Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

70% Of IT Pros Say Security Hygiene Has Got Harder Over Past Two Years

A new report from Enterprise Strategy Group (ESG) and JupiterOne warns of inadequate security hygiene and posture management practices at many organizations. The research found that 86% of organizations believe they follow best practices for security hygiene and posture management. However, 70% of organizations said they use more than ten security tools to manage security hygiene and posture management, which raises concerns about data management and operations overhead.

In addition, 73% of security professionals admitted that they still depend on spreadsheets to manage security hygiene and posture at their organizations. As a result, 70% of respondents said that security hygiene and posture management had become more difficult over the past two years as their attack surfaces have grown.

https://venturebeat.com/2021/11/19/report-70-of-it-pros-say-security-hygiene-has-gotten-harder-over-past-two-years/

As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks

Arkose Labs released new data on the latest fraud trends, revealing increased threats during the holidays, rising bot attacks, and a resurgence in attacks on travel companies. As shoppers fill their online carts, account takeover (ATO) attacks and gift-card fraud remain persistent.

The report shares the top six fraud-fighting trends from the previous 3 months and provides data highlighting that no digital business is immune from attack. Financial industries saw 32 percent more attacks than in the first half of 2021.

Retail and travel attacks increased 63 percent in Q3, and gaming saw a spate of fake new accounts being set up for fraudulent purposes. Media and streaming businesses saw 60 percent of malicious activity targeting logins, and 20 percent of these attacks originating from human fraud farms.

Technology platforms see 91 percent of all attacks powered by bots. Overall, attacks are increasing in every industry, and they are growing more sophisticated.

https://www.helpnetsecurity.com/2021/11/22/threats-during-holidays/

More Ransomware Attacks Up to September Than Whole of 2020

Most UK business leaders expect cyber-threats to surge next year, with ransomware, business email compromise (BEC), cloud and supply chain attacks all predicted to increase, according to PwC.

The findings come from the consulting giant’s 2022 Global Digital Trust Insights Survey and were distilled from interviews with 257 business and technology executives in the UK.

Although most (63%) respondents said they expect security budgets to increase next year, even more (66%) predicted cyber-threats would rise. Ransomware (61%), BEC (61%), malware via software updates (63%), and cloud compromise (64%) were among the most notable.

Bobbie Ramsden-Knowles, crisis and resilience partner at PwC UK, claimed the firm’s threat intelligence team has tracked more ransomware incidents globally up to September this year than for the whole of 2020.

https://www.infosecurity-magazine.com/news/more-ransomware-attacks-september/

Ransomware Warning: Hackers See Holidays And Weekends As A Great Time To Attack

Just because you're taking a break, that doesn't mean hackers will be too.

Ahead of the holidays cyber agencies have released a warning to stay vigilant on holidays and weekends, because hackers don't plan on taking a holiday break.

Warnings remind organisations that ransomware attackers often choose to launch attacks on holidays and weekends, specifically when businesses are likely to be closed.

Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.

Some of the worst ransomware attacks happened on holidays and weekends.

https://www.zdnet.com/article/security-warning-ransomware-attackers-are-working-on-the-holidays-even-if-you-arent/

Suspect Arrested In 'Ransom Your Employer' Criminal Scheme

A Nigerian man has been arrested in connection to a scheme attempting to lure insiders to deploy ransomware on employer systems.

On November 22, security expert Brian Krebs reported that the man, Oluwaseun Medayedupin, was arrested by Nigerian authorities on Friday.

The suspect is allegedly linked to a 'ransom your employer' scheme investigated by Abnormal Security in August.

Customers of the cybersecurity firm were sent emails with the subject "Partnership affiliate offer," requesting that the recipient considered becoming an accomplice in a cyberattack.

The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer's systems.

https://www.zdnet.com/article/suspect-arrested-in-ransom-your-employer-criminal-scheme/

The Newer Cyber Crime Triad: Trickbot-Emotet-Conti

Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang.

Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.

This operation was the result of a joint effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.

The law enforcement agency was able to take over at least 700 servers used as part of the Emotet botnet’s infrastructure. The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation.

