Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 02 February 2024
Black Arrow Cyber Threat Intelligence Briefing 02 February 2024:
-The Financial Sector Is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift
-The $10 Billion Cyber Insurance Industry Sees a Dangerous Year in Cyber Crime Ahead. AI, Ransomware, and War are its Biggest Concerns
-Microsoft Says Russian Hackers Used Known Identified Tactics to Breach Senior Exec Emails
-Old Methods, New Tricks: Cyber Criminals Are Still Using Social Engineering to Steal Your Credentials
-UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year
-94% of Organisations Would Pay a Ransom, Despite Having ‘Do Not Pay’ Policies, as 79% Faced an Attack in 2023
-Interpol Arrests More than 30 Cyber Criminals in Global Operation
-Divide and Succeed: Splitting IT and Security Makes Business Sense
-Ransomware Groups Gain Clout with False Attack Claims
-Payment Fraud is Hitting Organisations Harder Than Ever Before
-Chinese Hacking Operations Have Entered a Far More Dangerous Phase, US Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
The Financial Sector is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift
A series of interviews with senior cyber executives and decision makers around the world gave insights into the attacks seen in the financial sector. The findings include 77% of financial organisations detecting campaigns to steal non-public market information, 48% falling victim to attacks solely focused on destroying data and 45% of organisations believing they were a victim of an attack which they were unable to detect. The financial sector remains a valuable target for cyber criminals and as such, organisations within this sector must proactively protect themselves.
Source: [PR News Wire]
The $10 Billion Cyber Insurance Industry Sees a Dangerous Year in Cyber Crime Ahead. AI, Ransomware, and War are its Biggest Concerns
A recent report by insurance broker Woodruff Sawyer sheds light on pressing concerns from the perspective of the insurance industry. Amidst ongoing global conflicts and the rise of AI-driven cyber threats, the boundaries between war and cyber attacks are blurring. Insurers are increasingly wary, with many opting not to provide coverage, particularly against war-related risks. The survey reveals a grim outlook, with 56% of clients anticipating a significant increase in cyber risks in 2024, primarily driven by ransomware and war associated threats. The challenge lies in defining and navigating these evolving risks, leaving clients uncertain about their cyber security strategies. Additionally, updated US Securities and Exchange Commission (SEC) rules mandating rapid disclosure of cyber breaches add further complexity to the cyber security landscape, warranting close monitoring by insurers. As cyber threats continue to evolve in a turbulent world, the insurance industry faces unprecedented challenges in safeguarding against cyber risks.
Source: [Fortune]
Microsoft Says Russian Hackers Used Known Identified Tactics to Breach Senior Exec Emails
Hackers allegedly linked to Russia’s Foreign Intelligence Service (SVR) breached a legacy non-production test tenant account in Microsoft last November, before pivoting into their senior executives’ email accounts. Microsoft only discovered the incident on 12 January. In a blog post, Microsoft said that the attackers had used a password spray attack on a limited number of accounts. One of these accounts was a legacy, non-production test account that had elevated access to the Microsoft corporate environment, and the ability to create malicious OAuth applications with access to other corporate mailboxes, leading to them accessing senior executives’ emails. Microsoft has since confirmed that multi-factor authentication was not enabled. Microsoft has previously warned the public about this exact scenario, writing that attackers “compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity.”
Sources: [The Record] [Bleeping Computer]
Old Methods, New Tricks: Cyber Criminals Are Still Using Social Engineering to Steal Your Credentials
2023 showed us that despite all the advancements in cyber security, most threat actors are simply just logging in. To do this an attacker needs credentials, often gained through phishing, the most common social engineering tactic. The emergence and utilisation of artificial intelligence has only made this easier, the point being that now virtually anyone can conduct a sophisticated phishing campaign, and with huge success. But what can organisations do? Focus on their human firewall. Social engineering will remain, and organisations need to ensure that their staff are consistently trained to be vigilant, as well as regular updated training on current trends. Users should ensure that they don’t reuse passwords across accounts, nor use easy to guess passwords or patterns. Users should be encouraged to use password managers to enable better, and more manageable, password hygiene. Where possible, multi factor authentication should be enforced.
Sources: [Security Boulevard] [Beta News] [Security Intelligence]
UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year
The UK government is urging organisations to prioritise cyber threats as a key business risk, on par with financial and legal challenges. They have released new guidelines, the Cyber Governance Code of Practice, aimed at directors and senior leaders to elevate cyber security as a focal point in business operations. The code recommends clear roles and responsibilities, customer protection, and plans to respond to cyber attacks. It also emphasises the need for employees to possess adequate cyber awareness and skills. As cyber security incidents rise, a report found that 77% of financial services organisations have experienced a cyber attack. Other figures also show that 32% of firms have suffered a cyber breach or attack in the past year alone. These guidelines align with the UK Government’s National Cyber Strategy, aiming to protect and promote online security in the country. With the financial sector experiencing underperforming cyber security providers, organisations need to strengthen their anti-fraud defences, possibly incorporating cyber risk ratings for a more robust security posture.
Source: [The Fintech Times]
94% of Organisations Would Pay a Ransom, Despite Having ‘Do Not Pay’ Policies, as 79% Faced an Attack in 2023
A recent study has found that 94% of organisations would pay a ransomware demand, even if they had a ‘do not pay’ policy, in the event of an attack. The study found that 79% had suffered a ransomware related attack in the second half of 2023. When it came to resilience, only 21% had full confidence in their organisation’s cyber resilience and ability to address today’s escalating cyber challenges and threats, and 23% reported that they would need over three weeks to recover data and restore business processes. A common theme in the study was the belief that senior and executive management do not fully understand the serious risks, with only 35% of respondents believing risks were fully understood.
Sources: [Beta News] [ Security Magazine] [MSSP Alert]
Interpol Arrests More than 30 Cyber Criminals in Global Operation
This week, international law enforcement announced that it detained 31 suspected cyber criminals and identified 1,300 malicious servers which were used to conduct phishing attacks and distribute malware. The operation, labelled “Synergia” was in response to “the clear growth, escalation and professionalisation of transnational cyber crime and the need for coordinated action against new cyber threats” Interpol said. Nearly 60 law enforcement agencies and several private companies were involved in the operation.
Sources: [The Record]
Divide and Succeed: Splitting IT and Security Makes Business Sense
Maintaining year-round security hygiene is important to protect both consumers and organisations. Cyber attacks, like the recent one on 23andMe, often exploit vulnerabilities that persist due to incomplete patching and compromised credentials. Many organisations cite time constraints as the primary reason for not updating security features. Ideally, in any organisation, and indeed in all organisations that have reached a level of maturity in this space, security and IT teams should be separate; however, this is not really achievable in many organisations and hence the responsibility to protect ultimately falls on IT teams. Overburdened IT teams, and IT teams whose primary focus is on operational IT, further compound the issue, spending significant time managing data requests and analysing data, leading to cyber security risks. As consumers become more privacy-conscious, businesses must review and adapt their data privacy policies to build trust. Additionally, the growing use of artificial intelligence poses new risks, necessitating the development of company-wide AI policies to protect data privacy. While privacy legislation remains fragmented, staying proactive by updating data privacy policies, understanding data usage, and fortifying cyber security defences is crucial for organisations.
Source: [Digital Journal]
Ransomware Groups Gain Clout with False Attack Claims
A concerning trend is on the rise: fake breach claims by ransomware groups. Cyber criminals are leveraging the dark web and social media to spread misinformation about alleged breaches, triggering unwarranted cyber investigations and generating unwanted, and unwarranted, negative publicity for the alleged victim. Recent incidents involving Technica Corp and Europcar exemplify this growing threat. While these claims often lack credible evidence, they serve as a means for ransomware operators to gain attention and clout in the cyber criminal world. These groups resort to false claims to maintain relevance. Cyber security teams must adapt to this new ransomware misinformation communication strategy and exercise caution when evaluating breach claims.
Source: [Dark Reading]
Payment Fraud is Hitting Organisations Harder Than Ever Before
According to research, 96% of companies in the US were targeted with at least one fraud attempt in the past year. 36% who suffered said the average loss they experienced was more than $1 million and for 25%, this was more than $5 million. The study found misaligned perception as despite the number falling victim, only 5% believed they could not keep up with fraud. Of concern, 75% of C-level finance leaders said they would stop doing business with an organisation that fell victim to payment fraud.
Source: [Help Net Security]
Chinese Hacking Operations Have Entered a Far More Dangerous Phase, US Warns
In the US, the directors of the FBI, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), have stated that China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on critical infrastructure. It was identified that Chinese nation-state actors were planting malware on network routers and other internet-connected devices that, if triggered, could disrupt water, power, rail and other critical services, possibly causing widespread chaos, or even injury or deaths as a result.
