scam | IT Business
Artificial Intelligence
Adapting Security to Protect AI/ML Systems (darkreading.com)
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Why Cyber Security Is Foundational To AI Safety (forbes.com)
FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)
The growing challenge of cyber risk in the age of synthetic media - Help Net Security
Securing AI systems against evasion, poisoning, and abuse - Help Net Security
Staying One Step Ahead of Hackers When It Comes to AI | WIRED
New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW
AI discovers that not every fingerprint is unique (techxplore.com)
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
2FA/MFA
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
Malware
A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Linux devices are under attack by a never-before-seen worm | Ars Technica
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Mobile
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
Internet of Things – IoT
Coming Soon to a Network Near You: More Shadow IoT - Security Week
The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard
Surveyed drivers prefer low-tech cars over data-sharing ones • The Register
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
Data Breaches/Leaks
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)
Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch
Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)
Organised Crime & Criminal Actors
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard
Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Cryptocurrency community lost over $100 million last week (coinpaper.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED
Insider Risk and Insider Threats
Insurance
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Supply Chain and Third Parties
Cloud/SaaS
SaaS cyber crime levels are expected to rise this year - Digital Journal
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
Identity and Access Management
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
What is credential stuffing and how do you keep your accounts safe from it (engadget.com)
Social Media
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)
Sexual assault in the metaverse investigated by British police • Graham Cluley
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)
Malvertising
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Regulations, Fines and Legislation
US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online
SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra
What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard
Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)
Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke
Models, Frameworks and Standards
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
Nation State Actors
China
AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop
Bribed US Navy sailor sold secrets to China for just $14k • The Register
China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week
Russia
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)
Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register
Ukraine is on the front lines of global cyber security - Atlantic Council
Iran
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)
North Korea
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week
Young Britons exposed to online radicalisation following Hamas attack - BBC News
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Vulnerability Management
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week
Researchers develop technique to prevent software bugs - Help Net Security
Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard
Vulnerabilities
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)
Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)
Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week
KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)
Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)
CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week
Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security
Tools and Controls
Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
APIs are increasingly becoming attractive targets - Help Net Security
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)
Other News
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)
A cyber attack hit the Beirut International Airport (securityaffairs.com)
Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop
Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)
6 of the biggest threats banks faced in 2023 | American Banker
US to hospitals: Meet security standards or no federal money • The Register
Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)
Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 December 2023
Black Arrow Cyber Threat Intelligence Briefing 08 December 2023:
-Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
-Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says Government
-NCSC CTO Cyber Security is Essential, Not Optional
-69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
-75% of Sports Related Passwords are Reused Across Accounts
-Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
-Ransomware, Vendor Hacks Push Breach Number to Record High
-Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
-Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
-US Government Agency Was Hacked Thanks to 'End of Life' Software
-Digital Transformation, Security Implications, and their Effects on The Modern Workplace
-Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
-Report Reveals Sorry State of Cyber Security at UK Football Clubs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.
When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.
Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]
Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government
The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.
Sources: [BBC News] [ Security Affairs]
NCSC CTO: Cyber Security is Essential, Not Optional
Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.
The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.
Sources: [Infosecurity Magazine] [Dark Reading]
69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.
A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.
Sources: [ITPro] [Beta News] [Security Magazine]
75% of Sports Related Passwords are Reused Across Accounts
According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.
Sources: [Security Magazine] [Help Net Security]
Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.
Sources: [Barrons] [Help Net Security] [Computer Weekly]
Ransomware, Vendor Hacks Push Breach Number to Record High
The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.
Source: [Info Risk Today]
Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.
Sources: [Emerging Risks]
Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.
Source: [Property Industry Eye]
US Government Agency Was Hacked Thanks to 'End of Life' Software
The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.
Source:[ TechCrunch]
Digital Transformation, Security Implications, and their Effects on The Modern Workplace
The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.
Source:[ Forbes]
Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.
Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.
Sources: [Help Net Security]
Report Reveals Sorry State of Cyber Security at UK Football Clubs
A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.
