Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• ‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

John Edwards, UK Information Commissioner, said:

 “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.

 “Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.

 “Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/

• Ransomware Threat Shifts from US to EMEA and APAC

The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.

The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.

Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).

The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.

https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/

• Phishing Attacks Increase by Over 31% In Third Quarter

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.

Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.

According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.

As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.

While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.

The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.

As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.

https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_news

• UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.

UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.

According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.

Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.

Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.

https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html

• HR Departments Play a Key Role in Cyber Security

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity

• The Long-Term Psychological Effects of Ransomware Attacks

Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.

The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.

They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.

Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.

Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”

One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.

A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”

https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/

• 7 Hidden Social Media Cyber Risks for Enterprises

Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.

According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.

And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.

With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.

Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.

https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises

• 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.

41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

https://www.darkreading.com/careers-and-people/54-of-staff-would-reconsider-working-for-a-firm-that-had-experienced-a-cyber-breach-research-finds

• Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late

According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.

One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.

The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.

https://www.itsecurityguru.org/2022/10/28/evolve-as-fast-as-the-cybercriminals-protect-your-business-now-before-its-too-late/

• Enterprise Ransomware Preparedness Improving but Still Lacking

The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.

With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

• network security (43%)

• backup infrastructure security (40%)

• endpoint security (39%)

• email security (36%)

• data encryption (36%)

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

https://www.techtarget.com/searchsecurity/feature/Enterprise-ransomware-preparedness-improving-but-still-lacking

• Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.

If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.

Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.

Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.

https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015

• How The "pizza123" Password Could Take Down an Organisation

Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.

The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.

The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.

Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.

People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.

Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.

Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.

Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.

https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/

Threats

Ransomware and Extortion

• SonicWall: Ransomware down this year, but there’s a catch • The Register

• Medibank cyber-attack: should the health insurer pay a ransom for its customers’ data? | Health | The Guardian

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)

• How to detect Windows worm that now distributes ransomware • The Register

• Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)

• BlackByte ransomware affiliate also steals victims' data • The Register

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

• CISA warns of ransomware attacks on healthcare providers (techtarget.com)

• Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom | SecurityWeek.Com

• Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)

• Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)

• Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)

• Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)

• Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)

• Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)

• Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)

• Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)

Phishing & Email Based Attacks

• DHL Replaces LinkedIn As Most Imitated Brand in Phishing Attempts - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering attacks anybody could fall victim to - Help Net Security

• Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com

Malware

• Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)

• Types of cloud malware and how to defend against them (techtarget.com)

• Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands Of Fake PoC Exploits In GitHub Repositories Deliver Malware – (informationsecuritybuzz.com)

• Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)

• Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)

Mobile

• Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (thehackernews.com)

• These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets (thehackernews.com)

• Android Hacking Warning As Criminals Target TikTok And PayPal For (informationsecuritybuzz.com)

Internet of Things – IoT

• IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)

• IoT security strategy from enterprises using connected devices | Network World

• Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC | CSO Online

• Your CCTV devices can be hacked and weaponized - Help Net Security

• Critical Flaws in Abode Home Security Kit Allow Hackers to Hijack, Disable Cameras | SecurityWeek.Com

Data Breaches/Leaks

• Thomson Reuters leaked at least 3TB of sensitive data | Cybernews

• See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)

• Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)

• Seven months after it found out, FamilySearch tells users their personal data has been breached • Graham Cluley

• Bed Bath & Beyond reviewing possible data breach | Reuters

Organised Crime & Criminal Actors

• Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)

• Interpol says metaverse opens up new world of cyber crime | Reuters

• From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Researchers uncover cryptojacking campaign targeting Docker, Kubernetes cloud servers | SC Media (scmagazine.com)

• Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register

• Cryptomining campaign abused free GitHub account trials (techtarget.com)

Insider Risk and Insider Threats

• New York Post hacked? No, the culprit is an employee - Security Affairs

Fraud, Scams & Financial Crime

• UK Anti-fraud Efforts Failing (informationsecuritybuzz.com)

• Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)

• Economic strife fuels cyber anxiety - Help Net Security

• LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)

• Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)

Insurance

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)

Dark Web

• Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)

• Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)

• Dark Web Forum Busts Come Days Apart (darkreading.com)

• British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs

Software Supply Chain

• Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (informationsecuritybuzz.com)

• How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• Consumer behaviours are the root of open source risk - Help Net Security

