Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 18th August 2023
Black Arrow Cyber Threat Intelligence Briefing 18 August 2023:
-Ransomware Group Targeting MSPs Worldwide in New Campaign
-As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
-Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
-Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
-Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
-LinkedIn Suffers Significant Wave of Account Hacks
-High Net-Worth Families are at Risk of Cyber Crime
-Cyber Attack Rule Raises Insurance Risks for Corporate Officers
-PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
-The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
-Why Are Phones a Cyber Security Weak Spot?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Group Targeting MSPs Worldwide in New Campaign
Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.
The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.
Source [Dark Reading]
As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.
Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.
This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.
Sources [WWD] [InfoSecurity Magazine] [CRN]
Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.
Source [ITPro]
Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.
A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.
With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.
Sources [Tech Radar] [Makeuseof]
Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.
Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.
Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]
LinkedIn Suffers Significant Wave of Account Hacks
LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.
With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.
Source [Dark Reading]
High Net-Worth Families are at Risk of Cyber Crime
A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.
A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.
Source [Campdenfb]
Cyber Attack Rule Raises Insurance Risks for Corporate Officers
The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.
Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.
Whilst this is only in the US at the moment, other developed nations are likely to follow suit.
Source [Bloomberg Law]
PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.
The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.
Source [The Guardian]
The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.
A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.
Source [JDSupra]
Why Are Phones a Cyber Security Weak Spot?
Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.
Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.
Source [Tech Shout]
Governance, Risk and Compliance
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru
Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)
Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
4 reasons to understand technology risks when buying a business (businessplus.ie)
Boards Don't Want Security Promises — They Want Action (darkreading.com)
Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)
How threats to mid-sized businesses impact us all - Help Net Security
7 Reasons People Don't Understand What You Tell Them (darkreading.com)
6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)
As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN
Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)
Companies are finding it harder to detect ransomware | TechRadar
Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)
Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW
'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek
Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)
3 strategies that can help stop ransomware before it becomes a crisis | CSO Online
Latitude Financial takes profit hit from major cyber attack | The West Australian
Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)
Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)
HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED
Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)
How to Create a Ransomware Incident Response Plan (techtarget.com)
Ransomware Victims
Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)
Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)
Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)
Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
LockBit claims seven new victims in ransomware spree (techmonitor.ai)
Cyber attack strikes Prince George's County schools, district says - The Washington Post
Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Inside Housing - News - Hackney to procure new IT system after cyber attack
Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)
Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)
Alberta dental benefits administrator hit by cyber attack | Edmonton Sun
Phishing & Email Based Attacks
Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)
If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine
Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)
3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)
Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)
Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)
Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE
Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)
30% of phishing threats involve newly registered domains - Help Net Security
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)
BEC – Business Email Compromise
Artificial Intelligence
Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt
ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)
AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)
New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru
Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine
Navigating generative AI risks and regulatory challenges - Help Net Security
Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Top 10 AI Security Risks According to OWASP (trendmicro.com)
AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)
Cyber security practitioners' generative AI dilemma (iapp.org)
People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)
2FA/MFA
How to prevent multifactor authentication fatigue attacks - SiliconANGLE
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Malware
Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)
Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED
Macs are getting compromised to act as proxy exit nodes - Help Net Security
Malware Dwell Time: Everything You Need to Know (makeuseof.com)
Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)
Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)
Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag
New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)
North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)
Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)
Turns out AI probably isn't very good at writing malware • The Register
Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)
Mobile
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)
3 Mobile or Client-Side Security Myths Debunked (darkreading.com)
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)
Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)
FBI warns of money-stealing fake beta-release mobile apps • The Register
Three reasons why your smartphone needs security protection (securitybrief.co.nz)
Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)
This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch
Botnets
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)
Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)
Data Breaches/Leaks
Electoral Commission had unpatched vulnerability on server • The Register
UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)
