Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 01 December 2023
Black Arrow Cyber Threat Intelligence Briefing 01 December 2023:
-Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack
-Approach Cyber Security Awareness Training by Engaging People at All Levels
-Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
-Ransomware Attacks Surge 81% in October as New Threat Actors Emerge
-Hacked Microsoft Word Documents Being Used to Trick Windows Users
-Mitigating Deepfake Threats in The Corporate World
-Black Basta Ransomware Made Over $100 Million From Extortion Alone
-Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation
-Booking.com Customers Scammed in Novel Social Engineering Campaign
-Stop Panic Buying Your Security Products and Start Prioritising
-A Fifth of UK SMBs Unable to Spot Scams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Strategic Cyber Stories of the Last Week
Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack
An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.
This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.
Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]
Approach Cyber Security Awareness Training by Engaging People at All Levels
In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.
However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.
Source: [CPO Magazine]
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.
The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.
Sources: [Business Wire] [Silicon UK]
Ransomware Attacks Surge 81% in October as New Threat Actors Emerge
The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.
Source: [Security Brief]
Hacked Microsoft Word Documents Being Used to Trick Windows Users
Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.
Source: [TechRadar]
Mitigating Deepfake Threats in The Corporate World
Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.
Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.
Source: [MSSP Alert]
Black Basta Ransomware Made Over $100 Million From Extortion Alone
The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.
Source: [Bleeping Computer]
Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation
In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.
Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.
Source: [TechRadar]
Booking.com Customers Scammed in Novel Social Engineering Campaign
According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.
Source: [Infosecurity Magazine]
Stop Panic Buying Your Security Products and Start Prioritising
In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.
Source: [Help Net Security]
A Fifth of UK SMBs Unable to Spot Scams
New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire
When does it make sense to pay the ransom? | SC Media (scmagazine.com)
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)
Enterprises prepare for the inevitable cyber attack - Help Net Security
Board Support Critical For Cyber Security Defence | Silicon UK
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Long recovery times after cyber attacks could annihilate your organisation | TechRadar
The Role of the CISO in Digital Transformation (darkreading.com)
Stop panic buying your security products and start prioritizing - Help Net Security
Bridging the risk exposure gap with strategies for internal auditors - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)
Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)
Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)
Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)
How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)
When does it make sense to pay the ransom? | SC Media (scmagazine.com)
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)
Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)
Ransomware Victims
Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette
Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International
Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)
Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)
London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)
British Library contacts users after Rhysida leaks data • The Register
Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News
Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)
GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)
English council spent £1.1 million recovering from ransomware attack (therecord.media)
Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)
Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)
New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd
Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian
Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)
DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)
Top instant money provider service hacked, over a million users possibly affected | TechRadar
Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)
Phishing & Email Based Attacks
Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)
AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)
Organisations can't ignore the surge in malicious web links - Help Net Security
How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)
What custom GPTs mean for the future of phishing - Help Net Security
A reality check on email security threats in healthcare (securitybrief.co.nz)
Artificial Intelligence
Released: AI security guidelines backed by 18 countries - Help Net Security
4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)
CISA and NCSC lead efforts to raise AI security standards • The Register
Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security
AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)
A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online
Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)
Securing generative AI across the technology stack | TechCrunch
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)
What custom GPTs mean for the future of phishing - Help Net Security
8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)
Malware
Implications of “malware free” attacks on SMBs (databreaches.net)
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News
Hacked Microsoft Word documents being used to trick Windows users | TechRadar
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)
LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)
Mobile
NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Cyber pros avoid smart devices: there is a good reason | Cybernews
IoT Security Labeling Improving, But More Collaboration Needed - EE Times
Data Breaches/Leaks
App used by hundreds of schools leaking children's data (securityaffairs.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
Gulf Air exposed to data breach, 'vital operations not affected' | Reuters
General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica
DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)
Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
Leader of Killnet 'unmasked' by Russian state media • The Register
A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)
Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register
How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)
Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch
US imprisons Ukrainian SSNDOB administrator for 8 years • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)