Denial of Service DoS/DDoS

• Key observations on DDoS attacks in H1 2022 - Help Net Security

• Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica

Cloud/SaaS

• Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)

• It’s time to prioritize SaaS security | InfoWorld

• Top Cloud Security Challenges & How to Beat Them (trendmicro.com)

• Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)

• Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

• Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)

Hybrid Working

• Balancing remote work privacy vs. productivity monitoring (techtarget.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Asset risk management: Getting the basics right - Help Net Security

Encryption

• New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)

• Can a new form of cryptography solve the internet’s privacy problem? | Data protection | The Guardian

API

• Thousands Of Publicly Exposed API Tokens Could Threaten Software Integrity (informationsecuritybuzz.com)

• Key API Security Principles And How To Implement Them (informationsecuritybuzz.com)

Open Source

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why it's time to expire mandatory password expiration policies (techtarget.com)

• Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica

Biometrics

• ICO Warns of "Immature" Biometric Tech - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)

• LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)

• Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)

• Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)

• Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos (bitdefender.com)

Regulations, Fines and Legislation

• UK Construction Biz Fined £4.4m for Serious Security Failings - Infosecurity Magazine (infosecurity-magazine.com)

• Australia Flags New Corporate Penalties for Privacy Breaches | SecurityWeek.Com

Data Protection

• What consumers expect from organisations that handle their personal data - Help Net Security

Law Enforcement Action and Take Downs

• Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too | ZDNET

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)

• Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)

• Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com

• Norway arrests man accused of being Russian spy - BBC News

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

Nation State Actors – Russia

• Russia says Starlink satellites could become military target • The Register

• Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

Nation State Actors – China

• Chinese spy duo charged in Huawei case as US condemns ‘egregious’ interference | China | The Guardian

• Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert

• Federal bans don't stop US states from buying Chinese kit • The Register

• Chinese Spies Indicted for Coercing Nationals Living in US to Return as Agents of the PRC - MSSP Alert

Nation State Actors – North Korea

• Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (thehackernews.com)

Nation State Actors – Iran

• Iranian government blames 'foreign country' for hack-and-leak of nuclear information - CyberScoop

Vulnerability Management

• Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they're exploited (bleepingcomputer.com)

• Protecting organisations by understanding end-of-life software risks - Help Net Security

Vulnerabilities

• OpenSSL to fix the second critical flaw ever - Security Affairs

• Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)

• Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)

• Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig (portswigger.net)

• Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)

• Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)

• 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)

• Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)

• Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)

• Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com

• Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security

• Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com

• VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs

• VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com

• Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs

Reports Published in the Last Week

• Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% (vadesecure.com)

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament

Other News

• Cyber Security Risks & Stats This Spooky Season (darkreading.com)

• Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)

• 8 hallmarks of a proactive security strategy | CSO Online

• Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)

• Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security

• Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)

• Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)

• Why dark data is a growing danger for corporations - Help Net Security

• Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK, US Intelligence Agencies Warn Managed Service Providers, including External IT Providers, Are Now Prime Targets for Cyber Attacks

The Five Eyes coalition of international cyber security authorities, this week issued an advisory to warn managed service providers (MSPs), including external IT providers, of an escalating threat of attack from both everyday cyber criminals and state-sponsored threat actors.

MSPs provide or operate information and communications technology services.

With input from cyber security leaders from Australia, Canada, New Zealand, the UK and the US, the NSA provided recommendations to help bolster their cyber defences, including:

• Finding and disabling dormant accounts.

• Implementing and enforcing multifactor authentication on accounts.

• Ensuring contracts clearly map out who owns and is responsible for securing data.

Malicious actors are targeting MSPs to break into their customers' networks and deploy ransomware, steal data, and spy on them, the Five Eyes authorities have formally warned in a joint security alert.

"The UK, Australian, Canadian, New Zealand, and US cyber security authorities expect malicious cyber actors — including state-sponsored advanced persistent threat (APT) groups — to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the alert warned.

These types of supply-chain or "island-hopping" attacks can prove very lucrative for cyber criminals because once they break into an MSP, they gain access to all of the customers' networks and data being managed, and in turn commit computer crimes and fraud against those customers' customers.

https://www.darkreading.com/attacks-breaches/nsa-warns-managed-service-providers-are-now-prime-targets-for-cyberattacks

• Wannacry – 5 Years On, 68% Of Enterprises Are Still at Risk

5 years on from one of the world’s most damaging ransomware attacks, research from network detection and response leader ExtraHop has found that 68% of enterprises are still running insecure protocol that were exploited by the North Korean ransomware.