Source: [Defense One]
Governance, Risk and Compliance
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Recognizing Security as a Strategic Component of Business (darkreading.com)
Top Five Risks Facing Corporate Boards | The Volkov Law Group - JDSupra
Improving cyber security culture: A priority in the year of the CISO | CSO Online
Top 3 Cyber Security Trends for SME Business Leaders | MSSP Alert
What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard
Divide and succeed: Splitting IT and Security makes business sense - Digital Journal
Strengthening Cyber Security: The rise of the Security Assurance Officer (securitybrief.co.nz)
5 Cyber Security Strategies You Must Embrace to Protect Your Business | Inc.com
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Survey Shows 94% of Companies Would Pay | MSSP Alert
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD (techrepublic.com)
79% of organisations faced a ransomware attack in H2 2023 | Security Magazine
Ransomware Groups Gain Clout With False Attack Claims (darkreading.com)
LockBit remorseless in latest children's hospital attack • The Register
The Ransomware Threat in 2024 is Growing: Report - Security Week
Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register
OpenText Cyber Security Global Ransomware Survey: The Risk Perception Gap | MSSP Alert
The evolution of ransomware: Lessons for the future (securityintelligence.com)
New strain of the Phobos ransomware discovered in VBA script | SC Media (scmagazine.com)
Canadian Man Sentenced to Prison for Ransomware Attacks - Security Week
Ransomware Research Reveals Millions Spent Despite Do Not Pay Policies - IT Security Guru
A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)
Online ransomware decryptor helps recover partially encrypted files (bleepingcomputer.com)
Higher cyber defences lead to higher ransoms, study finds | Cybernews
ICS Ransomware Danger Rages Despite Fewer Attacks (darkreading.com)
Ransomware Victims
ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch
Pentagon investigating theft of sensitive files by ransomware group | CyberScoop
Johnson Controls says ransomware attack cost $27 million, data stolen (bleepingcomputer.com)
New Jersey School District Shut Down by Cyber Attack (darkreading.com)
Cactus ransomware gang claims the Schneider Electric hack (securityaffairs.com)
Schneider Electric Responding to Ransomware Attack, Data Breach - Security Week
Akira ransomware gang says it stole passport scans from Lush • The Register
Kansas public transportation authority hit by ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica
AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)
Artificial Intelligence
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
AI-Powered Attacks and Deepfake Technology Fuel Cyber Attack Concern - IT Security Guru
ChatGPT bug leaked conversations from others in your history (bgr.com)
AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)
Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One
AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week
AI-generated code leads to security issues for most businesses: report | CIO Dive
Assessing and quantifying AI risk: A challenge for enterprises | CSO Online
2FA/MFA
Malware
How the ZeuS Trojan Info Stealer Changed Cyber Security (securityintelligence.com)
FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks (thehackernews.com)
Police disrupt Grandoreiro banking malware operation, make arrests (bleepingcomputer.com)
Threat Actors Using Adult Games To Launch Remcos RAT Attack - Security Boulevard
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware (thehackernews.com)
More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)
Don't believe everything you read - hackers are pushing malware via media, news sites | TechRadar
Mobile
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping - Security Week
More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
There was a 39% surge in data exfiltration cyber attacks in 2023 | Security Magazine
Europcar denies data breach of 50 million users, says data is fake (bleepingcomputer.com)
3.5M exposed in COVID-19 e-passport leak (securityaffairs.com)
Mercedes-Benz accidentally exposed sensitive data, including source code (securityaffairs.com)
FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)
23andMe admits it didn’t detect cyber attacks for months | TechCrunch
Football Australia investigating 'critical data' leak - ESPN
Top 3 Data Breaches of 2023, and What Lies Ahead in 2024 (darkreading.com)
DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)
Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security
Data leak at fintech giant Direct Trading Technologies (securityaffairs.com)
Timex breach leaks employee Social Security numbers | SC Media (scmagazine.com)
Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)
Keenan warns 1.5 million people of data breach after summer cyber attack (bleepingcomputer.com)
Organised Crime & Criminal Actors
ReasonLabs Releases Annual "State of Consumer Cyber Security Report" for 2024 (prnewswire.com)
Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security
Smarter, Meaner, Sneakier: Security Trends for 2024 (trendmicro.com)
How businesses can tackle the cyber crime economy (siliconrepublic.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)
Put People First When Facing Sophisticated Cyber Threats (forbes.com)
Insurance
A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Supply Chain and Third Parties
Supply Chain Security and NIS2: What You Need to Know - Security Boulevard
Third-party risk management best practices and why they matter - Help Net Security
Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)
Cyber criminals embrace smarter strategies, less effort - Help Net Security
Cloud/SaaS
Microsoft Teams phishing pushes DarkGate malware via group chats (bleepingcomputer.com)
'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally (darkreading.com)
Cyber Attacks, AI and Multicloud Hit Cyber Security in 2023 - The New Stack
Why DNS protection should be the first step in hybrid cloud security | TechRadar
Identity and Access Management
Microsoft tells how Russia's Cozy Bear broke into its email • The Register
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)
Linux and Open Source
Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)
White House releases report on securing open-source software | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
Hundreds of network operators’ credentials found circulating in Dark Web (securityaffairs.com)
US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)
Social Media
A tangled mess: Government rules for social media security lack clarity | CyberScoop
Defending Against Corporate Social Media Account Takeovers (databreachtoday.co.uk)
Malvertising
Regulations, Fines and Legislation
ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch
SolarWinds Files Motion to Dismiss SEC Lawsuit (darkreading.com)
What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard
A tangled mess: Government rules for social media security lack clarity | CyberScoop
AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week
The SEC Won't Let CISOs Be: Understanding New SaaS Cyber Security Rules (thehackernews.com)
How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week
UK law could ban Apple security updates across the world in an 'unprecedented overreach' | TechRadar
Models, Frameworks and Standards
Supply Chain Security and NIS2: What You Need to Know - Security Boulevard
NIS2 Directive raises stakes for security leaders - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Wait, infosec isn't a computer science degree requirement? • The Register
The Future Of Cyber Security Is More Human Than You Think (forbes.com)
Law Enforcement Action and Take Downs
Interpol arrests more than 30 cyber criminals in global ‘Synergia’ operation (therecord.media)
US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)
US sanctions 3 for supporting ISIS with cyber security expertise, money transfers - UPI.com
Canada's 'most prolific hacker' jailed for two years (bitdefender.com)
FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Cyber attacks as war crimes | International Bar Association (ibanet.org)
What Are State-Sponsored Cyber Attacks? - Security Boulevard
Satya Nadella Worries About Hackers Causing 'Breakdown of World Order' (businessinsider.com)
Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One
The Cyber Warfare Option Against Hostile States and Groups | National Review
Nation State Actors
China
Chinese hacking operations have entered a far more dangerous phase, US warns - Defense One
FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)
Wray’s stunning warning points to a new age of US vulnerability | CNN Politics
Cyber attacks as war crimes | International Bar Association (ibanet.org)
EU economic security plan eyes China with more defence than offense (qz.com)
Russia
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technicac
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)
Russia hacks Microsoft: It’s worse than you think | Computerworld
Series of Cyber Attacks Hit Ukrainian Critical Infrastructure Organisations (darkreading.com)
Russian 'cyber war' could exploit divisions in Scotland | The Herald (heraldscotland.com)
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets (trendmicro.com)
Russian threat actors dig in, prepare to seize on war fatigue | Security Insider (microsoft.com)
Russian spies impersonating Western researchers in ongoing hacking campaign (therecord.media)
Ukraine's POW Coordination Headquarters restores services after cyber attack (kyivindependent.com)
Ukraine Military Targeted With Russian APT PowerShell Attack (darkreading.com)
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Does CVSS 4.0 solve the exploitability problem? - Help Net Security
Why the Right Metrics Matter When it Comes to Vulnerability Management (thehackernews.com)
Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard
Why organisations need risk-based vulnerability management | TechTarget
Vulnerabilities
Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register
Ivanti Struggling to Hit Zero-Day Patch Release Schedule - Security Week
Ivanti releases patches for old and new VPN zero-days • The Register
45k Jenkins servers exposed to RCE attacks using public exploits (bleepingcomputer.com)
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (thehackernews.com)
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)
CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS (thehackernews.com)
Tools and Controls
Microsoft tells how Russia's Cozy Bear broke into its email • The Register
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)
Multi-factor authentication suffers from three major weaknesses | TechRadar
AI-generated code leads to security issues for most businesses: report | CIO Dive
3 Best Practices to Improve Threat Hunting - Security Boulevard
Assessing and quantifying AI risk: A challenge for enterprises | CSO Online
How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week
Why DNS protection should be the first step in hybrid cloud security | TechRadar
What Is Cyber Threat Hunting? (Definition & How it Works) (techrepublic.com)
The Future Of Cyber Security Is More Human Than You Think (forbes.com)
Reports Published in the Last Week
Other News
How SMBs can lower their risk of cyber attacks and data breaches (bleepingcomputer.com)
FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)
Global critical infrastructure faces relentless cyber activity - Help Net Security
Why the healthcare industry must prioritize cyber resilience | World Economic Forum (weforum.org)
UK says Emirates-backed stake in Vodafone poses national security risk | Vodafone | The Guardian
Israeli Government: Smallest of SMBs Hit Hardest in Cyber Attacks (darkreading.com)
CISA: Vendors must secure SOHO routers against Volt Typhoon attacks (bleepingcomputer.com)
Firmware remains the soft underbelly of banking cyber defence (techmonitor.ai)
Cyber attacks on state and local governments rose in 2023, says CIS report | StateScoop
Fulton County Suffers Power Outages as Cyber Attack Continues (darkreading.com)
The Imperative for Robust Security Design in the Health Industry (darkreading.com)
National cyber security plans lack performance measures and estimated costs, GAO says | CyberScoop
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 December 2023
Black Arrow Cyber Threat Intelligence Briefing 15 December 2023:
-MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
-Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
-Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
-81% of Companies had Malware, Phishing and Password Attacks in 2023
-Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
-Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
-Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
-Ransomware-as-a-Service: The Growing Threat You Can't Ignore
-66% of Employees Prioritise Daily Tasks Over Cyber Security
-Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
-Who Is Responsible for Cyber Security? You.