US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)
Insurance
Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)
Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)
Supply Chain and Third Parties
Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)
Telecom Industry Association Advances Supply Chain Security | MSSP Alert
Cloud/SaaS
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News
Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)
Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar
Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)
Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)
Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon
Social Media
Training, Education and Awareness
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
8 Cyber Security Topics to Include in Your Training Program | Proofpoint US
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Regulations, Fines and Legislation
European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)
Released: AI security guidelines backed by 18 countries - Help Net Security
EU considers widening scope of cyber security regulation (finextra.com)
Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)
5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security
False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Information overload puts cyber security at risk (betanews.com)
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
More than half admit to ignoring cyber security alerts (itsecuritywire.com)
Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)
Unhappy network professionals juggling more with less - Help Net Security
Law Enforcement Action and Take Downs
Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)
CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle
Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week
New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)
Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Russia
Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO
North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)
Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)
Leader of Killnet 'unmasked' by Russian state media • The Register
Iran
Pennsylvania water facility hit by Iran-linked hackers | CyberScoop
North Texas water utility serving 2 million hit with cyber attack (therecord.media)
Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium
North Korea
North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar
North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)
US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)
Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week
Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)
Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro
Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security
Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)
Tools and Controls
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
8 Cyber Security Topics to Include in Your Training Program | Proofpoint US
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Long recovery times after cyber attacks could annihilate your organisation | TechRadar
Stop panic buying your security products and start prioritizing - Help Net Security
Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News
Building cyber resilience for tomorrow’s threats - Help Net Security
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)
AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)
Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)
What cyber security pros can learn from first responders (securityintelligence.com)
Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert
Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security
Researcher flags OpenCart security issue, founder rages • The Register
Bridging the risk exposure gap with strategies for internal auditors - Help Net Security
Reports Published in the Last Week
Other News
Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360
Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)
Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week
Implications of “malware free” attacks on SMBs (databreaches.net)
Reading Borough Council apologises for dodgy infosec advice • The Register
Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce
Paris water agency targeted in cyber attack - Emerging Risks Media Ltd
Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)
No plain sailing: modern pirates hack superyachts' cyber security | Euronews
Hackers Hijack Industrial Control System at US Water Utility - Security Week
Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)
CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)
New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18th August 2023
Black Arrow Cyber Threat Intelligence Briefing 18 August 2023:
-Ransomware Group Targeting MSPs Worldwide in New Campaign
-As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
-Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
-Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
-Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
-LinkedIn Suffers Significant Wave of Account Hacks
-High Net-Worth Families are at Risk of Cyber Crime
-Cyber Attack Rule Raises Insurance Risks for Corporate Officers
-PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
-The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
-Why Are Phones a Cyber Security Weak Spot?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Group Targeting MSPs Worldwide in New Campaign
Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.
The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.
Source [Dark Reading]
As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.
Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.
This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.
Sources [WWD] [InfoSecurity Magazine] [CRN]
Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.
Source [ITPro]
Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.
A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.
With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.
Sources [Tech Radar] [Makeuseof]
Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.
Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.
Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]
LinkedIn Suffers Significant Wave of Account Hacks
LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.
With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.
Source [Dark Reading]
High Net-Worth Families are at Risk of Cyber Crime
A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.
A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.
Source [Campdenfb]
Cyber Attack Rule Raises Insurance Risks for Corporate Officers
The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.
Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.
Whilst this is only in the US at the moment, other developed nations are likely to follow suit.
Source [Bloomberg Law]
PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.
The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.
Source [The Guardian]
The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.
A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.
Source [JDSupra]
Why Are Phones a Cyber Security Weak Spot?
Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.
Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.