Source: [Computer Weekly]
Governance, Risk and Compliance
A fifth of UK businesses victims of cyber attacks in past year - Insurance Age
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
Digital Transformation And Its Effects On The Modern Workplace (forbes.com)
UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)
Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar
Cyber and remote working: How Covid moved the cursor | Computer Weekly
Why effective cyber security is more important than ever for European family offices | Campden FB
Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal
Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)
Threats
Ransomware, Extortion and Destructive Attacks
69% of organisations facing ransomware attacks paid the ransom | Security Magazine
2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly
Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)
Ransomware attack costs are driving up inflation in the UK | ITPro
Ransomware ramped up against private sector in November | TechTarget
BlackCat threatens to directly extort vendor's customers • The Register
New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)
How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
Expert warns of Turtle macOS ransomware (securityaffairs.com)
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)
Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)
LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Ransomware Victims
60 US credit unions offline after cloud ransomware infection • The Register
'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)
Western Isles Council 'counting cost' of November's cyber attack - BBC News
Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)
Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media
Phishing & Email Based Attacks
Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)
US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)
Booking.com users angry at firm's response to hacks - BBC News
Hershey warns of data breach following phishing attack (therecord.media)
This huge Russian phishing campaign is hitting targets across the world | TechRadar
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Exploring the impact of generative AI in the 2024 presidential election - Help Net Security
Put guardrails around AI use to protect your org, but be open to changes - Help Net Security
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security
Malware
Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)
Mac users are being targeted again with dangerous malware - here's what to know | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)
Hackers switch from email attacks to downloads (therecord.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Mobile
Android users warned about new threat after one victim loses $280K - PhoneArena
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek
Top mobile password managers could be exposing user details | TechRadar
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)
Data Breaches/Leaks
23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)
23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Data breach debacle hits yet another UK public sector org • The Register
Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)
Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)
Hershey warns of data breach following phishing attack (therecord.media)
Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)
GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Organised Crime & Criminal Actors
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)
Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)
Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra
Supply Chain and Third Parties
Third-party breaches shake the foundations of the energy sector - Help Net Security
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
60 US credit unions offline after cloud ransomware infection • The Register
Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
BlackCat threatens to directly extort vendor's customers • The Register
Cloud/SaaS
60 US credit unions offline after cloud ransomware infection • The Register
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Encryption
Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)
HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Linux and Open Source
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Passwords, Credential Stuffing & Brute Force Attacks
75% of sports-related passwords are reused across accounts | Security Magazine
New Relic admits attack on staging systems, user accounts • The Register
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
Top mobile password managers could be exposing user details | TechRadar
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor
Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)
UK government denies China/Russia nuke plant hack claim • The Register
Russia
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News
NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)
2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)
Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)
Fancy Bear goes phishing in US, European high-value networks • The Register
This huge Russian phishing campaign is hitting targets across the world | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
Iran
Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek
US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg
North Korea
Vulnerability Management
CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch
CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
Key drivers of software security for financial services - Help Net Security
Vulnerabilities
Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)
Quick: Update iPhones and Macs – WebKit security hole found • The Register
VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek
Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)
Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop
Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek
Tools and Controls
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How to recover systems in the event of a cyber attack | Computer Weekly
How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)
How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget
Why you should create a physical security standard for your company (securitybrief.co.nz)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek
Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online
Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia
Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)
When Should You Replace A Cyber Security Vendor? (forbes.com)
Are companies falling behind on cyber security awareness training? | CTV News
Other News
NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review
Ofcom publishes UK age verification proposals • The Register
Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek
US aerospace companies are facing dangerous new cyber attacks | TechRadar
Report reveals sorry state of cyber security at UK football clubs | Computer Weekly
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)
Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)
The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag
Public sector has misplaced confidence in cyber security (securitybrief.co.nz)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 July 2023
Black Arrow Cyber Threat Briefing 14 July 2023:
-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves
-Helping Boards Understand Cyber Risks
-Enterprise Risk Management Should Inform Cyber Risk Strategies
-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
-20% of Malware Attacks Bypass Antivirus Protection
-Ransomware Payments and Extortion Spiked Compared to 2022
-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
-Scam Page Volumes Surge 304% Annually
-Financial Industry Faces Soaring Ransomware Threat
-The Need for Risk-Based Vulnerability Management to Combat Threats
-Government Agencies Breached in Microsoft 365 Email Attacks
-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves
The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.
Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.
Helping Boards Understand Cyber Risks
A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.
It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.
Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.
https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/
Enterprise Risk Management Should Inform Cyber Risk Strategies
While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.
Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.
Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.
This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.
The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.
https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/
20% of Malware Attacks Bypass Antivirus Protection
In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).
Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.
https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/
Ransomware Payments and Extortion Spiked Compared to 2022
A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.
It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.
https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/
AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.
The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.
Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.
https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/
Scam Page Volumes Surge 304% Annually
Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.
It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.
https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/
Financial Industry Faces Soaring Ransomware Threat
The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.
https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.
By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.
Government Agencies Breached in Microsoft 365 Email Attacks
Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.
Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.
Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.
Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.
https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/
Governance, Risk and Compliance
CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security
Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)
AI, trust, and data security are key issues for finance firms and their customers | ZDNET
Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert
UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch
Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)
Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)
Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)
BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)
Ransomware Victims
Capita admits hackers also stole staff’s personal details (thetimes.co.uk)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Barts NHS hack leaves folks on tenterhooks over extortion • The Register
Scottish university cyber attack under investigation | The National
Phishing & Email Based Attacks
New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)
Number of email-based phishing attacks surges 464% - Help Net Security
Chinese hackers compromised emails of US Government agencies- -Security Affairs
Microsoft: Government agencies breached in email attacks | TechTarget
RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security
Top 10 Email Security Best Practices in 2023 (gbhackers.com)
Other Social Engineering; Smishing, Vishing, etc
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)
How hackers are now targeting your voice and how to protect yourself | Fox News
Artificial Intelligence
How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)
ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica
Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop
Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop
2FA/MFA
Malware
20% of malware attacks bypass antivirus protection - Help Net Security
Malware delivery to Microsoft Teams users made easy - Help Net Security
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)
Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)
Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)
Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld
BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
Mobile
Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs
The FCC aims to stop SIM swappers with new rules - The Verge
Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)
Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security
Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy
Internet of Things – IoT
Data Breaches/Leaks
So you gave personal info to a company caught in a data breach. Now what? | CBC News
HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)
US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Capita attackers reportedly stole data from pension fund • The Register
Twenty Manx public authorities reprimanded for data breach - BBC News
Bangladesh government website leaked data of millions of citizens-Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber security professional accused of stealing $9M in crypto | TechCrunch
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Insider Risk and Insider Threats
How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)
Former employee charged for attacking water treatment plant (bleepingcomputer.com)
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
Fraud, Scams & Financial Crime
E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)
The FCC aims to stop SIM swappers with new rules - The Verge
Insurance
Dark Web
Supply Chain and Third Parties
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Capita attackers reportedly stole data from pension fund • The Register
MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek
Cloud/SaaS
Only 45% of cloud data is currently encrypted - Help Net Security
Microsoft alleges China behind attack on Exchange Online • The Register
For stronger public cloud data security, use defence in depth | TechTarget
Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)
Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Encryption
API
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Open Source
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
The EU’s Product Liability Directive could kill open source | TechRadar
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)
Travel
Regulations, Fines and Legislation
How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)
A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek
The EU’s Product Liability Directive could kill open source | TechRadar
Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly
Models, Frameworks and Standards
How to map security gaps to the Mitre ATT&CK framework | TechTarget
Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Russia-based actor exploited unpatched Office zero day | TechTarget
SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)
Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)
Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)
Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)
Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert
Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
China
Chinese hackers compromised emails of US Government agencies-Security Affairs
UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent
Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)
Iran
North Korea
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Vulnerabilities
MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)
After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)
Russia-based actor exploited unpatched Office zero day | TechTarget
Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)
Raising concerns over Google Authenticator’s new features | TechRadar
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek
Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)
Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs
Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)
Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs
OT/ICS Vulnerabilities
Tools and Controls
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Infrastructure upgrades alone won't guarantee strong security - Help Net Security
What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget
Overcoming user resistance to passwordless authentication - Help Net Security
Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)
3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)
The history, evolution and current state of SIEM | TechTarget
Attack Surface Management: Identify and protect the unknown - Help Net Security
How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)
Intrusion Detection & Prevention Systems Guide (trendmicro.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Wi-Fi AP placement best practices and security policies | TechTarget
For stronger public cloud data security, use defence in depth | TechTarget
Other News
White House Urged to Quickly Nominate National Cyber Director (darkreading.com)
The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)
Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security
Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 June 2023
Black Arrow Cyber Threat Briefing 16 June 2023:
-Hacker Gang Clop Deploys Extortion Tactics Against Global Companies
-Social Engineering Drives BEC Losses to $50B Globally
-Creating A Cyber-Conscious Culture—It Must Be Driven from the Top
-Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?
-Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs
-Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands
-A Recent Study Shows Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour as the Cost of Living Crisis Worsens, Driving Insider Threat Concerns
-Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign
-Europol Warns of Metaverse and AI Terror Threat
-What is AI, and is it Dangerous?
-Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?
-Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hacker Gang Clop Deploys Extortion Tactics Against Global Companies
The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.
The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.
https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9
Social Engineering Drives BEC Losses to $50B Globally
Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.
Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.
https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally
Creating A Cyber Conscious Culture—It Must Be Driven from the Top
Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.
The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.
Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?
From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs
Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.
More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.
Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.
Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands
A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.
A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.
Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour
A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.
Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.
The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.
https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/
Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign
Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.
https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html
https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html
Europol Warns of Metaverse and AI Terror Threat
New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.
Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.
https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/
What is AI, and is it Dangerous?
Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.
Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.
https://www.bbc.co.uk/news/technology-65855333
https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html
Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?
With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.
Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.
Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities
The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.
This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.