-Many Popular Websites Still Cling to Password Creation Policies From 1985
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.
Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.
Sources: [ITPro] [Emerging Risks Media Ltd]
Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.
The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.
Sources: [CIR Magazine] [Gartner]
Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.
So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.
Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.
Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]
81% of Companies had Malware, Phishing and Password Attacks in 2023
According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.
Source: [Security Magazine]
Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.
Sources: [Washington Times] [SiliconANGLE]
Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.
The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.
Sources: [NSA] [Dark Reading] [The Register]
Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.
However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.
Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.
Source: [Forbes]
Ransomware-as-a-Service: The Growing Threat You Can't Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.
Source: [Hacker News]
66% of Employees Prioritise Daily Tasks Over Cyber Security
According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.
The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.
Source: [Security Magazine]
Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.
Source: [Security Week]
Who Is Responsible for Cyber Security? You.
Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.
Source: [Forbes]
Many Popular Websites Still Cling to Password Creation Policies From 1985
Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.
The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.
Source: [Help Net Security]
Governance, Risk and Compliance
How C-Level Executives Can Increase Cyber Resilience (forbes.com)
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert
Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal
Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)
Threats
Ransomware, Extortion and Destructive Attacks
UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)
Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)
Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
The end of ransomware payments: how businesses fit into the fight | ITPro
OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
US reveals email addresses used to send ransomware demands • The Register
Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)
Ransomware Victims
Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE
Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)
Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)
BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)
Phishing & Email Based Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
39% of security leaders cite phishing as most feared cyber attack | Security Magazine
Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET
Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)
US reveals email addresses used to send ransomware demands • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Artificial Intelligence
SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
AI in 2024: More business use, more fraud risks | Premium | Compliance Week
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)
Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra
Responsibly Implementing AI, the Unstoppable Force (darkreading.com)
How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)
Malware
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)
Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers
Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)
Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)
Mobile
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Apple Testing New Stolen Device Protection Feature for iPhones - Security Week
Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena
Android barcode scanner app exposes user passwords (securityaffairs.com)
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)
Six of the most popular Android password managers are leaking data | ZDNET
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)
DNA companies should receive severe penalties for losing our data | TechCrunch
Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)
US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)
Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)
2.5m people's data lost in Norton hospital ransomware hit • The Register
Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)
Toyota Financial Services discloses data breach (securityaffairs.com)
DonorView exposes 1M records for unknown time frame • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Organised Crime & Criminal Actors
Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)
Interpol strikes slavers who force people to scam you online • The Register
Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE
Dark web forums reveal next year’s cyber security threats - Digital Journal
Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)
Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)
How cyber criminals are using Wyoming shell companies for global hacks | Reuters
Exploitation of the internet and the mind: How cyber criminals operate | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg
Ledger says attacker conducted phishing attack on former employee - Blockworks
Insider Risk and Insider Threats
66% of employees prioritize daily tasks over cyber security | Security Magazine
Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)
Employees are weaponizing private emails with colleagues | Fortune
Insurance
Supply Chain and Third Parties
UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine
Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)
Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)
Cloud/SaaS
Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)
SAP's attempt to migrate security tools to cloud failed • The Register
Cloud engineer wreaks havoc on bank's network after firing • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Android barcode scanner app exposes user passwords (securityaffairs.com)
Six of the most popular Android password managers are leaking data | ZDNET
Many popular websites still cling to password creation policies from 1985 - Help Net Security
Social Media
Regulations, Fines and Legislation
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
How European countries are implementing new cyber security framework – EURACTIV.com
Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure - Security Week
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch
Government plans to regulate to tackle datacentre threats | Computer Weekly
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Nation State Actors
China
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)
China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post
CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Security Week
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
China warns its geographic data breach puts industry at risk (techinformed.com)
Russia
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)
Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)
Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
Iran
Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
North Korea
Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Adobe Releases Security Updates for Multiple Products | CISA
Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)
Tools and Controls
Attacks abuse Microsoft DHCP to spoof DNS records • The Register
Balancing AI advantages and risks in cyber security strategies - Help Net Security
What is Cyber security threat intelligence sharing (att.com)
The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)
Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)
Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Are business cyber security measures really fit for purpose? - Digital Journal
Which cyber security controls are organisations struggling with? - Help Net Security
Other News
UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Is macOS as secure as its users think? | Kaspersky official blog
The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)
Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)
NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly
Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)
Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Polish train maker denies claims it geofenced trains • The Register
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Cyber criminals continue targeting open remote access products - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 November 2023
Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:
-Cyber Resilience Requires Maturity, Persistence & Board Engagement
-Security is a Process, Not a Tool
-46% of SMBs and Enterprises Have Experienced a Ransomware Attack
-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
-Financial Services still Stubbornly Vulnerable to Cyber Disruption
-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks
-NCSC Warns UK Over Significant Threat to Critical Infrastructure
-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.
Source: [Dark Reading]
Security is a Process, not a Tool
The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.
Source: [Dark Reading]
46% of SMBs and Enterprises Have Experienced a Ransomware Attack
A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.
Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.
Source: [Security Magazine] [IT Business]
Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.
Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.
Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.
Source: [welivesecurity]
67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.
Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.
Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.
Sources: [Tech Radar] [the HR Director]
The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.
This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.
Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Forbes] [Infosecurity Magazine] [ITPro]
Financial Services Still Stubbornly Vulnerable to Cyber Disruption
A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.
According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.
Source: [FTAdviser]
World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks
The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.
Sources: [SC Media] [Bit Defender]
NCSC Warns UK Over Significant Threat to Critical Infrastructure
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.
The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.
They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.
For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.
This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.
Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Sources: [Infosecurity Magazine] [Bleeping Computer]
Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).
Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.
Source: [TechRadar]
Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.