UK govt contractor MPD FM leaks employee passport data-Security Affairs
Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)
Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
Man arrested in Northern Ireland police data leak • The Register
teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company
Here’s what you need to do after your personal data is breached (telegraph.co.uk)
Organised Crime & Criminal Actors
Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)
Cyber security researchers become target of criminal hackers | Financial Times (ft.com)
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)
Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)
File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)
How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
Web3 projects suffered from forty-two exploits within a week (coinpaper.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)
“Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)
Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)
The road ahead for ecommerce fraud prevention - Help Net Security
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED
Insurance
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Building Cyber security into the supply chain is essential as threats mount (att.com)
Why the public sector still loves Capita (even though it got hacked) - Tech Monitor
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)
Software Supply Chain
Cloud/SaaS
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing
Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
Containers
Encryption
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
WhatsApp is right to be angry about the UK’s encryption mess | The Spectator
Google adds post-quantum encryption key protection to Chrome • The Register
API
The Evolution of API: From Commerce to Cloud-Security Affairs
How financial services cyber regulations are hotting up for API security (betanews.com)
Open Source
Why a Software Bill of Materials Is Business-Critical - The Futurum Group
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
6 best practices to defend against corporate account takeover attacks | CSO Online
What's the State of Credential theft in 2023? (thehackernews.com)
Building a secure future without traditional passwords - Help Net Security
Are browser-stored passwords secure? | Kaspersky official blog
Passwordless is more than a buzzword among cyber security pros - Help Net Security
More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Social Media
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malvertising
Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser
Malvertisers up their game against researchers (malwarebytes.com)
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Navigating generative AI risks and regulatory challenges - Help Net Security
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra
Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)
How financial services cyber regulations are hotting up for API security (betanews.com)
A closer look at the new TSA oil and gas pipeline regulations - Help Net Security
Models, Frameworks and Standards
Center for Internet Security announces secretive Microsoft partnership | StateScoop
What's New in the NIST Cyber security Framework 2.0 (darkreading.com)
Data Protection
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE
Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)
Vietnam admits massive shortage of infosec pros • The Register
Heavy workloads driving IT professionals to resign - Help Net Security
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)
Law Enforcement Action and Take Downs
Polish police arrest five in swoop on Cyber Crime site - TVN24
Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Sextortion suspects on trial after one victim dies • The Register
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)
Man arrested in Northern Ireland police data leak • The Register
Privacy, Surveillance and Mass Monitoring
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs
Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Suspected spies for Russia held in major UK security investigation - BBC News
Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian
China
Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)
New Zealand says it is aware of China-linked intelligence activity in country | Reuters
China teases imminent exposé of seismic US spying scheme • The Register
Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)
15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan
US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch
Iran
German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)
Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Vulnerabilities
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)
Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)
Magento shopping cart attack targets critical vulnerability • The Register
New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)
Data centers at risk due to flaws in power management software | CyberScoop
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News
Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)
AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar
Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Tools and Controls
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
AI-powered fraud detection: Strengthening security in fintech | The Financial Express
MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)
Evaluate the risks and benefits of AI in cyber security | TechTarget
How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Building a secure future without traditional passwords - Help Net Security
Passwordless is more than a buzzword among cyber security pros - Help Net Security
SEC cyber security rules shape the future of incident management - Help Net Security
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam
Why You Need Continuous Network Monitoring? (thehackernews.com)
CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Other News
Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News
Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)
Government highlights cyber threat to health and social care | UKAuthority
Why is the Education Sector a Target for Cyber Attacks? | UpGuard
Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard
What would an OT cyber attack really cost your organisation? | CSO Online
Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)
Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)
Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)
Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 9th June 2023
Black Arrow Cyber Threat Briefing 09 June 2023:
-74% of Breaches Involve Human Element- Make Employees Your Best Asset
-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
-BEC Volumes and Ransomware Costs Double in a Year
-Hackers are Targeting C-Suite Executives Through Their Personal Email
-Proactive Detection is Crucial as Organisations Lack Effective Threat Research
-Number of Vulnerabilities Exploited Rose by 55%
-Ransomware Behind Most Cyber Attacks, with Record-breaking May
-4 Areas of Cyber Risk That Boards Need to Address
-North Korea Makes 50% of Income from Cyber Attacks
-Going Beyond “Next Generation” Network Security
-Worldwide 2022 Email Phishing Statistics and Examples
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
74% of Breaches Involve Human Element- Make Employees Your Best Asset
Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.
With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.
https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/
https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/
Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.
Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.
https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/
CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.
In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.
Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.
https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says
BEC Volumes and Ransomware Costs Double in a Year
The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.
Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.
https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/
Hackers are Targeting C-Suite Executives Through Their Personal Email
As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.
https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity
Proactive Detection is Crucial as Organisations Lack Effective Threat Research
In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.
https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/
Number of Vulnerabilities Exploited Rose by 55%
A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.
Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.
https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/
https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/
Ransomware Behind Most Cyber Attacks, with Record-breaking May
2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.
4 Areas of Cyber Risk That Boards Need to Address
As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.
To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.
https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address
North Korea Makes 50% of Income from Cyber Attacks
The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.
North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.
They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.
https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/
Going Beyond “Next Generation” Network Security
Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.
Worldwide 2022 Email Phishing Statistics and Examples
Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html
Governance, Risk and Compliance
CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly
CISOs focus more on business strategy than threat research - Help Net Security
Only one in 10 CISOs today are board-ready, study says | CSO Online
Employee cyber security awareness takes centre stage in defence strategies - Help Net Security
The Importance of Managing Your Data Security Posture (thehackernews.com)
How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)
Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
VeeamON 2023: When Your Nightmare Comes True - The New Stack
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
Factors influencing IT security spending - Help Net Security
How to Boost Cyber Security Through Better Communication (securityintelligence.com)
Generative AI's influence on data governance and compliance - Help Net Security
Essential Cyber security Compliance Standards (trendmicro.com)
Threats
Ransomware, Extortion and Destructive Attacks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert
Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)
Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs
Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)
Ransomware Victims
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Ransomware takes down multiple municipalities in May | TechTarget
Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek
Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)
City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)
Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert
Phishing & Email Based Attacks
Fixing email security: It's still a rocky road ahead - SiliconANGLE
Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)
New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)
Consumers overestimate their deepfake detection skills - Help Net Security
Department of Defence AI principles have a place in the CISO’s playbook | CSO Online
Generative AI's influence on data governance and compliance - Help Net Security
Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)
2FA/MFA
Malware
High-profile malware and targeted attacks in Q1 2023 | Securelist
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)
Qakbot: The trojan that just won't go away - Help Net Security
Qbot malware adapts to live another day … and another … • The Register
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)
Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)
Google puts $1M behind its mining-malware detection promise • The Register
Mobile
Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Apple announces next-level privacy and security innovations - Help Net Security
How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)
Botnets
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
Denial of Service/DoS/DDOS
Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)
Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)
Internet of Things – IoT
Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
New York City sues Hyundai, Kia claiming cars easy to steal • The Register
Data Breaches/Leaks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch
Massive free VPN data breach exposes 360M records | Fox News
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
Every Netherlands resident affected by data leak: watchdog | NL Times
German recruiter Pflegia leaks sensitive job seeker info- Security Affairs
What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week
Google puts $1M behind its mining-malware detection promise • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Scammers publish ads for hacking services on government websites | TechCrunch
Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)
A new wave of sophisticated digital fraud hits Europe - Help Net Security
ID fraud a possibility forever, claims data breach lawsuit • The Register
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)
Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)
Virtual claims raise alarms among insurance carriers and customers - Help Net Security
UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian
Impersonation Attacks
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
Deepfakes
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register
Consumers overestimate their deepfake detection skills - Help Net Security
Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)
Insurance
Dark Web
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