Governance, Risk and Compliance
Creating A Cyber-Conscious Culture—It Must Be Driven From The Top (forbes.com)
Most businesses vulnerable to attacks on the cyber battlefield - The Globe and Mail
10 Important Security Tasks You Shouldn't Skip (darkreading.com)
Enhancing security team capabilities in tough economic times - Help Net Security
Ignoring digital transformation is more dangerous than a recession - Help Net Security
Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)
Lax security measures, sophisticated hackers reason for rise in cyber breaches (ewn.co.za)
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert
Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online
Red teaming can be the ground truth for CISOs and execs - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
CL0P Ransomware Gang Hits Multiple Governments, Businesses in Wide-Scale Attack - MSSP Alert
How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)
Researchers Report First Instance of Automated SaaS Ransomware Extortion (darkreading.com)
Why Critical Infrastructure Remains a Ransomware Target (darkreading.com)
Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)
CISA: LockBit ransomware extorted $91 million in 1,700 US attacks (bleepingcomputer.com)
Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)
To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)
Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)
Ransomware Victims
Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register
Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)
Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (therecord.media)TfL warns 13,000 staff that it was raided by Russian hackers (telegraph.co.uk)
Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)
An Illinois hospital links closure to ransomware attack (nbcnews.com)
US energy department, other agencies hit in global hacking spree | Reuters
iTWire - Financial services firm FIIG hit by cyber attack, ALPHV claims credit
Xplain data breach also impacted national Swiss railway FSS - Security Affairs
Rhysida ransomware leaks documents stolen from Chilean Army (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign | CSO Online
Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organisations (thehackernews.com)
Log4J exploits may rise further as Microsoft continues war on phishing | ITPro
Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam (darkreading.com)
Massive phishing campaign uses 6,000 sites to impersonate 100 brands (bleepingcomputer.com)
BEC – Business Email Compromise
Microsoft warns of multi-stage AiTM phishing and BEC attacks - Security Affairs
Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)
Artificial intelligence is coming to Windows: Are your security policy settings ready? | CSO Online
Europol Warns of Metaverse and AI Terror Threat - Infosecurity Magazine (infosecurity-magazine.com)
How Europe is Leading the World in the Push to Regulate AI - SecurityWeek
AI is moving too fast to regulate, security minister warns (telegraph.co.uk)
AI to render humans 'second most intelligent creations' | ITWeb
LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs
What is AI, is it dangerous and what jobs are at risk? - BBC News
Calculations Suggest It'll Be Impossible to Control a Super-Intelligent AI : ScienceAlert
2FA/MFA
Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert
Small organisations outpace large enterprises in MFA adoption - Help Net Security
Malware
New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies (thehackernews.com)
New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)
Pirated Windows 10 ISOs install clipper malware via EFI partitions (bleepingcomputer.com)
Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)
Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)
LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs
New ‘Shampoo’ Chromeloader malware pushed via fake warez sites (bleepingcomputer.com)
Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)
Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits - SecurityWeek
Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities (thehackernews.com)
Mobile
Denial of Service/DoS/DDOS
Microsoft’s Azure portal down following new claims of DDoS attacks (bleepingcomputer.com)
DOS Attacks Dominate, but System Intrusions Cause Most Pain (darkreading.com)
Swiss government warns of ongoing DDoS attacks, data leak (bleepingcomputer.com)
IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)
10 Different Types of DDoS Attacks and How to Prevent Them (geekflare.com)
Exclusive: Inside FXStreet's DDoS Attack (financemagnates.com)
Internet of Things – IoT
IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)
How secure is your vehicle with digital key technology? - Help Net Security
Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers | Hackaday
Data Breaches/Leaks
Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch
New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)
Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat
Xplain data breach also impacted national Swiss railway FSS - Security Affairs
Examining the long-term effects of data privacy violations - Help Net Security
A Massive Vaccine Database Leak Exposes IDs of Millions of Indians | WIRED
Swiss Fear Government Data Stolen in Cyber attack - SecurityWeek
Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register
Have I Been Pwned warns of new Zacks data breach impacting 8 million (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers steal $3 million by impersonating crypto news journalists (bleepingcomputer.com)
Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme (thehackernews.com)
New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)
Cryptocurrency Attacks Quadrupled as Cyber criminals Cash In (darkreading.com)
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)
Insider Risk and Insider Threats
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert
Insider Threat Vs Outsider Threat: Which Is Worse? (informationsecuritybuzz.com)
Fraud, Scams & Financial Crime
Impersonation Attacks
Insurance
Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)
Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online
Dark Web
Supply Chain and Third Parties
Cloud/SaaS
SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint - SecurityWeek
New MOVEit Transfer critical flaws found after security audit, patch now (bleepingcomputer.com)
Seven steps for using zero trust to protect your multicloud • The Register
New cloud security guidance: it's all about the config - NCSC.GOV.UK
Microsoft keeps quiet on talk of possible Azure DDoS attack • The Register
Encryption
Open Source
Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)
Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Thoughts on scheduled password changes (don’t call them rotations!) – Naked Security (sophos.com)
Microsoft misused our dark web data, says security vendor • The Register
RDP honeypot targeted 3.5 million times in brute-force attacks (bleepingcomputer.com)
Want to be hacked? Just make these password mistakes | Tom's Guide (tomsguide.com)
Training, Education and Awareness
Digital Transformation
Regulations, Fines and Legislation
AI is moving too fast to regulate, security minister warns (telegraph.co.uk)
Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register
Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)
Yet more direct calling fiends fined by UK's data watchdog • The Register
How Europe is Leading the World in the Push to Regulate AI - SecurityWeek
Feds extend deadline for software security attestations • The Register
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Examining the long-term effects of data privacy violations - Help Net Security
Strava heatmap feature can be abused to find home addresses (bleepingcomputer.com)
US Intelligence Has Admitted Amassed Data on 'Nearly Everyone' (gizmodo.com)
Feds Say Facial Recognition IDed Bosnian War Criminal Miljkovic (gizmodo.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin’s little cyber helpers turn their sights on the UK (telegraph.co.uk)
Russia-Ukraine war sending shockwaves into cyber-ecosystem • The Register
Ukrainian hackers take down service provider for Russian banks (bleepingcomputer.com)
RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare (darkreading.com)
Pro-Russian hackers step up attacks against Swiss targets, authorities say | Reuters
Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)
Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)
Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)
Pro-Russian Hackers Target Website of Europe’s Largest Port in Rotterdam - Bloomberg
Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine - Security Affairs
Russia-backed hackers unleash new USB-based malware on Ukraine’s military | Ars Technica
Nation State Actors
Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)
Iran's 'quantum processor' turned out to be a $600 dev board | PC Gamer
China-based threat actors target UIDAI, AIIMS, ICMR: Govt advisory (moneycontrol.com)
Subsea cables: how the US is pushing China out of the internet’s plumbing
Ukraine information sharing a model for countering China, top cyber official says | CyberScoop
Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs (darkreading.com)
North Korea created evil twin of South Korea's Naver.com • The Register
Behind the Scenes Unveiling the Hidden Workings of Earth Preta (trendmicro.com)
Gloucester: Russian hackers behind cyber-attack on council - BBC News
Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT (darkreading.com)
Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)
Vulnerability Management
Vulnerabilities
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack (thehackernews.com)
Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News
Fortinet: Patched Critical Flaw May Have Been Exploited (darkreading.com)
Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News
CISA orders federal agencies to secure Internet-exposed network devices (bleepingcomputer.com)
Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs (bleepingcomputer.com)
Log4J exploits may rise further as Microsoft continues war on phishing | ITPro
New Critical Google Chrome Payments Security Issue Confirmed (forbes.com)
Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin (thehackernews.com)
VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) - Help Net Security
US energy department, other agencies hit in global hacking spree | Reuters
Tools and Controls
Ignoring digital transformation is more dangerous than a recession - Help Net Security
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert
Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online
Red teaming can be the ground truth for CISOs and execs - Help Net Security
How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)
What is Dark Web Monitoring and How Does It Work? | Trend Micro News
New cloud security guidance: it's all about the config - NCSC.GOV.UK
Why Now? The Rise of Attack Surface Management (thehackernews.com)
Exploring the All-Time Best Book for Ethical Hacking – Codelivly
Enhancing security team capabilities in tough economic times - Help Net Security
Small organisations outpace large enterprises in MFA adoption - Help Net Security
MSSQL makes up 93% of all activity on honeypots tracking 10 databases | SC Media (scmagazine.com)
5 best practices to ensure the security of third-party APIs | CSO Online
Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 September 2022
Black Arrow Cyber Threat Briefing 30 September 2022:
-UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
-Cyber Criminals See Allure in BEC Attacks Over Ransomware
-Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
-Global Firms Deal with 51 Security Incidents Each Day
-Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
-Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack?
-Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
-More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
-How To Outsmart Increasingly Complex Cyber Attacks
-Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
-Cyber Threats Top Business Leaders' Biggest Concerns
-Fired Admin Cripples Former Employer's Network Using Old Credentials
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House last week came just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyber attacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.
Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyber space – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.”
Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.
Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security in light of the situation in Ukraine. “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.
In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organisations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.
Cyber Criminals See Allure in BEC Attacks Over Ransomware
While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organisations.
BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022. That's according to Arctic Wolf's "1H 2022 Incident Response Insights" report, published on 29 September, which found that specific industries — including financial, insurance, business services, and law firms, as well as government agencies — experienced more than double their previous number of cases, the company said.