It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CSO Online]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
29% of organisations cite data loss as top security breach result | Security Magazine
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)
Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar
6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
Should cyber security overconfidence be on your threat radar? | TechRadar
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Every Business Owner Should Be Thinking About Improving Online Security | Inc.com
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)
How to withstand the onslaught of cyber security threats - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Law practices and government agencies experience the largest ransomware spikes - Digital Journal
Orgs still losing logs, powerless to speedy ransomware • The Register
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine
Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
The Persistent Menace: Understanding And Combating Ransomware (forbes.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Ransomware tracker: The latest figures [November 2023] (therecord.media)
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)
Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Uncovering the ransomware threat from global supply chains | ITPro
Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Success eludes the International Counter Ransomware Initiative - Help Net Security
New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)
How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)
Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)
New approaches to fighting ransomware are emerging | Mimecast
FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK
FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)
FBI pumping 'significant' resources into Scattered Spider • The Register
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)
It ain’t what you store, it’s the way you restore it. • The Register
Ransomware Victims
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
How a cyber attack crippled the world's largest bank for hours | Euronews
ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)
FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)
Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)
Tri-City Medical Center cyber attack impacting patient care (10news.com)
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
LockBit leaks Boeing files after failed ransom negotiations • The Register
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
British Library’s Halloween cyber scare was ransomware | Computer Weekly
Royal Mail ransomware recovery to cost at least $12 million • The Register
9 million patients had data stolen after US medical transcription firm hacked | TechCrunch
Clorox CISO flushes self after multimillion-dollar attack • The Register
Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)
Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News
Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week
Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)
Stellantis production affected by cyber attack at auto supplier - The Columbian
Phishing & Email Based Attacks
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)
Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)
Artificial Intelligence
UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)
UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK
AI disinformation campaigns pose major threat to 2024 elections - Help Net Security
Microsoft blocks internal access to ChatGPT over security • The Register
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)
How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker
Malware
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Infostealers and the high value of stolen data - Help Net Security
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
Ducktail Malware Targets the Fashion Industry (darkreading.com)
Mobile
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
How to spot a fake data blocker that could hack your computer in seconds | ZDNET
Denial of Service/DoS/DDOS
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online
How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)
Internet of Things – IoT
How to protect your organisation from IoT malware | TechTarget
Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)
Data Breaches/Leaks
Infostealers and the high value of stolen data - Help Net Security
29% of organisations cite data loss as top security breach result | Security Magazine
McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)
Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)
Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)
Fourth time unlucky: Okta hit by new cyber attack - Digital Journal
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
The real cost of healthcare cyber security breaches - Help Net Security
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)
Samsung warns some customers their data may have been stolen by hackers | TechRadar
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)
Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)
Morgan Stanley fined over computers with personal data (cnbc.com)
Samsung says hackers accessed customer data during year-long breach | TechCrunch
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED
Organised Crime & Criminal Actors
Russian admits building now-dismantled IPStorm proxy botnet • The Register
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ethereum hacked to steal millions from users across the world | TechRadar
Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)
Insider Risk and Insider Threats
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Insurance
Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News
Supply Chain and Third Parties
Uncovering the ransomware threat from global supply chains | ITPro
How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)
Cloud/SaaS
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
Traditional cloud security isn't up to the task - Help Net Security
Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security
Identity and Access Management
Encryption
The new frontier in online security: Quantum-safe cryptography (techxplore.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
TETRA encryption algorithms entering the public domain • The Register
Passwords, Credential Stuffing & Brute Force Attacks
70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)
Google Workspace security flaws could see hackers easily snaffle your password | TechRadar
Stop using weak passwords for streaming services - it's riskier than you think | ZDNET
The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot
Social Media
Meta and YouTube face criminal surveillance complaints • The Register
How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)
Malvertising
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
Training, Education and Awareness
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Regulations, Fines and Legislation
EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)
Meta and YouTube face criminal surveillance complaints • The Register
SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)
Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Clorox CISO flushes self after multimillion-dollar attack • The Register
Morgan Stanley fined over computers with personal data (cnbc.com)
White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop
Models, Frameworks and Standards
What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra
Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security
Backup and Recovery
Data Protection
Web browsing data collected in more detail than previously known, report finds (ft.com)
Online ad auction data harms national security – claim • The Register
Careers, Working in Cyber and Information Security
The challenges and opportunities of working in cyber security | TechRadar
How US SEC legal actions put CISOs at risk and what to do about it | CSO Online
Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)
Russian admits building now-dismantled IPStorm proxy botnet • The Register
European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity
Cyber Warfare and Cyber Espionage
NCSC Annual Review on 'state-aligned actors' | Professional Security
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com
Nation State Actors
China
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
ICBC/ransomware: China’s cyber security industry moves out of the shadows
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Labour warns against watering down of UK’s takeover screening powers
Russia
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)
Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert
EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)
Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)
Iran
North Korea
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)
Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerabilities
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)
Adobe Releases Security Updates for Multiple Products | CISA
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)
SAP Patches Critical Vulnerability in Business One Product - Security Week
Critical flaw fixed in SAP Business One product (securityaffairs.com)
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)
An email vulnerability let hackers steal data from governments around the world (engadget.com)
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)
Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr
Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)
Tools and Controls
Building resilience to shield your digital transformation from cyber threats - Help Net Security
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Web Application Attacks | Types of Web Application Attacks | Mimecast
Traditional cloud security isn't up to the task - Help Net Security
National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
NCSC backs use of security.txt for cyber resilience | UKAuthority
New approaches to fighting ransomware are emerging | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
The new imperative in API security strategy - Help Net Security
How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)
Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)
Threat Intel: To Share or Not to Share is Not the Question - Security Week
As perimeter defences fall, the identify-first approach steps into the breach | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics
Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs
Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)
Kubernetes adoption creates new cyber security challenges - Help Net Security
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Hundreds of websites cloned to run ads for Chinese gambling • The Register
AI helps leaders optimize costs and mitigate risks - Help Net Security
It ain’t what you store, it’s the way you restore it. • The Register
Reports Published in the Last Week
Other News
'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT
National security at risk from web browsing data collection, report finds (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Collaborative strategies are key to enhanced ICS security - Help Net Security
Web Application Attacks | Types of Web Application Attacks | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 October 2023
Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:
-More Companies Adopt Board-Level Cyber Security Committees
-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
-More Than 46 Million Potential Cyber Attacks Logged Every Day
-Fighting Cyber Attacks Requires Top-Down Approach
-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023
-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
-How Cyber Security Has Evolved in The Past 20 Years
-Rising Global Tensions Could Portend Destructive Hacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Companies Adopt Board-Level Cyber Security Committees
In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.
Source: [Decipher]
Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.
Sources: [Dark Reading] [SC Magazine] [Reinsurance News]
Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.
Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]
More Than 46 Million Potential Cyber Attacks Logged Every Day
New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.
Sources: [Evening Standard] [Proactive] [The Independent]
Fighting Cyber Attacks Requires Top-Down Approach
Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.
Source: [Chief Investment Officer]
Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023
The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.
Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [Security Magazine] [MSSP Alert] [TechRadar]
98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.
Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]
48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Security Magazine]
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.
We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.
Source: [Dark Reading]
How Cyber Security Has Evolved in The Past 20 Years
Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.
The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.
Source: [Forbes]
Rising Global Tensions Could Portend Destructive Hacks
Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.
Source: [Info Risk Today]
Governance, Risk and Compliance
Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
How to establish a great security awareness culture (att.com)
More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)
Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)
SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)
AI-related security fears drive 2024 IT spending - Help Net Security
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Threats
Ransomware, Extortion and Destructive Attacks
SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)
Ransomware is threatening more businesses than ever before | TechRadar
Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)
Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)
Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)
Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist
Five things organisations don’t consider before a ransomware attack | TechRadar
Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR
Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)
BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)
Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg
Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)
Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News
Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware Victims
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week
US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)
Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)
American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)
Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)
Cyber crims leak patient pics in low blow bid to win ransom • The Register
Phishing & Email Based Attacks
Over 200 million malicious emails were detected in Q3 2023 | Security Magazine
Watch out - that QR code could just be a phishing scam | TechRadar
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Email security threats are more dangerous than ever - here's what you need to know | TechRadar
What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert
The US released popular phishing techniques | Inquirer Technology
Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE
Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
AI-related security fears drive 2024 IT spending - Help Net Security
Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly
Governments, firms should spend more on AI safety, top researchers say | Reuters
Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)
Businesses ignorant to gen AI security threats suggests research (ship-technology.com)
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Oops! When tech innovations create new security threats | CSO Online
2FA/MFA
Malware
Hackers are using an incredibly sneaky trick to hide malware | Digital Trends
Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)
Dangerous new malware can crack encrypted USB drives | TechRadar
'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Mobile
Android trojan spotted in the wild can record audio and phone calls | ZDNET
Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News
Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)
Android adware apps on Google Play amass two million installs (bleepingcomputer.com)
Denial of Service/DoS/DDOS
This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)
Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Okta says hackers breached its support system and viewed customer files | Ars Technica
Okta support system breach highlights need for strong MFA policies | CSO Online
1Password suffers cyber security incident after latest Okta breach - Tech Monitor
Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)
Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)
City of Philadelphia discloses data breach after five months (bleepingcomputer.com)
500k Irish National Police records exposed by third party • The Register
The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)
Organised Crime & Criminal Actors
More than 500 potential cyber attacks logged every second, BT says | The Independent
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insider Risk and Insider Threats
Forget the outside hacker, the bigger threat is inside • The Register
Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Fraud, Scams & Financial Crime
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)
Online scammers target desperate loan seekers using online fraud | TechRadar
Christmas scams to watch out for this festive season (nationalworld.com)
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Deepfakes
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insurance
Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)
Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra
Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Passwords, Credential Stuffing & Brute Force Attacks
Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)
'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)
Social Media
Malvertising
Training, Education and Awareness
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Regulations, Fines and Legislation
Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
UK government finalises IoT cyber security requirements - Lexology
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)
Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
‘I’m looking for fewer ways to be traceable, not more’ | Financial Times
Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)
ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)
International Criminal Court attack was targeted and sophisticated (securityaffairs.com)
Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)
It's Time to Establish the NATO of Cyber Security (darkreading.com)
War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360
International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
Geopolitical Threats/Activity
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
China
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)
Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live
Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)
Russia
Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International
Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)
Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)
Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert
France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Ex-NSA techie admits to selling state secrets to Russia • The Register
Iran
North Korea
Vulnerability Management
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Vulnerabilities
Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)
Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly
Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs
Cisco hackers likely taking steps to avoid identification | Computer Weekly
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)
Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week
The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Apple Ships Major iOS, macOS Security Updates - Security Week
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica
ServiceNow quietly fixes 8-year-old data exposure flaw • The Register
Tools and Controls
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber attack response plans need to be in place to avoid chaos - FreightWaves
NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online
What is Network Segmentation? Virtual & Physical Segmentation | UpGuard
AI-related security fears drive 2024 IT spending - Help Net Security
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)
Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)
Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)
Cyber security concerns grow among physical security professionals | Security Magazine
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Other News
MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online
Strategies to overcome cyber security misconceptions - Help Net Security
UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online
5 important cyber security takeaways for law firms - Lawyers Weekly
How Cyber Security Has Evolved In The Past 20 Years (forbes.com)
Oops! When tech innovations create new security threats | CSO Online
Spooky Cyber Statistics And Trends You Need To Know (forbes.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Proactively preventing your company from becoming the next cyber attack headline (betanews.com)
Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon
Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review
OT cyber attacks proliferating despite growing cyber security spend - Help Net Security
Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)
What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)
Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 January 2023
Black Arrow Cyber Threat Briefing 27 January 2023:
-Supply Chain Attacks Caused More Data Compromises Than Malware
-What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks
-Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems
-Cyber Security Pros Sound Alarm Over Insider Threats
-Ransomware Attack Hit KFC and Pizza Hut Stores in the UK
-Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security
-Why CISOs Make Great Board Members
-View From Davos: The Changing Economics of Cyber Crime
-Cloud Based Networks Under Increasing Attack, Report Finds
-GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key
-State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns
-3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Supply Chain Attacks Caused More Data Compromises Than Malware
According to the Identity Theft Resource Center, data compromises steadily increased in the second half of 2022 and cyber attacks remained the primary source of data breaches.