What is the dark web and how do you access it? (androidpolice.com)
Supply Chain and Third Parties
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)
Software Supply Chain
SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek
10 security tool categories needed to shore up software supply chain security | CSO Online
Cloud/SaaS
The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Current SaaS security strategies don't go far enough - Help Net Security
Hybrid/Remote Working
Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)
Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru
Surveilling your employees? You could be putting your company at risk of attack - Help Net Security
Shadow IT
Encryption
API
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Hate speech is driving advertisers away from Twitter • Graham Cluley
US government's TikTok ban extended to include contractors • The Register
Training, Education and Awareness
Employee cyber security awareness takes center stage in defense strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
How to Boost Cyber security Through Better Communication (securityintelligence.com)
Embracing realistic simulations in cyber security training programs - Help Net Security
Data Protection
SEC drops 42 cases after staff bungle data protection • The Register
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)
Careers, Working in Cyber and Information Security
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant
North Korean APT group targets email credentials in social engineering campaign | CSO Online
UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
US government's TikTok ban extended to include contractors • The Register
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)
Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register
China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian
Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)
Hostile states face contract ban amid security concerns (thetimes.co.uk)
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek
Vulnerability Management
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Public sector apps show higher rates of security flaws - Help Net Security
Vulnerabilities
Zyxel vulnerability under 'widespread exploitation' | TechTarget
Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)
High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)
Tools and Controls
CISOs focus more on business strategy than threat research - Help Net Security
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Going Beyond “Next Generation” Network Security - Cisco Blogs
Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Factors influencing IT security spending - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
How to Boost Cyber security Through Better Communication (securityintelligence.com)
MoD adopts ‘secure by design’ for cyber security | UKAuthority
Everyone is selling VPNs, and that's a problem for security | Engadget
ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Embracing realistic simulations in cyber security training programs - Help Net Security
The Key to Zero Trust Identity Is Automation (darkreading.com)
What generative AI's rise means for the cyber security industry | TechTarget
Cisco spotlights generative AI in security, collaboration | Network World
10 security tool categories needed to shore up software supply chain security | CSO Online
How to Improve Your API Security Posture (thehackernews.com)
Consolidate Vendors and Products for Better Security - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 March 2023
Black Arrow Cyber Threat Briefing 10 March 2023:
-Business Email Compromise Attacks Can Take Just Hours
-Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks
-Just 10% of Firms Can Resolve Cloud Threats in an Hour
-MSPs in the Crosshair of Ransomware Gangs
-Stolen Credentials Increasingly Empower the Cyber Crime Underground
-It’s Time to Assess the Potential Dangers of an Increasingly Connected World
-Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards
-Developers Leaked 10m Credentials Including Passwords in 2022
-Cyber Threat Detections Surges 55% In 2022
-European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks
-Employees Are Feeding Sensitive Business Data to ChatGPT
-Is Ransomware Declining? Not So Fast Experts Say
-Preventing Corporate Data Breaches Starts With Remembering That Leaks Have Real Victims
-Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up
-Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Email Compromise Attacks Can Take Just Hours
Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.
Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks
In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.
Just 10% of Firms Can Resolve Cloud Threats in an Hour
Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.
https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/
MSPs in the Crosshairs of Ransomware Gangs
Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.
https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/
Stolen Credentials Increasingly Empower the Cyber Crime Underground
Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.
It’s Time to Assess the Potential Dangers of an Increasingly Connected World
As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.
Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards
According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.
Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022
Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.
Cyber Threat Detections Surges 55% In 2022
Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.
https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/
European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks
The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.
https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6
Employees Are Feeding Sensitive Business Data to ChatGPT
1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.
Is Ransomware Declining? Not So Fast Experts Say
Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).
Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims
The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.
https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/
Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up
In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.
Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled
A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.