The events of 12 May 2017 live on in cyber security lore. WannaCry revealed just how extensive the damage caused by ransomware can be if deployed in large scale – from downtime to ransom paid to reputational damage. Yet despite the danger, huge numbers of organisations are still running SMBv1, the protocol exploited in the WannaCry attacks that has been publicly deprecated since 2014.

https://informationsecuritybuzz.com/expert-comments/wannacry-5-years-on-68-of-enterprises-are-still-at-risk/

• You Can’t Eliminate Cyber Attacks, So Focus on Reducing the Blast Radius

Given it is impossible to prevent all cyber attacks, many organisations should look to reduce the size of the company’s attack surface and the limit the “blast radius” of a potential attack.

There is a danger that the biggest risk concerning cyber attacks is that we’re becoming desensitised to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like efforts to safeguard the enterprise are futile. But that’s all the more reason to strengthen your resolve—and switch up your cyber defence strategy.

The core of this strategy should be the concept of “reducing the blast radius” of an attack, and since you can’t completely eliminate cyber attacks, you need to take steps to contain the impact.

This strategy should contain basic blocking and also consider things such as Zero Trust for remote access, traffic inspection, software-based micro-segmentation and other practical measures to reduce your attack surface.

https://threatpost.com/cyberattacks-blast-radius/179612/

• Just In Time? Bosses Are Finally Waking Up to The Cyber Security Threat

Boardrooms have a reputation for not paying much attention to cyber security, but it could be that executives are finally keen to take more interest in securing the systems and networks their businesses rely on.

Senior figures from American, British and Australian cyber security agencies have said that business execs are now more aware of cyber threats and are actively engaging with their chief information security officer (CISO) and information security teams.

Chief execs are starting to ask their CISOs the right questions, rather than leaving them to it because they don't have to understand complex technology. It does feel like a much more engaging strategic conversation, but there can still be a disconnect between knowing what needs to happen, then actually budgeting for and implementing a cyber security strategy.

https://www.zdnet.com/article/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat/

• Most Organisations Hit by Ransomware Would Pay Up If Hit Again

Almost nine in 10 organisations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.

The report is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.

Kaspersky claims that in 88 percent of organisations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.

https://www.theregister.com/2022/05/13/organizations_pay_ransomware/

• 31,000 FTSE 100 Logins Found on Dark Web

Researchers with Outpost24 are reporting over 31,000 corporate credentials for many of the UK’s leading FTSE 100 firms on the dark web. These are the 100 biggest companies listed on the London Stock Exchange by market capitalisation. The researchers used their threat monitoring and auditing tool Blueliv to search dark web sites for the breached credentials.

Key findings from stolen and leaked credentials study:

• The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web

• 31,135 total stolen and leaked credentials detected for FTSE 100 companies, with 38% disclosed on the underground in the past 12 months

• Nearly half (42%) of FTSE 100 companies have more than 500 compromised credentials exposed on the dark web

• Up to 20% of credentials are stolen via malware infection and stealers

• 11% disclosed in the last 3 months (21% in the last 6 months and over 68% have been exposed for over 12 months)

• Over 60% of stolen credentials came from 3 industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%)

• IT/Telecoms industry is the most at risk with the highest total amount (7,303) and average stolen credentials per company (730), they are most affected by malware infection and have the most amount of stolen credentials disclosed in the last 3 months

• On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they found themselves increasingly in the cyber criminals’ crosshairs since the pandemic.

https://informationsecuritybuzz.com/expert-comments/31000-ftse-100-logins-found-on-dark-web/

• Ransomware: How Executives Should Prepare Given the Current Threat Landscape

As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive.

Top executives are increasingly dreading the phone call from their fellow employee notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organisation has been in the media spotlight as their public relations team struggles to explain how they were attacked and how they can regain consumer confidence. A recent survey showed that 37 percent of organisations surveyed had been affected by ransomware attacks in the last year.

Worse, the days when executive leadership teams could fully delegate responsibility to a CISO are over. Regardless of reality, surveys have shown that about 40 percent of the public perception of fault for a ransomware attack lands squarely on the CEO’s shoulders, and that 36 percent of attacks result in the loss of C-level talent. While executive involvement in the security program does not guarantee a successful defence, it does give the executive leadership team (ELT) a degree of ownership of the final product, as well as the ability to speak confidently and knowledgeably to the public.

https://www.techrepublic.com/article/ransomware-how-executives-should-prepare-given-the-current-threat-landscape/

• What Your Cyber Insurance Application Form Can Tell You About Ransomware Readiness

The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.