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. The infamous banking trojan was also used to deliver other malicious code, such as Trickbot and QBot trojans, or ransomware such as Conti, ProLock, Ryuk, and Egregor.

https://securityaffairs.co/wordpress/124807/cyber-crime/trickbot-emotet-conti-triad.html

Threat Actors Find And Compromise Exposed Services In 24 Hours

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.

Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.

To track what software and services are targeted by threat actors, researchers create publicly accessible honeypots. Honeypots are servers configured to appear as if they are running various software as lures to monitor threat actors' tactics.

https://www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/

Does Your Company Employ A CISO? Many Are Operating Without Security Leadership

45% of companies do not employ a Chief Information Security Officer (CISO), a Navisite research found. Of this group, 58% think their company should hire a CISO.

Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.

130 security, IT and compliance professionals were polled in the US to determine their perceptions on the state of cybersecurity leadership and readiness within their organizations. More than 80% of respondents described their job title as either executive leadership or management, with more than 60% of respondents coming from mid-sized organizations between 100-5,000 employees.

Why you should employ a CISO?

·       21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is security/cybersecurity.

·       75% of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.

·       80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.

·       70% of respondents expressed confidence in the effectiveness of their cybersecurity program—but that confidence dropped to 58% for companies without a CISO.

·       47% of survey takers believe their company spends too little on cybersecurity.

https://www.helpnetsecurity.com/2021/11/23/employ-ciso/

New Malware Is Capable Of Evading Almost All Antivirus Products

There’s a new JavaScript downloader on the prowl that not only distributes eight different Remote Access Trojans (RATs), keyloggers and information stealers, but is also able to bypass detection by a majority of security tools, experts have warned.

Cyber security researchers at HP Wolf Security named the malware RATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous since it employs several techniques to evade detection.

“It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” noted Patrick Schlapfer, Malware Analyst at HP.

https://www.techradar.com/news/new-malware-is-capable-of-evading-almost-all-antivirus-products

Interpol Arrests Over 1,000 Suspects Linked To Cyber Crime

Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling.

This crackdown results from a four-month action codenamed ‘Operation HAEICHI-II,’ which took place in twenty countries between June and September 2021.

These were Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, and Vietnam.

On the financial aspect of the operation, the authorities have also intercepted nearly $27,000,000 and froze 2,350 banking accounts linked to various online crimes.

As the Interpol announcement details, at least ten new criminal modus operandi were identified in HAEICHI-II, indicative of the evolving nature of cyber-crime.

https://www.bleepingcomputer.com/news/legal/interpol-arrests-over-1-000-suspects-linked-to-cyber-crime/

Researchers Warn Of Severe Risks From ‘Printjack’ Printer Attacks

A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer.

The attacks include recruiting the printers in DDoS swarms, imposing a paper DoS state, and performing privacy breaches.

As the researchers point out, modern printers are still vulnerable to elementary flaws and lag behind other IoT and electronic devices that are starting to conform with cybersecurity and data privacy requirements.

By evaluating the attack potential and the risk levels, the researchers found non-compliance with GDPR requirements and the ISO/IEC 27005:2018 (framework for managing cyber-risks).

This lack of in-built security is particularly problematic when considering how omnipresent printers are, being deployed in critical environments, companies, and organizations of all sizes.

https://www.bleepingcomputer.com/news/security/researchers-warn-of-severe-risks-from-printjack-printer-attacks/

Threats

Ransomware

• New Memento Ransomware Uses Password-Protected WinRAR Archives To Block Access To The Files - Security Affairs

• Defense Contractors Are Highly Susceptible To Ransomware Attacks - Help Net Security

• Holidays Don't Mean Much To Ransomware Attackers - Help Net Security

BEC – Business Email Compromise

• Two Nigerians Sentenced to Prison in US for Role in BEC Scams | SecurityWeek.Com

Phishing

• TrickBot Phishing Checks Screen Resolution To Evade Researchers (Bleepingcomputer.Com)

Malware

• Crooks Compromise Microsoft Exchange Servers To Hijack Internal Email Chains - Security Affairs

• Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (thehackernews.com)

• Malicious Python Packages Employ Advanced Detection Evasion Techniques - Help Net Security