Source [Tech Shout]
Governance, Risk and Compliance
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru
Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)
Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
4 reasons to understand technology risks when buying a business (businessplus.ie)
Boards Don't Want Security Promises — They Want Action (darkreading.com)
Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)
How threats to mid-sized businesses impact us all - Help Net Security
7 Reasons People Don't Understand What You Tell Them (darkreading.com)
6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)
As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN
Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)
Companies are finding it harder to detect ransomware | TechRadar
Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)
Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW
'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek
Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)
3 strategies that can help stop ransomware before it becomes a crisis | CSO Online
Latitude Financial takes profit hit from major cyber attack | The West Australian
Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)
Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)
HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED
Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)
How to Create a Ransomware Incident Response Plan (techtarget.com)
Ransomware Victims
Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)
Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)
Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)
Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
LockBit claims seven new victims in ransomware spree (techmonitor.ai)
Cyber attack strikes Prince George's County schools, district says - The Washington Post
Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Inside Housing - News - Hackney to procure new IT system after cyber attack
Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)
Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)
Alberta dental benefits administrator hit by cyber attack | Edmonton Sun
Phishing & Email Based Attacks
Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)
If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine
Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)
3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)
Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)
Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)
Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE
Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)
30% of phishing threats involve newly registered domains - Help Net Security
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)
BEC – Business Email Compromise
Artificial Intelligence
Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt
ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)
AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)
New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru
Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine
Navigating generative AI risks and regulatory challenges - Help Net Security
Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Top 10 AI Security Risks According to OWASP (trendmicro.com)
AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)
Cyber security practitioners' generative AI dilemma (iapp.org)
People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)
2FA/MFA
How to prevent multifactor authentication fatigue attacks - SiliconANGLE
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Malware
Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)
Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED
Macs are getting compromised to act as proxy exit nodes - Help Net Security
Malware Dwell Time: Everything You Need to Know (makeuseof.com)
Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)
Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)
Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag
New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)
North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)
Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)
Turns out AI probably isn't very good at writing malware • The Register
Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)
Mobile
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)
3 Mobile or Client-Side Security Myths Debunked (darkreading.com)
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)
Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)
FBI warns of money-stealing fake beta-release mobile apps • The Register
Three reasons why your smartphone needs security protection (securitybrief.co.nz)
Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)
This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch
Botnets
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)
Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)
Data Breaches/Leaks
Electoral Commission had unpatched vulnerability on server • The Register
UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)
UK govt contractor MPD FM leaks employee passport data-Security Affairs
Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)
Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
Man arrested in Northern Ireland police data leak • The Register
teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company
Here’s what you need to do after your personal data is breached (telegraph.co.uk)
Organised Crime & Criminal Actors
Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)
Cyber security researchers become target of criminal hackers | Financial Times (ft.com)
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)
Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)
File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)
How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
Web3 projects suffered from forty-two exploits within a week (coinpaper.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)
“Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)
Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)
The road ahead for ecommerce fraud prevention - Help Net Security
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED
Insurance
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Building Cyber security into the supply chain is essential as threats mount (att.com)
Why the public sector still loves Capita (even though it got hacked) - Tech Monitor
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)
Software Supply Chain
Cloud/SaaS
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing
Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
Containers
Encryption
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
WhatsApp is right to be angry about the UK’s encryption mess | The Spectator
Google adds post-quantum encryption key protection to Chrome • The Register
API
The Evolution of API: From Commerce to Cloud-Security Affairs
How financial services cyber regulations are hotting up for API security (betanews.com)
Open Source
Why a Software Bill of Materials Is Business-Critical - The Futurum Group
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
6 best practices to defend against corporate account takeover attacks | CSO Online
What's the State of Credential theft in 2023? (thehackernews.com)
Building a secure future without traditional passwords - Help Net Security
Are browser-stored passwords secure? | Kaspersky official blog
Passwordless is more than a buzzword among cyber security pros - Help Net Security
More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Social Media
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malvertising
Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser
Malvertisers up their game against researchers (malwarebytes.com)
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Navigating generative AI risks and regulatory challenges - Help Net Security
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra
Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)
How financial services cyber regulations are hotting up for API security (betanews.com)
A closer look at the new TSA oil and gas pipeline regulations - Help Net Security
Models, Frameworks and Standards
Center for Internet Security announces secretive Microsoft partnership | StateScoop
What's New in the NIST Cyber security Framework 2.0 (darkreading.com)
Data Protection
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE
Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)
Vietnam admits massive shortage of infosec pros • The Register
Heavy workloads driving IT professionals to resign - Help Net Security
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)
Law Enforcement Action and Take Downs
Polish police arrest five in swoop on Cyber Crime site - TVN24
Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Sextortion suspects on trial after one victim dies • The Register
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)