The number of data breaches resulting from supply chain attacks exceeded malware related compromises in 2022 by 40%. According to the report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyber attacks affected 4.3 million people.
https://www.helpnetsecurity.com/2023/01/26/data-compromises-2022/
What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks
According to the United States’ FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only $50 million of those losses.
Small and medium-sized businesses (SMBs) are especially vulnerable to this form of attack and BEC’s contribution to annual cyber losses not only makes sense but is also likely underreported.
In stark contrast to highly disruptive ransomware attacks, BEC is subversive and is neither technically complicated nor expensive to deploy. In the case of large organisations, the financial fallout of BEC is almost negligible. That’s not the case for small and medium-sized businesses, which often lack the means to absorb similar financial losses.
BEC’s simplicity gives more credence for attackers to target smaller organisations, and because of that, it’s doubly essential for SMBs to be vigilant.
Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems
It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organisations need to be more pragmatic when it comes to remediating vulnerabilities, particularly when it comes to prioritisation.
Attack surfaces constantly evolve and change as new applications are developed, old systems are decommissioned, and new assets are registered. Also, more and more organisations are moving towards cloud-hosted infrastructure, which changes the risk and responsibility for securing those assets. Therefore, it is essential to carry out continuous or regular assessments to understand what systems are at risk, instead of just taking a point-in-time snapshot of how the attack surface looks at that moment.
The first step would be to map “traditional” asset types – those easily associated with an organisation and easy to monitor, such as domains and IP addresses. Ownership of these assets can be easily identified through available information (e.g., WHOIS data). The less traditional asset types (such as GitHub repositories) aren’t directly owned by the organisation but can also provide high-value targets or information for attackers.
It’s also important to understand which technologies are in use to make sound judgements based on the vulnerabilities relevant to the organisation. For example, out of one hundred vulnerabilities released within one month only 20% might affect the organisation’s technologies.
Once organisations have a good understanding of which assets might be at risk, context and prioritisation can be applied to the vulnerabilities affecting those assets. Threat intelligence can be utilised to determine which vulnerabilities are already being exploited in the wild.
What is then the correct answer for this conundrum? The answer is that there is no answer! Instead, organisations should consider a mindset shift and look towards preventing issues whilst adopting a defence-in-depth approach; focus on minimising impact and risk by prioritising assets that matter the most and reducing time spent on addressing those that don’t. This can be achieved by understanding your organisation’s attack surface and prioritising issues based on context and relevance.
https://www.helpnetsecurity.com/2023/01/24/understanding-your-attack-surface/
Cyber Security Pros Sound Alarm Over Insider Threats
Gurucul, a security information and event management (SIEM) solution provider, and Cyber security Insiders, a 600,000-plus member online community for information security professionals, found in their annual 2023 Insider Threat Report that only 3% of respondents surveyed are not concerned with insider risk.
Among all potential insiders, cyber security professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), regular employees (55%), and privileged business users (53%).
The research also found that more than half of organisations in the study had been victimised by an insider threat in the past year. According to the data, 75% of the respondents believe they are moderately to extremely vulnerable to insider threats, an 8% spike from last year. That coincided with a similar percentage who said attacks have become more frequent, with 60% experiencing at least one attack and 25% getting hit by more than six attacks.
Ransomware Attack Hit KFC and Pizza Hut Stores in the UK
Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands. In a statement dated 18 January 2023, Yum! confirmed that unnamed ransomware had impacted some of its IT infrastructure, and that data had been exfiltrated by hackers from its servers. However, although an investigation into the security breach continues, the company said that it had seen no evidence that customer details had been exposed.
What has not yet been made public, and may not even be known to those investigating the breach, is how long hackers might have had access to the company's IT infrastructure, and how they might have been able to gain access to what should have been a secure system. Yum! has also not shared whether it has received a ransom demand from its attackers, and if it did how much ransom was demanded, and whether it would be prepared to negotiate with its extortionists.
Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security
Under rules first proposed in 2022 but expected to be finalised as soon as April 2023, publicly traded companies in the US that determine a cyber incident has become “material”, meaning it could have a significant impact on the business, must disclose details to the SEC and investors within four business days. That requirement would also apply “when a series of previously undisclosed, individually immaterial cyber security incidents has become material in the aggregate.
The SEC’s rules will also require the boards of those companies to disclose significant information on their security governance, such as how and when it exercises oversight on cyber risks. That info includes identifying who on the board (or which subcommittee) is responsible for cyber security and their relevant expertise. Required disclosures will also include how often and by which processes board members are informed and discuss cyber risk. The former cyber adviser to the SEC commented that “The problem we have with the current cyber security ecosystem is that it’s very focused on technical mitigation measures and does not contemplate these business, operational, [or] financial factors.”
Whilst this only impacts US firms, we can expect other jurisdictions to follow suit.
Why CISOs Make Great Board Members
Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. The past three years created a perfect storm situation with lasting consequences for how we think about cyber security, and as a result cyber security technologies and teams have shifted from being viewed as a cost centre to a business enabler.
Gartner predicts that by 2025, 40% of companies will have a dedicated cyber security committee. Who is better suited than a CISO to lead that conversation? Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. CISOs can provide advice on moving forward with digital change initiatives and help companies prepare for the future. They can explain the organisation’s risk posture, including exposure related to geopolitical conflict as well as to new business initiatives and emerging threats, and what can be done to mitigate risk.
Lastly, the role of the CISO has evolved from being a risk metrics presenter to a translator of risk to the business. Therefore, the expertise CISOs have developed in recent years in how to explain risk to the board makes them valuable contributors to these conversations. They can elevate the discussion to ensure deep understanding of the trade-offs between growth and risk, enable more informed decision-making, and serve as guardrails for total business alignment.
https://www.securityweek.com/why-cisos-make-great-board-members/
View From Davos: The Changing Economics of Cyber Crime
Cyber crime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetisation of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.
The motive for cyber crime is clear: to steal money, but the digital nature of cyber crime makes the opportunity uniquely attractive, due to the following:
· Cryptocurrency makes online extortion, trading illicit goods and services, and laundering fraudulent funds highly anonymous and usually beyond the reach of financial regulators or inspection
· There isn't enough fear of getting caught for cyber crime.
· With the explosion in spending on digital transformation, data is the new gold and it is incredibly easy to steal, due to lapses in basic hygiene like encrypting data-at-rest and in-transit or limiting access to only authorised users.
· Paying extortion through extensive cyber insurance policies only feeds the ransomware epidemic by incentivising further crime, as noted by the FBI.
Fighting cyber crime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioural, and economic elements necessary to manage the reality of ever-growing cyber crime as a predictable and manageable cyber risk.
https://www.darkreading.com/edge-articles/view-from-davos-the-changing-economics-of-cybercrime
Cloud Based Networks Under Increasing Attack, Report Finds
As enterprises around the world continue to move to the cloud, cyber criminals are following right behind them. There was a 48 percent year-over-year jump in 2022 in cyber attacks on cloud-based networks, and it comes at a time when 98 percent of global organisations use cloud services, according to Check Point. The increases in cyber attacks were experienced in various regions, including Asia (with a 60 percent jump), Europe (50 percent), and North America (28 percent) according to a report by Checkpoint last week.
Check Point explained that "The rise in attacks on the cloud was driven both by an overall increase in cyber attacks globally (38 percent overall in 2022, compared to 48 percent in the cloud) and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact,". Later, Checkpoint highlighted that human error is a significant factor in the vulnerability of cloud-based networks.
The report highlighted the need for defence capabilities in the cloud to improve. According to Check Point, this means adopting zero-trust cloud network security controls, incorporating security and compliance earlier in the development lifecycle, avoiding misconfigurations, and using tools such as an intrusion detection and prevention systems and next-generation web application firewalls. As commented by Check Point “it is still up to the network and security admins to make sure all their infrastructure is not vulnerable.
https://www.theregister.com/2023/01/20/cloud_networks_under_attack/
GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key
On 2022-11-30, GoTo informed customers that it had suffered “a security incident”, summarising the situation as follows:
“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”
Two months later, GoTo has come back with an update, and the news isn’t great:
“[A] threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.”
The company also noted that although MFA settings for some Rescue and GoToMyPC customers were stolen, their encrypted databases were not.
State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns
Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday. The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.
Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other NATO countries.