Overall, the number of BEC attacks encountered per email box has grown by 84% in the first half of 2022, according to data from cyber security firm Abnormal Security.
Meanwhile, so far this year, threat reports released by organisations have revealed contradictory trends for ransomware. Arctic Wolf and the Identity Theft Resource Center (ITRC) have seen drops in the number of successful ransomware attacks, while business customers seem to be encountering ransomware less often, according to security firm Trellix. At the same time, network security firm WatchGuard had a contrary take, noting that its detection of ransomware attacks skyrocketed 80% in the first quarter of 2022, compared with all of last year.
The surging state of BEC landscape is unsurprising because BEC attacks offer cyber criminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress. Threat actors are unfortunately very opportunistic.
For that reason, BEC — which uses social engineering and internal systems to steal funds from businesses — continues to be a stronger source of revenue for cyber criminals. In 2021, BEC attacks accounted for 35%, or $2.4 billion, of the $6.9 billion in potential losses tracked by the FBI's Internet Crime Complaint Center (IC3), while ransomware remained a small fraction (0.7%) of the total.
https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware
Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
A new survey of 300 ethical hackers provides insight into not only the most common means of initial access, but how a complete end-to-end attack happens.
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.
The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organisations, with different levels of experience and specialisations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.
The survey highlights the need for organisations to improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly improve the success rate and speed of attack.
When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour.
Global Firms Deal with 51 Security Incidents Each Day
Security operations (SecOps) teams are struggling to respond to dozens of cyber security incidents every single day, according to a new report from Trellix.
The security vendor polled 9000 security decision makers from organisations with 500+ employees across 15 markets to compile its latest study, ‘XDR: Redefining the future of cyber security’.
It found that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed that they are “inundated by a never-ending stream of cyber-attacks.”
Part of the problem is the siloed nature of security and detection and response systems, the study claimed. Some 60% of respondents argued that poorly integrated products mean teams can’t work efficiently, while a third (34%) admitted they have blind spots. It’s perhaps no surprise, therefore, that 60% admitted they can’t keep pace with the rapid evolution of security threats.
This could be having a major impact on the bottom line. The vast majority (84%) of security decision makers that Trellix spoke to estimated that their organisation lost up to 10% of revenue from security breaches in the past year.
Medium size businesses ($50–$100m in revenue) lost an average of 8% in revenue, versus 5% for large businesses with a turnover of $10bn–$25bn. That could mean hundreds of millions of dollars are being thrown away each year due to inadequate SecOps.
https://www.infosecurity-magazine.com/news/global-firms-51-security-incidents/
Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
Last quarter saw a record-shattering number of observed phishing attacks, fuelled in large part by attempts to target users on their mobile devices.
The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.
The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.
But much of the rise in phishing volume is due to a new threat actor focus on mobile devices, specifically vishing (voice phishing) and smishing (SMS phishing) attacks, the report noted.
https://www.darkreading.com/attacks-breaches/phishing-attacks-crushed-records-last-quarter
Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack
According to new data from Databarracks, 44% of the organisations who experienced a ransomware assault paid the demanded ransom. 22% made use of ransomware decryption software, while 34% restored data from backups.
The Databarracks 2022 Data Health Check produced the results. The annual report has been collecting data on ransomware, cyber, backup, disaster recovery, and business continuity from more than 400 UK IT decision-makers since 2008.
From the victim’s standpoint, it’s logical why you may pay a ransom. You are unable to handle orders or provide customer support, and losses mount swiftly. Downtime expenses can easily surpass the ransom.
Organisations may believe that paying the ransom will solve the issue more quickly, allowing them to resume operations as usual. This strategy is faulty for a number of causes.
First of all, there is no assurance that your data will be returned. Second, once criminals know an organisation is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, you are assisting the crooks by demonstrating that their strategies are effective.
Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cyber security specialist Hornetsecurity.
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.
Cyber attacks are happening more frequently. Last year's ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.
Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. The survey shows that many in the IT community have a false sense of security as bad actors develop new techniques.
The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.
Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyber attack.
In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.
More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
A recent survey from machine identity solutions provider Venafi aimed to explore the complexity of cloud environments and the resulting impact on cyber security.
Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.
Twenty-four percent of the firms have more than 10,000 employees. Ninety-two percent of the SDMs are at manager level or above, with 49% at c-suite level or higher.
Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.
The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.
Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorised access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).
Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues such as those from GDPR (31%), unauthorised access (28%), and nation state attacks (26%).
https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise
How To Outsmart Increasingly Complex Cyber Attacks
Threat detection is harder today than it was two years ago. Next year will be harder than this year. Why? It’s a compounding effect from skills shortages and threat varieties that’s making it more challenging for any one product to handle key security wins. And cyber security is a constantly evolving sector with 2022 a devastating year for cyber security. Both hackers and security experts are always in a battle to outsmart each other.