Man arrested in Northern Ireland police data leak • The Register
Privacy, Surveillance and Mass Monitoring
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs
Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Suspected spies for Russia held in major UK security investigation - BBC News
Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian
China
Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)
New Zealand says it is aware of China-linked intelligence activity in country | Reuters
China teases imminent exposé of seismic US spying scheme • The Register
Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)
15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan
US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch
Iran
German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)
Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Vulnerabilities
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)
Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)
Magento shopping cart attack targets critical vulnerability • The Register
New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)
Data centers at risk due to flaws in power management software | CyberScoop
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News
Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)
AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar
Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Tools and Controls
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
AI-powered fraud detection: Strengthening security in fintech | The Financial Express
MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)
Evaluate the risks and benefits of AI in cyber security | TechTarget
How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Building a secure future without traditional passwords - Help Net Security
Passwordless is more than a buzzword among cyber security pros - Help Net Security
SEC cyber security rules shape the future of incident management - Help Net Security
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam
Why You Need Continuous Network Monitoring? (thehackernews.com)
CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Other News
Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News
Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)
Government highlights cyber threat to health and social care | UKAuthority
Why is the Education Sector a Target for Cyber Attacks? | UpGuard
Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard
What would an OT cyber attack really cost your organisation? | CSO Online
Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)
Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)
Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)
Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 9th June 2023
Black Arrow Cyber Threat Briefing 09 June 2023:
-74% of Breaches Involve Human Element- Make Employees Your Best Asset
-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
-BEC Volumes and Ransomware Costs Double in a Year
-Hackers are Targeting C-Suite Executives Through Their Personal Email
-Proactive Detection is Crucial as Organisations Lack Effective Threat Research
-Number of Vulnerabilities Exploited Rose by 55%
-Ransomware Behind Most Cyber Attacks, with Record-breaking May
-4 Areas of Cyber Risk That Boards Need to Address
-North Korea Makes 50% of Income from Cyber Attacks
-Going Beyond “Next Generation” Network Security
-Worldwide 2022 Email Phishing Statistics and Examples
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
74% of Breaches Involve Human Element- Make Employees Your Best Asset
Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.
With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.
https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/
https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/
Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.
Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.
https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/
CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.
In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.
Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.
https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says
BEC Volumes and Ransomware Costs Double in a Year
The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.
Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.
https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/
Hackers are Targeting C-Suite Executives Through Their Personal Email
As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.
https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity
Proactive Detection is Crucial as Organisations Lack Effective Threat Research
In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.
https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/
Number of Vulnerabilities Exploited Rose by 55%
A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.
Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.
https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/
https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/
Ransomware Behind Most Cyber Attacks, with Record-breaking May
2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.
4 Areas of Cyber Risk That Boards Need to Address
As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.
To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.
https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address
North Korea Makes 50% of Income from Cyber Attacks
The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.
North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.
They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.
https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/
Going Beyond “Next Generation” Network Security
Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.
Worldwide 2022 Email Phishing Statistics and Examples
Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html
Governance, Risk and Compliance
CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly
CISOs focus more on business strategy than threat research - Help Net Security
Only one in 10 CISOs today are board-ready, study says | CSO Online
Employee cyber security awareness takes centre stage in defence strategies - Help Net Security
The Importance of Managing Your Data Security Posture (thehackernews.com)
How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)
Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
VeeamON 2023: When Your Nightmare Comes True - The New Stack
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
Factors influencing IT security spending - Help Net Security
How to Boost Cyber Security Through Better Communication (securityintelligence.com)
Generative AI's influence on data governance and compliance - Help Net Security
Essential Cyber security Compliance Standards (trendmicro.com)
Threats
Ransomware, Extortion and Destructive Attacks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert
Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)
Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs
Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)
Ransomware Victims
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Ransomware takes down multiple municipalities in May | TechTarget
Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek
Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)
City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)
Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert
Phishing & Email Based Attacks
Fixing email security: It's still a rocky road ahead - SiliconANGLE
Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)
New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)
Consumers overestimate their deepfake detection skills - Help Net Security
Department of Defence AI principles have a place in the CISO’s playbook | CSO Online
Generative AI's influence on data governance and compliance - Help Net Security
Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)
2FA/MFA
Malware
High-profile malware and targeted attacks in Q1 2023 | Securelist
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)
Qakbot: The trojan that just won't go away - Help Net Security
Qbot malware adapts to live another day … and another … • The Register
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)
Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)
Google puts $1M behind its mining-malware detection promise • The Register
Mobile
Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Apple announces next-level privacy and security innovations - Help Net Security
How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)
Botnets
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
Denial of Service/DoS/DDOS
Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)
Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)
Internet of Things – IoT
Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