If it’s the time of year for you to fill out the annual cyber insurance policy application, you will see how the focus for insurance firms is changing. Each year you can get an insight into what insurance vendors are using to rate the risks and threats to your business and what they are stressing firms should have in place as best practice or what they are expecting you should have in place as a baseline set of controls. Not having them in place could affect insurance rates, whether you are able to get cyber coverage at all, or crucially whether they would pay out in the event of you having to make a claim.

This year you might find more questions specifically around ransomware prevention techniques and protections, from Multi Factor Authentication (MFA) to Endpoint Detection and Response (EDR), and email filtering protections to the robustness of your backups.

Make sure to review your cyber insurance policy and its related questionnaire. And ask whether you are doing everything you can to protect your firm and tailoring your actions to align with what your insurance provider has deemed as a best practice.

https://www.csoonline.com/article/3659831/what-your-cyber-insurance-application-form-can-tell-you-about-ransomware-readiness.html#tk.rss_news

• NCSC Shut Down 2.7 Million Scams in 2021

The UK National Cyber Security Centre (NCSC) removed 2.7 million online scams last year, it was revealed this week, four times as many scams compared to 2020.

The announcement comes as the security agency shared the most recent data from its Active Cyber Defence initiative at the CYBERUK summit earlier in the week.

According to the NCSC, neutralised scams included fake celebrity endorsements and spoof extortion emails.

It has also been revealed that fraud campaigns used common themes, with NHS vaccines and vaccine passports being particularly popular.

Some cyber criminals even posed as NCSC CEO Lindy Cameron – victims received an email claiming the NCSC had prevented £5m of their money from being stolen, and were urged to supply personal information to retrieve the funds.

https://www.itsecurityguru.org/2022/05/10/ncsc-shut-down-2-7-million-scams-in-2021/

• Security Threats Targeting Remote Workers

Remote work offers great benefits, like reduced commute time, increased freedom, and more time to spend with loved ones. But there can be security downsides if sufficient controls are not in place to protect remote workers against the digital threats that come with working via unsecured connections.

Being on a home network lacks the layered network security of the company environment. Remote work itself is not new, but the dramatic shift to working from home over the past two years means there are more security-naive people who are not in the office.

Not all security threats are the fault of technology. Much of it also comes from human error.

Remote work greatly exacerbates human-activated risk, and people are working in more distracting environments where they may have to answer the door for deliveries or might multitask with household chores. That means mistakes are more likely to happen, like sending an email to the wrong recipient or falling for a malicious email attack.

Recent research by Egress found that 77% of IT leaders said they have seen an increase in security compromises since going remote two years ago.

https://www.darkreading.com/endpoint/top-6-security-threats-targeting-remote-workers

• Password Reuse Is Rampant Among Employees in All Sectors

SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications.

Drawing on a database of over 200 billion recaptured assets, researchers identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26% increase from last year’s analysis.

Analysis of this data showed a 64% password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices –– all sources of cyber risk for both employers and consumers who rely on businesses to safeguard their personal data. With remote work blurring the lines between work and personal device use, a larger attack surface compounds the risk of cyber attacks proliferating beyond compromised employee and consumer identities to penetrate corporate networks.

https://www.helpnetsecurity.com/2022/05/11/fortune-1000-identity-exposure/

Threats

Ransomware

• Costa Rica Shows the Damage Ransomware Can Do to a Country - The Washington Post

• Ransomware-as-a-Service: Understanding The Cyber Crime Gig Economy And How To Protect Yourself - Microsoft Security Blog

• Ransomware Works Fast, You Need to Be Faster To Counter It - Help Net Security

• A Closer Look At Today’s Ransomware Attack Landscape - MSSP Alert

• Ransomware Is a National Security Threat, So Please Tell Us About Attacks, Says Government | ZDNet

• 5 Years That Altered the Ransomware Landscape (darkreading.com)

• Colonial Pipeline Faces Nearly $1m Fine After Ransomware • The Register

• These Ransomware Attackers Sent Their Ransom Note to The Victim's Printer | ZDNet