Even for businesses with good IT departments, data protection can too quickly become an afterthought. Today’s threat landscape is growing, not just in the frequency of attacks (and the number of high-profile breaches recorded in the media) but so is the complexity of any given threat. A recent piece of research found that in 93 percent of cases, an external attacker can breach an organisation’s network perimeter and gain access to local network resources. Following increasing levels of cyber-attacks, it’s a case of “not if I will be hit by a ransomware attack,” but “when…” Organisations need to do something to mitigate the risk and protect their businesses, and they need to do it now.
Planning and executing a better defence to outsmart attackers and win more security battles doesn’t have to feel like a military operation – but it does require the right service coverage to remove blind spots and reduce emerging risks before they escalate.
https://informationsecuritybuzz.com/articles/how-to-outsmart-increasingly-complex-cyber-attacks/
Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
Fortifying cyber security defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA.
While a majority of respondents in each of seven geographic regions feels that their company’s cyber security is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.
“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, VP of industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cyber security. Risk mitigation is the key, the filter through which everything should be viewed.”
Two of the top three issues driving cyber security considerations are the growing volume of cyber criminals, cited by 48% of respondents, and the growing variety of cyber attacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cyber security, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cyber security.”
As cyber security is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy.
https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/
Cyber Threats Top Business Leaders' Biggest Concerns
Cyber threats are the number one concern for business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers. The firm polled over 1200 business leaders to compile its 2022 Travelers Risk Index report.
This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organisation is inevitable. A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.
The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.
However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organisation’s security posture.
Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%). Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access. This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.
Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions.
Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.
https://www.infosecurity-magazine.com/news/cyberthreats-top-business-big/
Fired Admin Cripples Former Employer's Network Using Old Credentials
After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.
Casey K Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract. The US Department of Justice says in a press release that the defendant pled guilty to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.
To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel. In the end, the victimised company learned who was responsible for the sabotage after reporting the cyber security incident to the FBI.
Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.
While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.
Threats
Ransomware and Extortion
Ransomware data theft tool may show a shift in extortion tactics (bleepingcomputer.com)
The various ways ransomware impacts your organization - Help Net Security
New Royal Ransomware emerges in multi-million dollar attacks (bleepingcomputer.com)
Research: 20% of All Reported Ransomware Attacks Occurred in the Last 12 Months - MSSP Alert
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (thehackernews.com)
Noberus ransomware gets info-stealing upgrades • The Register
SQL Server admins warned to watch for Fargo ransomware • The Register
BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (darkreading.com)
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (bleepingcomputer.com)
NCC Group: IceFire ransomware gang ramping up attacks (techtarget.com)
MS SQL servers are getting hacked to deliver ransomware to orgs - Help Net Security
Hackers Leak French Hospital Patient Data in Ransom Fight | SecurityWeek.Com
Oxford Health: Cyber attack continues to hit NHS trust's services - BBC News
LA School District Ransomware Attackers Now Threaten to Leak Stolen Data (darkreading.com)
Phishing & Email Based Attacks
Fake US govt job offers push Cobalt Strike in phishing attacks (bleepingcomputer.com)
Germany arrests hacker for stealing €4 million via phishing attacks (bleepingcomputer.com)
Capital One Phish Showcases Growing Bank-Brand Targeting Trend (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
How cyber criminals use public online and offline data to target employees | CSO Online
Beware Revolut frozen card scams sent via SMS text • Graham Cluley
IRS warns Americans of massive rise in SMS phishing attacks (bleepingcomputer.com)
Malware
Office exploits continue to spread more than any other category of malware - Help Net Security
This credit card-stealing malware is spreading like wildfire | Digital Trends
Hacking group hides backdoor malware inside Windows logo image (bleepingcomputer.com)
Hackers now sharing cracked Brute Ratel post-exploitation kit online (bleepingcomputer.com)
Cobalt Strike malware campaign targets job seekers (techtarget.com)
New Botnet 'Chaos' Targeting Linux, Windows Systems (informationsecuritybuzz.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Quantum Builder tool helps criminals spread Windows RATs • The Register