The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.
NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.
The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.
3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale
A member of a hacker forum going by the name IntelBroker, has offered a database allegedly containing the personal information of 3.7 million people participating in the Hilton Hotels Honors program. According to the actor, the data in question includes personally identifying information such as name, address and Honors IDs. According to the Hilton Hotel, no guest login credentials, contacts, or financial information have been leaked.
https://informationsecuritybuzz.com/3-7-millions-customers-data-hilton-hotel-up-for-sale/
Threats
Ransomware, Extortion and Destructive Attacks
Rebranded Ransomware Crews Spike Number of Hijacking Incidents in Q4 2022 - MSSP Alert
The Unrelenting Menace of the LockBit Ransomware Gang | WIRED
Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)
FBI hacked into Hive ransomware gang, disrupted operations | TechTarget
Ransomware victims are refusing to pay, tanking attackers’ profits | Ars Technica
Vice Society Ransomware Group Targets Manufacturing Companies (trendmicro.com)
New Mimic ransomware abuses ‘Everything’ Windows search tool (bleepingcomputer.com)
Contractor error led to Baltimore schools ransomware attack | TechTarget
LAUSD says Vice Society ransomware gang stole contractors’ SSNs (bleepingcomputer.com)
Riot Games receives ransom demand from hackers, refuses to pay (bleepingcomputer.com)
Phishing & Email Based Attacks
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
ChatGPT is a bigger threat to cyber security than most realize - Help Net Security
Yahoo Most Faked Brand Name in Phishing Attempts by Threat Actors in Q4 2022 - MSSP Alert
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)
Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Malware
BlackBerry: Threat Actors Launch A Unique Malware Sample Every Minute - MSSP Alert
Consumers Face Greater Risks from Malware but Many are Unprepared and Vulnerable - MSSP Alert
New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)
ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn (darkreading.com)
Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)
ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)
Microsoft plans to kill malware delivery via Excel XLL add-ins (bleepingcomputer.com)
Hackers use Golang source code interpreter to evade detection (bleepingcomputer.com)
Emotet Malware Makes a Comeback with New Evasion Techniques (thehackernews.com)
'DragonSpark' Malware: East Asian Cyber Attackers Create an OSS Frankenstein (darkreading.com)
Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)
Mobile
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)
New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)
Pair of Galaxy App Store Bugs Offer Cyber Attackers Mobile Device Access (darkreading.com)
Google to phase out legacy apps with Android 14 to improve security - GSMArena.com news
Botnets
Denial of Service/DoS/DDOS
Why a hybrid approach can help mitigate DDoS attacks | SC Media
Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)
Internet of Things – IoT
Nice smart device – how long does it get software updates? • The Register
Why British homes are at risk from ‘Trojan Horse’ smart devices (telegraph.co.uk)
Why most IoT cyber security strategies give zero hope for zero trust - Help Net Security
Data Breaches/Leaks
Companies impacted by Mailchimp breach warn their customers - Security Affairs
LastPass owner GoTo says hackers stole customers’ backups | TechCrunch
GoTo warns customers of crypto key and backup heist • The Register
3.7 Million Customers Data Of Hilton Hotels Put Up For Sale (informationsecuritybuzz.com)
QUT confirms personal data of thousands of staff compromised in cyber attack - ABC News
Riot Games hacked, now it faces problems to release content - Security Affairs
ICE releases asylum seekers after exposing their data • The Register
Hacker Gets Hands on No-Fly List of Alleged Terrorist Suspects (gizmodo.com)
Risk & Repeat: Breaking down the LastPass breach | TechTarget
T-Mobile Cyber Attack Spurs Law Firm Investigation - MSSP Alert
Risk & Repeat: Another T-Mobile data breach disclosed | TechTarget
Entire US "No Fly List" Exposed Online Via Unsecured Server (informationsecuritybuzz.com)
Near-Record Year for US Data Breaches in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Zacks data breach impacted hundreds of thousands of customers - Security Affairs
French rugby club Stade Français leaks source code - Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)
Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)
P-to-P fraud most concerning cyber threat in 2023: CSI | CSO Online
Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt
Insurance
4 tips to find cyber insurance coverage in 2023 | TechTarget
Insurers in talks on adding state-backed cyber to UK reinsurance scheme | Financial Times (ft.com)
Cyber Security Posture & Insurance Outlook with Advisen (trendmicro.com)
Dark Web
Software Supply Chain
Cloud/SaaS
Report: Cloud-based networks under growing attack • The Register
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts (darkreading.com)
Attack Surface Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)
Social Media
Malvertising
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)
Google Ads invites being abused to push spam, adult sites (bleepingcomputer.com)
Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)
Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages (thehackernews.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
View from Davos: The Changing Economics of Cyber Crime (darkreading.com)
Awareness Training Must Change | CSA (cloudsecurityalliance.org)
Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)
Organisations Must Brace for Privacy Impacts This Year (darkreading.com)
Data Protection
Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register
ICO Offers Data Protection Advice to SMBs - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)
Can't Fill Open Positions? Rewrite Your Minimum Requirements (darkreading.com)
Veterans bring high-value, real-life experience as potential cyber security employees | CSO Online
Dozens of Cyber Security Companies Announced Layoffs in Past Year - SecurityWeek
Law Enforcement Action and Take Downs
FBI hacked into Hive ransomware gang, disrupted operations | TechTarget
Dutchman Detained for Dealing Details of Tens of Millions of People (darkreading.com)
Dutch suspect locked up for alleged personal data megathefts – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Organisations Must Brace for Privacy Impacts This Year (darkreading.com)
Scientists use Wi-Fi routers to see humans through walls | ZDNET
Most consumers would share anonymised personal data to improve AI products - Help Net Security
Artificial Intelligence
ChatGPT is a bigger threat to cyber security than most realize - Help Net Security
Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)
Chat Cyber Security: AI Promises a Lot, but Can It Deliver? (darkreading.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
UK authorities warn of phishing from Iran, Russia • The Register
Armis State of Cyberwarfare and Trends Report - IT Security Guru
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
“Pegasus” lifts the lid on a sophisticated piece of spyware | The Economist
North Korea-linked TA444 turns to credential harvesting activity - Security Affairs
Nation State Actors
Nation State Actors – Russia
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
UK authorities warn of phishing from Iran, Russia • The Register
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)
Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)
Nation State Actors – China
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Extent of reported CVEs overwhelms critical infrastructure asset owners - Help Net Security
Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)
Trained developers get rid of more vulnerabilities than code scanning tools - Help Net Security
New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch - SecurityWeek
Halo Security unveils KEV feature to improve attack surface visibility - Help Net Security
Vulnerabilities
Crims can still exploit this NSA-discovered Microsoft bug • The Register
75k WordPress sites impacted by critical online course plugin flaws (bleepingcomputer.com)
Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)
Chrome 109 update addresses six security vulnerabilities - Security Affairs
Microsoft urges admins to patch on-premises Exchange servers (bleepingcomputer.com)
Drupal Patches Vulnerabilities Leading to Information Disclosure | SecurityWeek.Com
Critical Vulnerabilities Patched in OpenText Enterprise Content Management System | SecurityWeek.Com
Around 19,500 end-of-life Cisco routers exposed to hack - Security Affairs
In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences | SecurityWeek.Com
Apple patches are out – old iPhones get an old zero-day fix at last! – Naked Security (sophos.com)
Apple Patches WebKit Code Execution in iPhones, MacBooks - SecurityWeek
Crooks are already exploiting this bug in old iPhones • The Register
Logfile nightmare deepens thanks to critical VMware flaws • The Register
Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)
Realtek SDK flaw CVE-2021-35394 actively exploited in the wild- Security Affairs
Lexmark warns of RCE bug affecting 100 printer models, PoC released (bleepingcomputer.com)
Crims can still exploit this NSA-discovered Microsoft bug • The Register
Tools and Controls
Is Once-Yearly Pen Testing Enough for Your Organisation? (thehackernews.com)
LastPass owner GoTo says hackers stole customers’ backups | TechCrunch
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)
Companies Struggle With Zero Trust as Attackers Adapt to Get Around It (darkreading.com)
Federal Agencies Infested by Cyber Attackers via Legit Remote Management Systems (darkreading.com)
Why a hybrid approach can help mitigate DDoS attacks | SC Media
Steps To Planning And Implementation Of Endpoint Protection (informationsecuritybuzz.com)
Other News
Hackers can make computers destroy their own chips with electricity | New Scientist
Scientists use Wi-Fi routers to see humans through walls | ZDNET
Microsoft 365 outage takes down Teams, Exchange Online, Outlook (bleepingcomputer.com)
Lessons Learned from the Windows Remote Desktop Honeypot Report (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 October 2022
Black Arrow Cyber Threat Briefing 07 October 2022:
-Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack
-Former Uber Security Chief Convicted of Covering Up Data Breach
-First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos
-Email Defences Under Siege: Phishing Attacks Dramatically Improve
-Remote Services Are Becoming an Attractive Target for Ransomware
-Growing Reliance on Cloud Brings New Security Challenges
-Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data
-Ransomware Group Bypasses "Enormous" Range of EDR Tools
-MS Exchange Zero-Days: The Calm Before the Storm?
-Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk
-Secureworks Finds Network Intruders See Little Resistance
-Regulations, Laws and Accountability are Changing the Cyber Security Landscape
-This Year’s Biggest Cyber Threats
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.”
“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded,” said a Lloyd’s spokesperson.
The company did not comment on whether or not it has been contacted by hackers, if a ransom demand has been issued, or on the possible source of the attack.
However, the insurance market has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine – a potential motive for the attack. Lloyd’s itself has confirmed it was working closely with British and international governments to implement such sanctions.
Around 100 insurance syndicates operate at Lloyd's.
Earlier in 2022, Lloyd’s instructed its 76 insurance syndicates to remove “nation-state-backed cyber attacks” from insurance policies by March 2023, as well as losses “arising from a war.”
https://www.infosecurity-magazine.com/news/lloyds-possibly-hit-by-cyberattack/
Former Uber Security Chief Convicted of Covering Up Data Breach
Uber’s former head of security has been convicted of covering up a 2016 data breach at the rideshare giant, hiding details from US regulators and paying off a pair of hackers in return for their discretion.
The trial, closely watched in cyber security circles, is believed to be the first criminal prosecution of a company executive over the handling of a data breach.
Joe Sullivan, who was fired in 2017 over the incident, was found guilty by a San Francisco jury of obstructing an investigation by the Federal Trade Commission. At the time of the 2016 breach, the regulator had been investigating the car-booking service over a different cyber security lapse that had occurred two years earlier.
Jurors also convicted Sullivan of a second count related to having knowledge of but failing to report the 2016 breach to the appropriate government authorities. The incident eventually became public in 2017 when Dara Khosrowshahi, who had just taken over as chief executive, disclosed details of the attack.
Prosecutors said Sullivan had taken steps to make sure data compromised in the attack would not be revealed. According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that exposed the personal information of almost 60mn drivers and riders on the platform.
https://www.ft.com/content/051af6a1-41d1-4a6c-9e5a-d23d46b2a9c9
First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos
Cyber security professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organisations.
A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.
Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.
"Organisations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organisations during an incident, because those organisations were not prepared for the crisis that occurs. These attacks happen every day."
The IBM Security-funded study underscores why the cyber security community has focused increasingly on the mental health of its members. About half (51%) of cyber security defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cyber security executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.
Email Defences Under Siege: Phishing Attacks Dramatically Improve
This week's report that cyber attackers are laser-focused on crafting attacks specialised to bypass Microsoft's default security showcases an alarming evolution in phishing tactics, security experts said this week.
Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defences, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They're also doing more targeting and research on victims.
As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft's platform defences and landed in workers' inboxes in 2022, a rate that increased 74% compared to 2020, according to research published by cyber security firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.
The increasing capabilities of attackers is due to the better understanding of current defences, says Avanan, an email security firm acquired by Check Point in August 2021.
"It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company's security layers," he says. "The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyses the content."
Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organisations had been targeted during one AiTM campaign.
Remote Services Are Becoming an Attractive Target for Ransomware
Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.
A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.
In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analysed over the last 12 months.
Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritisation and patching”.
All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.
https://www.techradar.com/news/remote-services-are-becoming-an-attractive-target-for-ransomware
Growing Reliance on Cloud Brings New Security Challenges
There was a time when cloud was just a small subset of IT infrastructure, and cloud security referred to a very specific set of tasks. The current reality is very different, organisations are heavily dependent on cloud technologies and cloud security has become a much more complex endeavour.
Organisations increasingly rely on the cloud to deliver new applications, reduce costs, and support business operations. One in every four organisations already have majority workloads in the cloud, and 44% of workloads currently run in some form of public cloud, says Omdia, a research and advisory group.
Practically every midsize and large organisation now operates in some kind of a hybrid cloud environment, with a mix of cloud and on-premises systems. For most organisations, software-as-a-service constitute the bulk (80%) of their cloud environments, followed by infrastructure-as-a-service and platform-as-a-service deployments.
In the past, cloud security conversations tended to focus on making sure cloud environments are being configured properly, but cloud security nowadays goes far beyond just configuration management. The sprawling cloud environment means security management has to be centralised, Omdia said. Security functions also need to be integrated into existing application deployment workflows.
On top of all of this, multicloud is becoming more common among organisations as they shift their workloads to avoid being dependent on a single platform. The three major cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – account for 65% of the cloud market.
https://www.darkreading.com/dr-tech/growing-reliance-on-cloud-brings-new-security-challenges
Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.
Cyber attacks are happening more frequently. Last year’s ransomware survey revealed that 21% of companies experienced an attack. This year it rose by three percent to 24%.
“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Hornetsecurity.
The report highlighted a lack of knowledge on the security available to businesses. 25% of IT professionals either don’t know or don’t think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can backup their Microsoft 365 data securely and protect themselves from such attacks,” said Hofmann.
https://www.helpnetsecurity.com/2022/10/03/ransomware-attack-impact-microsoft-365-data/
Ransomware Group Bypasses "Enormous" Range of EDR Tools
A notorious ransomware group has been spotted leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools.
BlackByte, which the US government has said poses a serious threat to critical infrastructure, used a “Bring Your Own Driver” technique to circumvent over 1000 drivers used by commercially available EDR products, according to Sophos. The UK cyber security vendor explained in a new report that the group had exploited a known vulnerability, CVE-2019-16098, in Windows graphics utility driver RTCorec6.sys. This enabled it to communicate directly with a victim system’s kernel and issue commands to disable callback routines used by EDR tools.
The group also used EDR bypass techniques borrowed from open source tool EDRSandblast to deactivate the Microsoft-Windows-Threat-Intelligence ETW (Event Tracing for Windows) provider. This is a Windows feature “that provides logs about the use of commonly maliciously abused API calls such as NtReadVirtualMemory to inject into another process’s memory,” explained Sophos. Neutralising it in this way renders any security tool relying on the feature also useless, the firm argued.
“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate,” said Sophos. “If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous.”
BlackByte is not the only ransomware group using these advanced techniques to get around existing detection tools, illustrating the continued arms race between attackers and defenders. AvosLocker used a similar method in May, Sophos said. “Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups,” the firm confirmed. “This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort.”
https://www.infosecurity-magazine.com/news/ransomware-bypasses-enormous-range/
MS Exchange Zero-Days: The Calm Before the Storm?
Two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.
The two vulnerabilities were publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities. Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings.
Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organisations globally. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organisation,” they added.
The other good news is there are still no public exploits for the two vulnerabilities. But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”
Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised. Scammers have since started impersonating security researchers and offering non-existing PoC exploits for CVE-2022-41082 for sale via GitHub
https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/
Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk
Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyber attacks, according to Varonis.
For the report, researchers analysed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk, Varonis researchers have found.
One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximises damage during a ransomware attack. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data.
Out of 33 super admin accounts in the average organisation, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.
“Cloud security shouldn’t be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it’s nearly impossible to ensure your data isn’t walking out the door,” said Varonis. “This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible.”
https://www.helpnetsecurity.com/2022/10/05/company-data-breach-risk/
Secureworks Finds Network Intruders See Little Resistance
Attackers who break into networks only need to take a few basic measures in order to avoid detection.
Security vendor Secureworks said in its annual State of the Threat report that it observed several data breaches between June 2021 and June 2022 and found that, by and large, once network intruders gained a foothold on the targets' environment, they had to do relatively little to stay concealed.
"One thing that is notable about them is that none of these techniques are particularly sophisticated," the vendor said. "That is because threat actors do not need them to be; the adversary will only innovate enough to achieve their objectives. So there is a direct relationship between the maturity of the controls in a target environment and the techniques they employ to bypass those controls."
Among the more basic measures taken by the attackers was coding their tools in newer languages such as Go or Rust. This tweak created enough of a difference in the software to evade signature-checking tools, according to Secureworks' report. In other cases, the network intruders hid their activity by packing their malware within a trusted Windows installer or by sneaking it into the Authenticode signature of a trusted DLL. In another case, a malware infection was seen moving data out of the victim's network via TOR nodes. While effective, Secureworks said the techniques are hardly innovative. Rather, they indicate that threat actors find themselves only needing to do the bare minimum to conceal themselves from detection.
Regulations, Laws and Accountability are Changing the Cyber Security Landscape
As cyber criminals continue to develop new ways to wreak havoc, regulators have been working to catch up. They aim to protect data and consumers while avoiding nation-state attacks that are a risk to national and economic security. But some of these regulations may provide an opportunity for MSSPs.
Some of these regulations are a response to what’s generally been a hands-off approach to telling organisations what to do. Unfortunately, cyber security isn’t always prioritised when budgets and resources are allocated. The result is a steadily rising tide of breaches and exploits that have held organisations hostage and made private information available on the dark web.