• New Malware Samples Indicate Return of REvil Ransomware | SecurityWeek.Com

• How to Avoid Falling Victim to PayOrGrief's Next Rebrand (darkreading.com)

• Examining the Black Basta Ransomware’s Infection Routine (trendmicro.com)

Phishing & Email Based Attacks

• Novel Phishing Trick Uses Weird Links to Bypass Spam Filters | Threatpost

• New Email Security Tool Launched to Help Organisations Check Their Defences - NCSC.GOV.UK

• TA578 Using Thread-Hijacked Emails to Push ISO Files For Bumblebee Malware - SANS Internet Storm Center

Malware

• Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks | Threatpost

• Low-rent Remote Access Trojan (RAT) Worries Researchers | Threatpost

• Eternity Malware Kit Offers Stealer, Miner, Worm, Ransomware Tools (bleepingcomputer.com)

• It costs $7 to Rent DCRat Malware to Backdoor Your Network • The Register

• Shopping For Malware: $260 Gets You a Password Stealer... • The Register

• Microsoft: Sysrv Botnet Targets Windows, Linux Servers with New Exploits (bleepingcomputer.com)

• Google Drive Emerges as Top App For Malware Downloads - Help Net Security

• Stealthy Linux Implant BPFdoor Compromised Organizations Globally For Years | CSO Online

• Malware Builder Leverages Discord Webhooks | Threatpost

• Malware Attacks Getting More Regional, Claims Netskope • The Register

• 5-Buck DCRat Malware Foretells a Worrying Cyber Future (darkreading.com)

• Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service | Threatpost

• German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)

Data Breaches/Leaks

• PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram - Information Security Buzz

• Victims of Horizon Actuarial Data Breach Exceed 1M (techtarget.com)

Organised Crime & Criminal Actors

• Crypto Robber Who Lured Victims Via Snapchat and Stole £34,000 Jailed (bleepingcomputer.com)

• NCSC Shut Down 2.7 Million Scams in 2021- IT Security Guru

• Crook Jailed for Selling Stolen Credentials On Dark Web • The Register

• UK Government Hackers Destroyed Hundreds of Thousands of Stolen Credit Card Details Held By Criminals | Science & Tech News | Sky News

• US Agrees to International Electronic Cyber Crime Evidence Swap (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• NFT Scams, Toxic ‘Mines’ And Lost Life Savings: The Cryptocurrency Dream Is Fading Fast | David A Banks | The Guardian

• NFTs Emerge as the Next Enterprise Attack Vector (darkreading.com)

• Fake Binance NFT Mystery Box Bots Steal Victim's Crypto Wallets (bleepingcomputer.com)

• Possible $1 Billion Crypto Ponzi Scheme Probed by Tax Investigators - Bloomberg

Insider Risk and Insider Threats

• Angry IT Admin Wipes Employer’s Databases, Gets 7 Years in Prison (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• How Can Your Business Defend Itself Against Fraud-as-a-Service? (darkreading.com)

• Scammers Impersonate Britain’s Top Cyber Crime Chief in Fake £5m Heist (telegraph.co.uk)

• Caramel Credit Card Stealing Service Is Growing in Popularity (bleepingcomputer.com)

• Hackers Are Exploiting WordPress Themes, Plugins to Hawk Scams (gizmodo.com)

• Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites (thehackernews.com)

Insurance

• Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage (tripwire.com)

• How Cyber Liability Insurance Can Help Protect Your Business Reputation - MSSP Alert

Supply Chain and Third Parties

• Five Eyes Urges Organisations to Secure Supply Chains - IT Security Guru

Denial of Service DoS/DDoS

• Why Are DDoS Attacks So Easy to Launch and So Hard to Defend Against? - Help Net Security

Cloud

• The SaaS-to-SaaS Supply Chain Is a Wild, Wild Mess - Help Net Security

Open Source

• Tech Giants Pledge Multimillion Down Payment to Secure Open Source | Cybersecurity Dive

Travel

• Historic Hotel Stay, Complementary Emotet Exposure included (bleepingcomputer.com)

Parental Controls and Child Safety

• Europe Proposes Tackling Child Abuse by Killing Encryption • The Register

Cyber Bullying and Cyber Stalking

• Another ex-eBay Exec Pleads Guilty to Cyber Stalking Critics • The Register

Regulations, Fines and Legislation

• India’s Battle with Pegasus Tells a Bigger Tale Of Tech Laws • The Register

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Wars Start in Cyberspace Well Before Shots Are Fired • The Register