• Stealthy New JavaScript Malware Infects Windows PCs with RATs (bleepingcomputer.com)

• New Golang-based Linux Malware Targeting eCommerce Websites (thehackernews.com)

Mobile

• Spyware Alert! 23 Apps Found Spying On Android Users Via Mobile Camera | techgig

• MediaTek Chip Flaw Could Have Let Attackers Spy on Android Phones (darkreading.com)

• Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery (thehackernews.com)

IOT

• Hikvision Security Cameras Potentially Exposed to Remote Code Execution (sans.edu)

• Some Tesla Owners Unable To Unlock Cars Due To Server Errors (Bleepingcomputer.Com)

Vulnerabilities

• All Versions of Windows Are Vulnerable to a New Zero-Day Exploit (pcmag.com)

• Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws | Threatpost

• Cisco Flaw Affects Firewalls - Infosecurity Magazine

• Expert Discloses Details Of Flaws In Oracle VirtualBox - Security Affairs

• VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client (thehackernews.com)

Data Breaches/Leaks

• GoDaddy Hack Exposes Accounts Of 1.2 Million Customers (Bitdefender.Com)

Organised Crime & Criminal Actors

• Hackers Accused Of Stealing $100m Live Openly In Russia | World | The Times

Cryptocurrency/Cryptojacking

• Teen Accused of Stealing Bitcoin Worth $36.5M - Infosecurity Magazine (infosecurity-magazine.com)

Fraud & Financial Crime

• Fraud Fighters Aren't Prepared For The Multi-Billion Dollar Threat Of Global Insurance Fraud - Help Net Security

Insurance

• Work From Home, Digital Shift During Covid Drives Cyber Insurance Prices (bloombergquint.com)

Nation State Actors

• NCSC Warns Industry, Academia Of Foreign Threats To Their Intellectual Property | CSO Online

• North Korean Hackers Found Behind a Range of Credential Theft Campaigns (thehackernews.com)

• US Bans Chinese Firms For Feeding Tech To The Military • The Register

Cloud

• Observing Attacks Against Hundreds of Exposed Services in Public Clouds (paloaltonetworks.com)

Passwords

• Attackers Don't Bother Brute-Forcing Long Passwords, Microsoft Engineer Says - The Record By Recorded Future

• Less than Half of Consumers Change Password Post-Breach - Infosecurity Magazine

Parental Controls

• Products Used By Children Are Not Nearly As Privacy-Protecting As They Should Be - Help Net Security

Sector Specific

Financial Services Sector

• Credentials Exposed For Majority Of US Financial Firm Employees | Sc Media (Scmagazine.Com)

• US Government Securities Watchdog Spoofed By Investment Scammers – Don’t Fall For It! – Naked Security (sophos.com)

SMBs – Small and Medium Businesses

• UK Govt Warns Thousands Of SMBs Their Online Stores Were Hacked (Bleepingcomputer.Com)

Defence

• Defence Contractors Are Highly Susceptible To Ransomware Attacks - Help Net Security

Health/Medical/Pharma Sector

• Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities | WIRED

• Preventing a Cyber Pandemic in Healthcare | SecurityWeek.Com

• Healthcare Organisations At Risk: The Attack Surface Is Expanding - Help Net Security

• ENISA - The Need For Incident Response Capabilities In The Health Sector - Security Affairs

• Philips Working on Patches for Vulnerabilities Found in Medical Products | SecurityWeek.Com

Transport and Aviation

• Hackers Hit Iran's Mahan Airline, Claim Confidential Data Theft (Bleepingcomputer.Com)

Maritime

• Marine Services Provider Swire Pacific Offshore Hit By Ransomware (Bleepingcomputer.Com)

Reports Published in the Last Week

• The Evolving Threat of Ransomware | The State of Security (tripwire.com)

Other News

• As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks - Help Net Security

• Rising Cyber Crime Demands Laws And Users Keep Up | The Seattle Times

• IKEA Email Systems Hit By Ongoing Cyber Attack (Bleepingcomputer.Com)

• UK and German Police Take Down 21 Jihadist Websites - Infosecurity Magazine

 As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.