New York City sues Hyundai, Kia claiming cars easy to steal • The Register
Data Breaches/Leaks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch
Massive free VPN data breach exposes 360M records | Fox News
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
Every Netherlands resident affected by data leak: watchdog | NL Times
German recruiter Pflegia leaks sensitive job seeker info- Security Affairs
What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week
Google puts $1M behind its mining-malware detection promise • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Scammers publish ads for hacking services on government websites | TechCrunch
Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)
A new wave of sophisticated digital fraud hits Europe - Help Net Security
ID fraud a possibility forever, claims data breach lawsuit • The Register
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)
Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)
Virtual claims raise alarms among insurance carriers and customers - Help Net Security
UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian
Impersonation Attacks
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
Deepfakes
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register
Consumers overestimate their deepfake detection skills - Help Net Security
Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)
Insurance
Dark Web
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
What is the dark web and how do you access it? (androidpolice.com)
Supply Chain and Third Parties
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)
Software Supply Chain
SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek
10 security tool categories needed to shore up software supply chain security | CSO Online
Cloud/SaaS
The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Current SaaS security strategies don't go far enough - Help Net Security
Hybrid/Remote Working
Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)
Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru
Surveilling your employees? You could be putting your company at risk of attack - Help Net Security
Shadow IT
Encryption
API
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Hate speech is driving advertisers away from Twitter • Graham Cluley
US government's TikTok ban extended to include contractors • The Register
Training, Education and Awareness
Employee cyber security awareness takes center stage in defense strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
How to Boost Cyber security Through Better Communication (securityintelligence.com)
Embracing realistic simulations in cyber security training programs - Help Net Security
Data Protection
SEC drops 42 cases after staff bungle data protection • The Register
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)
Careers, Working in Cyber and Information Security
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant
North Korean APT group targets email credentials in social engineering campaign | CSO Online
UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
US government's TikTok ban extended to include contractors • The Register
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)
Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register
China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian
Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)
Hostile states face contract ban amid security concerns (thetimes.co.uk)
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek
Vulnerability Management
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Public sector apps show higher rates of security flaws - Help Net Security
Vulnerabilities
Zyxel vulnerability under 'widespread exploitation' | TechTarget
Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)
High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)
Tools and Controls
CISOs focus more on business strategy than threat research - Help Net Security
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Going Beyond “Next Generation” Network Security - Cisco Blogs
Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Factors influencing IT security spending - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
How to Boost Cyber security Through Better Communication (securityintelligence.com)
MoD adopts ‘secure by design’ for cyber security | UKAuthority
Everyone is selling VPNs, and that's a problem for security | Engadget
ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Embracing realistic simulations in cyber security training programs - Help Net Security
The Key to Zero Trust Identity Is Automation (darkreading.com)
What generative AI's rise means for the cyber security industry | TechTarget
Cisco spotlights generative AI in security, collaboration | Network World
10 security tool categories needed to shore up software supply chain security | CSO Online
How to Improve Your API Security Posture (thehackernews.com)
Consolidate Vendors and Products for Better Security - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 January 2022
Black Arrow Cyber Threat Briefing 28 January 2022
-UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News
-Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report
-Ransomware Families Becoming More Sophisticated With Newer Attack Methods
-More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyberattacks
-Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks
-Shipment-Delivery Scams Become the Favoured Way to Spread Malware
-Most Ransomware Infections Are Self-Installed
-Staff Negligence Is Now A Major Reason For Insider Security Incidents
-22 Cyber Security Myths Organisations Need To Stop Believing In 2022
-Android Malware Can Factory-Reset Phones After Draining Bank Accounts
-GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study
-Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News
UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.
The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.
The centre said it was unaware of any specific threats to UK organisations.
It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.
In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.
It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.
"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."
Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.
https://www.bbc.co.uk/news/uk-60158874
Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report
Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.
Hackers made up for some lost time last year.
After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.
All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.
“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”
https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021
Ransomware Families Becoming More Sophisticated With Newer Attack Methods
Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.
The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.
https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/
More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks
Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.
Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.
Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.
Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.
The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.
Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.
Shipment-Delivery Scams Become the Favoured Way to Spread Malware
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.
Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.
The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.
https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/
Most Ransomware Infections Are Self-Installed
New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.
The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.
Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.
The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.
Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.
https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/
Staff Negligence Is Now A Major Reason For Insider Security Incidents
Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.
Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.
When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.
22 Cyber Security Myths Organisations Need To Stop Believing In 2022
Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.
The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.
This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?
Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.
Android Malware Can Factory-Reset Phones After Draining Bank Accounts
A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.
Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.
GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study
Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows
In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.
Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.
The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.
https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study
Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats
Last year Forbes wrote a couple of articles that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem. In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact. Ransomware came on with a vengeance targeting many small and medium businesses.
Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past. Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022. By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.
Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year
Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.
The main areas they are predicting seeing rises in fraud are:
-Buy now, pay never
-Cryptocurrency scams
-Doubling ransomware attacks
-More increases in romance fraud
-Digital elder abuse will rise
https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/
Threats
Ransomware
Ransomware: More Families, More Vulnerabilities, More Weaponry Dominate 2021 - MSSP Alert
Linux Version Of LockBit Ransomware Targets VMware ESXi Servers (bleepingcomputer.com)
BlackCat Ransomware Targeting US, European Retail, Construction And Transportation Orgs | ZDNet
Conti Ransomware Hits Apple, Tesla Supplier - The Record by Recorded Future
Phishing
There's Been A Big Rise In Phishing Attacks Using Microsoft Excel XLL Add-Ins | ZDNet
Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)
Other Social Engineering
Malware
Trickbot Injections Get Harder to Detect & Analyze (darkreading.com)
Log4j: Mirai Botnet Found Targeting ZyXEL Networking Devices | ZDNet
Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (thehackernews.com)
TrickBot Malware Using New Techniques to Evade Web Injection Attacks (thehackernews.com)
Mobile
105 Million Android Users Targeted By Subscription Fraud Campaign (bleepingcomputer.com)
2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan | Ars Technica
New FluBot And TeaBot Campaigns Target Android Devices Worldwide (bleepingcomputer.com)
Latest Version Of Android RAT BRATA Wipes Devices After Stealing Data - Security Affairs
IoT
As IoT Attacks Increase, Experts Fear More Serious Threats (darkreading.com)
Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub (darkreading.com)
19-Year-Old Describes How He Remotely Hacked 25+ Teslas (businessinsider.com)
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Supply Chain
DoS/DDoS
Microsoft Mitigates Largest DDoS Attack 'Ever Reported In History' (bleepingcomputer.com)
Nobel Foundation Site Hit By DDoS Attack On Award Day (bleepingcomputer.com)
CNI, OT, ICS, IIoT and SCADA
Over 20,000 Data Center Management Systems Exposed To Hackers (bleepingcomputer.com)
Energy Sector Still Needs to Shut the Barn Door (darkreading.com)
Nation State Actors
North Korean Hackers Using Windows Update Service to Infect PCs with Malware (thehackernews.com)
Russian APT29 Hackers' Stealthy Malware Undetected For Years (bleepingcomputer.com)
North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (thehackernews.com)
German Intel Warns Of APT27 Targeting Commercial Organisations - Security Affairs
Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign (darkreading.com)
Cloud
Top 5 Cloud Security Data Breaches in Recent Years (makeuseof.com)
Molerats Group Uses Public Cloud Services As Attack Infrastructure - Security Affairs
Privacy
Passwords & Credential Stuffing
65% Of Organisations Continue To Rely On Shared Logins - Help Net Security
Strong Security Starts With The Strengthening Of The Weakest Link: Passwords - Help Net Security
Spyware, Espionage & Cyber Warfare
Vulnerabilities
Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost
Outlook Security Feature Bypass Allowed Sending Malicious Links | SecurityWeek.Com
Attackers Now Actively Targeting Critical SonicWall RCE Bug (bleepingcomputer.com)
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (thehackernews.com)
Apple Fixes New Zero-Day Exploited To Hack macOS, iOS Devices (bleepingcomputer.com)
F5 Fixes 25 Flaws In BIG-IP, BIG-IQ, and NGINX Products - Security Affairs
Sector Specific
Health/Medical/Pharma Sector
Education and Academia
Reports Published in the Last Week
Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)
Other News
Cyber Security: 11 Steps To Take As Threat Levels Increase | ZDNet
Right of Boom: Can Your MSP Really Survive A Cyber Attack? - MSSP Alert
Are You Prepared to Defend Against a USB Attack? (darkreading.com)
VW Fired Senior Employee After They Raised Cyber Security Concerns | Financial Times
Microsoft Outlook RCE Zero-Day Exploits Now Selling For $400,000 (bleepingcomputer.com)
Hackers Are Taking Over CEO Accounts With Rogue OAuth Apps (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.