• #CYBERUK22: Cyber Trends from the Russia-Ukraine War - Infosecurity Magazine

• US Pledges to Help Ukraine Keep the Internet and Lights On (darkreading.com)

• Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers (darkreading.com)

• Chinese CCTV Cameras On Our Streets Have Hidden Microphones That Could Be Spying on You (telegraph.co.uk)

• Spain’s Spy Chief Sacked Over Pegasus Scandal - Infosecurity Magazine

• OpRussia Update: Anonymous Breached Other Organizations - Security Affairs

• Pro-Russian Hacktivists Target Italy Government Websites - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Russian Hackers Targeting Opponents Of Ukraine Invasion, Warns GCHQ Chief | Hacking | The Guardian

• Western Intelligence Blames Russia for Europe-Wide Cyber Attack - Infosecurity Magazine

• State Department Says Russian Cyber War Against Ukraine Began in January | The Independent

• Ukraine War: Don’t Underestimate Russia Cyber-Threat, Warns US - BBC News

Nation State Actors – China

• Experts Uncovered a New Wave Of Attacks Conducted By Mustang Panda - Security Affairs

• China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert

Nation State Actors – Iran

• Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (thehackernews.com)

• Iran-Linked OilRig APT Caught Using New Backdoor | SecurityWeek.Com

• Iran-linked COBALT MIRAGE Group Uses Ransomware in Its Operations - Security Affairs

Vulnerability Management

• US Cyber Boss Wants Software Patches to Be Like Car Recalls • The Register

Vulnerabilities

• Critical F5 BIG-IP Vulnerability Exploited to Wipe Devices (bleepingcomputer.com)

• Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack - Security Affairs

• Adobe Warns of 'Critical' Security Flaws in Enterprise Products | SecurityWeek.Com

• Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning (darkreading.com)

• Intel Emits Raft of Firmware Patches For Security Flaws • The Register

• Actively Exploited Zero-Day Bug Patched by Microsoft | Threatpost

• Hundreds of Thousands of Konica Printers Vulnerable to Hacking via Physical Access | SecurityWeek.Com

• HP Fixes Bug Letting Attackers Overwrite Firmware in Over 200 Models (bleepingcomputer.com)

• Zyxel Fixes Firewall Flaws That Could Lead to Hacked Networks (bleepingcomputer.com)

• Microsoft Releases Fixes for Azure Flaw Allowing RCE Attacks (bleepingcomputer.com)

• Researchers Find Flaws in Word, PDF Script Handling • The Register

• SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices (thehackernews.com)

• Microsoft: May Windows Updates Cause AD Authentication Failures (bleepingcomputer.com)

Sector Specific

Health/Medical/Pharma Sector

• Ransomware Group Strikes Second US Health Care System in The Last Two Months - CyberScoop

• Is That Health App Safe to Use? A New Framework Aims To Provide An Answer - Help Net Security

Manufacturing

• German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)

• China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert

Education and Academia

• A US College Is Shutting Down for Good Following A Ransomware Attack (yahoo.com)

• Fraudulent 'Bot-driven' College Enrolment up 50%, New Study Finds (darkreading.com)

Reports Published in the Last Week

• How Business Executives Perceive Ransomware Threat | Kaspersky official blog

Other News

• An Offensive Mindset Is Crucial for Effective Cyber Defence - Help Net Security

• Zero-Click Attacks Explained, And Why They Are So Dangerous | CSO Online

• Britain Must Upgrade Cyber Defences ‘Or Be Hit By 9/11-Style Attack’ (telegraph.co.uk)

• Everything We Learned From the LAPSUS$ Attacks (thehackernews.com)

• Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes (darkreading.com)

• Prepare for What You Wish For: More CISOs on Boards | SecurityWeek.Com

• Ready, IAM, Fire: How Weak Identity and Access Management (IAM) Makes You a Target (darkreading.com)

• How Privileged Access Management (PAM) Must Evolve - MSSP Alert

• Secure Your CMS-Based Websites Against Pervasive Attacks - Help Net Security

• Threats To Hardware Security Are Growing - Help Net Security

• Government’s “Whole of Society” Cyber Strategy Takes Shape - Infosecurity Magazine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.