The new regulations are coming from all directions: at the state and federal levels in the US and around the world. While many of these regulations aren’t yet final, there’s no reason not to start aligning with where trends will ease the impact of changing rules. At the same time, many organisations want to hold the government responsible for some kinds of attacks. It will be interesting to see how regulating works, as most politicians and bureaucrats aren’t known for their technological savvy.
In the US, for example, new regulations are in development in the Federal Trade Commission, Food and Drug Administration, Department of Homeland Security, Department of Transportation, Department of Energy, and the Cybersecurity and Infrastructure Security Agency. Thirty-six states have enacted cyber security legislation, and the count increases as other countries join.
One of the motivating factors for all these new regulations is that most cyber attacks aren’t reported. Lawmakers realise cyber security threats continue to be one of the top national security and economic risks. In the last year and a half (2020-2022), there have been attacks on America’s gas supply, meat supply, and various other companies, courts, and government agencies. One FBI cyber security official estimated the government only learns about 20% to 25% of intrusions at US business and academic institutions.
In March, Congress passed legislation requiring critical infrastructure operators to report significant cyber attacks to CISA within 72 hours of learning about the attack. It also required them to report a ransomware payment within 24 hours. These regulations will also consider reporting “near misses” so that this data can also be studied and tracked. The problem is, how does one define a “near miss”?
This Year’s Biggest Cyber Threats
OpenText announced the Nastiest Malware of 2022, a ranking of the year’s biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.
Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient. LockBit evolved its tactics into something never seen before: triple extortion. Analysis also revealed an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021, indicating a possible end to the “hacker holiday,” a hacker rest period following the busy holiday season.
“The key takeaway from this year’s findings is that malware remains centre stage in the threats posed towards individuals, businesses, and governments,” said OpenText.
“Cyber criminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business—regardless of size—is immune to these threats.”
While this year’s list may designate payloads into different categories of malware, it’s important to note many of these bad actor groups contract work from others. This allows each group to specialise in their respective payload and perfect it.
https://www.helpnetsecurity.com/2022/10/06/2022-nastiest-malware/
Threats
Ransomware and Extortion
Ransomware Attacks On The Rise, Secureworks Reveals in its State of the Threat Report - MSSP Alert
Ransomware: This is how half of attacks begin, and this is how you can stop them | ZDNET
Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)
BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)
Ransomware attacks ravage schools, municipal governments (techtarget.com)
More and more ransomware is just data theft, no encryption • The Register
Netwalker ransomware affiliate sentenced to 20 years in prison (bleepingcomputer.com)
Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs
ADATA denies RansomHouse cyber attack, says leaked data from 2021 breach (bleepingcomputer.com)
Avast releases a free decryptor for some Hades ransomware variants - Security Affairs
Cyber criminals Leak LA School Data After It Refuses to Ransom (vice.com)
How Ransomware Is Causing Chaos in American Schools (vice.com)
Ransomware hunters: the self-taught tech geniuses fighting cyber crime | Cyber crime | The Guardian
BEC – Business Email Compromise
BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)
Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Callback phishing attacks evolve their social engineering tactics (bleepingcomputer.com)
3 ways enterprises can mitigate social engineering risks - Help Net Security
Malware
OpenText Releases List Of The Year’s “Nastiest” Malware - MSSP Alert
This devious malware is able to disable your antivirus | TechRadar
Bumblebee Malware Loader's Payloads Significantly Vary by Victim System (darkreading.com)
Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)
NullMixer Dropper Delivers a Multimalware Code Bomb (darkreading.com)
Maggie malware already infected over 250 Microsoft SQL servers - Security Affairs
Mobile
Internet of Things – IoT
7 IoT Devices That Make Security Pros Cringe (darkreading.com)
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (darkreading.com)
Acronis founder is afraid of his own vacuum cleaner • The Register
Data Breaches/Leaks
“Egypt Leaks” – Hacktivists are Leaking Financial Data - Security Affairs
No Shangri-La for you: Top hotel chain confirms data leak • The Register
NSA: Someone hacked military contractor and stole data • The Register
City of Tucson discloses data breach affecting over 123,000 people (bleepingcomputer.com)
Optus Says ID Numbers of 2.1 Million Compromised in Data Breach | SecurityWeek.Com
Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data (darkreading.com)
2K warns users their info has been stolen following breach of its help desk | Ars Technica
Russian retail chain 'DNS' confirms hack after data leaked online (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Breaking: Scams Linked To Crypto Soared By 335% (informationsecuritybuzz.com)
Hacker steals $566 million worth of crypto from Binance Bridge (bleepingcomputer.com)
Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)
Binance Says $100 Million Stolen in Latest Crypto Hack (gizmodo.com)
Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)
Insider Risk and Insider Threats
Meta sues app dev for stealing over 1 million WhatsApp accounts (bleepingcomputer.com)
Microsoft publishes report on holistic insider risk management - Microsoft Security Blog
Unearth offboarding risks before your employees say goodbye - Help Net Security
Splunk alleges source code theft by former employee • The Register
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (thehackernews.com)
Fraud, Scams & Financial Crime
Consumers Feel Hopeless in Protecting Themselves Against Cyber crime, ISACA Reports - MSSP Alert
BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)
Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg
Russians dodging mobilization behind flourishing scam market (bleepingcomputer.com)
Scammers and rogue callers – can anything ever stop them? – Naked Security (sophos.com)
Online romance scam boss netted $9.5m, jailed for 25 years • The Register
Deepfakes
Supply Chain and Third Parties
Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)
Supply Chain Attack Targets Customer Engagement Firm Comm100 | SecurityWeek.Com
Denial of Service DoS/DDoS
Cloud/SaaS
Encryption
API
More Than 30% of All Malicious Attacks Target Shadow APIs (darkreading.com)
APIs are quickly becoming the most popular attack vector - Help Net Security
The Problem of API Security and How To Fix It (informationsecuritybuzz.com)
API authentication failures demonstrate the need for zero trust - Help Net Security
Shadow APIs hit with 5 billion malicious requests - Help Net Security
Open Source
When transparency is also obscurity: The conundrum that is open-source security - Help Net Security
How Secure is Using Open Source Components? - IT Security Guru
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft warns Basic Auth users over password spray attacks • The Register
Is mandatory password expiration helping or hurting your password security? - Help Net Security
Detecting and preventing LSASS credential dumping attacks - Microsoft Security Blog
Meta Says It Has Busted More Than 400 Login-Stealing Apps This Year | WIRED
Privacy, Surveillance and Mass Monitoring
Regulations, Fines and Legislation
Models, Frameworks and Standards
Secure Disposal
Backup and Recovery
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Relentless Russian Cyber attacks on Ukraine Raise Important Policy Questions (darkreading.com)
Finnish intelligence warns of Russia's cyber espionage activities - Security Affairs
Kazakhstan Pins Wave Of Cyber attacks On Foreign Actors | OilPrice.com
Albania weighed invoking NATO’s Article 5 over Iranian cyber attack - POLITICO
We breached Russian satellite network, say pro-Ukraine partisans | Cybernews
Ukrainian forces report Starlink outages during push against Russia | Financial Times (ft.com)
Report: Mexico Continued to Use Spyware Against Activists | SecurityWeek.Com
Nation State Actors
Nation State Actors – China
US authorities name China's 20 favourite vulns to exploit • The Register
Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs
Nation State Actors – North Korea
Vulnerabilities
Fortinet warns admins to patch critical auth bypass bug immediately (bleepingcomputer.com)
Atlassian, Microsoft bugs make CISA’s must-patch list • The Register
US authorities name China's 20 favourite vulns to exploit • The Register
October 2022 Patch Tuesday forecast: Looking for treats, not more tricks - Help Net Security
Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub (bleepingcomputer.com)
CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability | SecurityWeek.Com
No fix in sight for mile-wide loophole plaguing a key Windows defence for years | Ars Technica
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (thehackernews.com)
Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs
Unpatched Zimbra flaw under attack is letting hackers backdoor servers | Ars Technica
macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks (darkreading.com)
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (thehackernews.com)
VMware fixed a high-severity bug in vCenter Server - Security Affairs
Reports Published in the Last Week
Other News
Guilty verdict in the Uber breach case makes personal liability real for CISOs | CSO Online
Cyber attackers view smaller organisations as easier targets - Help Net Security
Moody's turns up the heat on 'riskiest' sectors for attacks • The Register
5 reasons why security operations are getting harder | CSO Online
Former NSA Employee Faces Death Penalty for Selling Secrets (darkreading.com)
Fast Company Is Back From the Dead After Being Hacked (gizmodo.com)
Ready Or Not, Web 3 Is Coming And With It Comes Cybersquatting 2.0 (informationsecuritybuzz.com)
Cyber Hygiene: 5 Best Practices for Company Buy-In (trendmicro.com)
School Is in Session: 5 Lessons for Future Cyber Security Pros (darkreading.com)
Want More Secure Software? Start Recognizing Security-Skilled Developers (thehackernews.com)
Incident responders increasingly seek out mental health assistance - Help Net Security
You Are Not Alone If You're Unclear About Extended Detection and Response (XDR) - MSSP Alert
Why digital trust is the bedrock of business relationships - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.