Unit 42 finds polyglot files delivering IcedID malware (techtarget.com)
Hackers use PowerPoint files for 'mouseover' malware delivery (bleepingcomputer.com)
Does AI-powered malware exist in the wild? Not yet (techtarget.com)
New Erbium password-stealing malware spreads as game cracks, cheats (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Mobile
WhatsApp 0-Day Bug Let Hackers Execute an Arbitary Code Remotely (gbhackers.com)
Adware on Google Play and Apple Store installed 13 million times (bleepingcomputer.com)
Samsung facing class action suit after customer data leak • The Register
Inside a cyber attack method that targets your cellphone - The Washington Post
Internet of Things – IoT
Data Breaches/Leaks
Watchfinder warns customers that hackers stole their data • Graham Cluley
Shangri-La hotels Customer Database Hacked | SecurityWeek.Com
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (thehackernews.com)
Australia government wants Optus to pay for data breach | ZDNET
Organised Crime & Criminal Actors
Ukraine Arrests Cyber Crime Group for Selling Data of 30 Million Accounts (thehackernews.com)
New hacking group ‘Metador’ lurking in ISP networks for months (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scams targeting crypto enthusiasts are becoming increasingly common - Help Net Security
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cyber sleuth alleges $160M Wintermute hack was an inside job (cointelegraph.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Identities Stolen From 1 In 4 Internet Users (informationsecuritybuzz.com)
Fake Sites Siphon Millions of Dollars in 3-Year Scam (darkreading.com)
Here’s how crooks are using deepfakes to scam your biz • The Register
Deepfakes
Reshaping the Threat Landscape: Deepfake Cyber attacks Are Here (darkreading.com)
The deepfake danger: When it wasn’t you on that Zoom call | CSO Online
Software Supply Chain
Denial of Service DoS/DDoS
Hackers are making DDoS attacks sneakier and harder to protect against | ZDNET
UK's MI5 website briefly hit by denial of service attack - BBC | Reuters
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cloud/SaaS
Cloud security trends: What makes cloud infrastructure vulnerable to threats? - Help Net Security
81% of Companies Suffered A Cloud Security Incident Last Year – (informationsecuritybuzz.com)
What Lurks in the Shadows of Cloud Security? (darkreading.com)
Open Source
Open source projects under attack, with enterprises as the ultimate targets - Help Net Security
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Numerous orgs hacked after installing weaponized open source apps | Ars Technica
Passwords, Credential Stuffing & Brute Force Attacks
The Country Where You Live Impacts Password Choices (darkreading.com)
Five Steps to Mitigate the Risk of Credential Exposure (thehackernews.com)
Social Media
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
Ofcom chair says tech firms must prioritise safety alongside clicks | Ofcom | The Guardian
UK may fine TikTok $29 million for failing to protect children's privacy | Reuters
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows | SecurityWeek.Com
Mystery hackers are “hyperjacking” targets for insidious spying | Ars Technica
Cyber espionage group developed backdoors tailored for VMware ESXi hypervisors | CSO Online
Taiwanese citizens prepare for possible cyber war (axios.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (thehackernews.com)
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Meta dismantles massive Russian network spoofing Western news sites (bleepingcomputer.com)
Nation State Actors – China
Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks | SecurityWeek.Com
China’s infosec researchers may have dodged vuln report ban` • The Register
Nation State Actors – North Korea
Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings (darkreading.com)
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerabilities
Exchange Server zero-day being actively exploited • The Register
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet (darkreading.com)
Cisco Patches High-Severity Vulnerabilities in Networking Software | SecurityWeek.Com
Sophos fixes critical code injection bug under exploit • The Register
Zoho ManageEngine flaw is actively exploited, CISA warns | CSO Online
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Google Quashes 5 High-Severity Bugs With Chrome 106 Update (darkreading.com)
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (thehackernews.com)
Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws | WIRED
Reports Published in the Last Week
Other News
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks | SecurityWeek.Com
Poll Of IT Security Pros Suggests Gaps In UK Cyber Defence (informationsecuritybuzz.com)
Why Organisations Need Both EDR and NDR for Complete Network Protection (thehackernews.com)
Lessons From the GitHub Cyber Security Breach (darkreading.com)
Data security trends: 7 statistics you need to know - Help Net Security
Why does a Legacy WAF Fail to “Catch” Sophisticated Attacks? (informationsecuritybuzz.com)
Akamai finds 13 million malicious newly observed domains a month | SC Media (scmagazine.com)
Opinion | The Uber Hack Exposes More Than Failed Data Security - The New York Times (nytimes.com)
Cyber security Study Sees “Siloed” Security As Organisational Weak Spot - MSSP Alert
3 types of attack paths in Microsoft Active Directory environments - Help Net Security
97% of enterprises say VPNs are prone to cyber attacks: Study | CSO Online
65% of companies are considering adopting VPN alternatives - Help Net Security
Spoofing cyber attack can make cameras see things that aren’t there | New Scientist
Zero Trust is the Goal But Much Ground Yet to Cover, CompTIA Reports - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.