Threats
Ransomware, Extortion and Destructive Attacks
Faced with likelihood of ransomware attacks, businesses still choosing to pay up | ZDNET
Is ransomware declining? Not so fast, experts say | TechTarget
FBI and CISA warn of increasing Royal ransomware attack risks (bleepingcomputer.com)
City of Oakland Faces Major Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Indigo Books Refuses LockBit Ransomware Demand (darkreading.com)
Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)
Ransom House ransomware attack hit Hospital Clinic de Barcelona- - Security Affairs
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware gang posts video of data stolen from Minneapolis schools (bleepingcomputer.com)
IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)
Examining Ransomware Payments From a Data-Science Lens (trendmicro.com)
Cyble — BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow
Phishing & Email Based Attacks
AI is taking phishing attacks to a whole new level of sophistication - Help Net Security
Catches of the Month: Phishing Scams for March 2023 - IT Governance UK Blog
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)
Vishing attacks increasing, but AI's role still unclear | TechTarget
2FA/MFA
NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)
Malware
DrayTek VPN routers hacked with new malware to steal data, evade detection (bleepingcomputer.com)
Malicious PyPI package signals direction of cyber crime • The Register
How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)
Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica
New malware infects business routers for data theft, surveillance (bleepingcomputer.com)
Old Windows ‘Mock Folders’ UAC bypass used to drop malware (bleepingcomputer.com)
Emotet malware attacks return after three-month break (bleepingcomputer.com)
AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)
Custom Chinese Malware Found on SonicWall Appliance - SecurityWeek
FBI and international cops catch a NetWire RAT • The Register
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs
Popular fintech apps expose valuable, exploitable secrets - Help Net Security
PayPal Sued Over Data Breach that Impacted 35,000 users (hackread.com)
Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (hackread.com)
Data breach exposed millions of Verizon customers' account info (androidpolice.com)
Congress’ Social Security Numbers Leaked in DC Health Link Hack (gizmodo.com)
Data protection vendor Acronis admits to data leak • The Register
AT&T confirms 9m wireless accounts exposed by third part • The Register
Organised Crime & Criminal Actors
BidenCash leaks 2.1M stolen credit/debit cards- Security Affairs
Malicious PyPI package signals direction of cyber crime • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)
Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)
Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)
Scammers using voice-cloning A.I. to mimic relatives | Fortune
Alleged security breach leaves millions of dollars missing from Flutterwave accounts | TechCrunch
New Rise In ChatGPT Scams Reported By Fraudsters (informationsecuritybuzz.com)
Deepfakes
Insurance
Dark Web
Supply Chain and Third Parties
Snap CISO talks risky supply chain security business • The Register
SolarWinds IR lead: supply-chain attacks 'getting bigger' • The Register
AT&T confirms 9m wireless accounts exposed by third part • The Register
Software Supply Chain
Cloud/SaaS
Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks (thehackernews.com)
Hackers are quickly learning how to target cloud systems (axios.com)
Attack Surface Management
Asset Management
Encryption
New TPM 2.0 flaws could let hackers steal cryptographic keys (bleepingcomputer.com)
New Steganography Breakthrough Enables “Perfectly Secure” Digital Communications (scitechdaily.com)
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Stolen credentials increasingly empower the cyber crime underground | CSO Online
Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs
The Role of Verifiable Credentials In Preventing Account Compromise (darkreading.com)
Young government workers show poor password management habits - Help Net Security
Social Media
NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
Inadequate patches and advisories increase cyber risk - Help Net Security
Why do Businesses Need to Focus More on Cyber security (hackread.com)
Flashpoint: Threat vectors converging, increasing damage | TechTarget
How to achieve and shore up cyber resilience in a recession - Help Net Security
The cyber security landscape in the era of economic instability – Help Net Security
Models, Frameworks and Standards
Open letter demands OWASP overhaul, warns of mass project exodus | CSO Online
NIST Retooling Cyber security Framework to Reflect Changing Cyber scape – MSSP Alert
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)
FBI and international cops catch a NetWire RAT • The Register
Privacy, Surveillance and Mass Monitoring
Secret Service and ICE break the law with fake phone towers • The Register
Thought you'd opted out of online tracking? Think again • The Register
Artificial Intelligence
AI is taking phishing attacks to a whole new level of sophistication - Help Net Security
Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)
You can poison AI datasets for just $60, a new study shows (fastcompany.com)
Thousands scammed by AI voices mimicking loved ones in emergencies | Ars Technica
Vishing attacks increasing, but AI's role still unclear | TechTarget
AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)
Criminals will use ChatGPT to unleash wave of fraud, warns Darktrace (telegraph.co.uk)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
What can security teams learn from a year of cyber warfare? | Computer Weekly
Pegasus spyware used to spy on a Polish mayor- Security Affairs
Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)
Sharp Panda targets government entities in Southeast Asia- Security Affairs
Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert
Chinese cyber spies target unpatched SonicWall gear • The Register
Nation State Actors
What can security teams learn from a year of cyber warfare? | Computer Weekly
Russia Bans Messengers, Including WhatsApp, Telegram, And More (informationsecuritybuzz.com)
Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)
China-aligned APT is exploring new technology stacks for malicious tools - Help Net Security
Sharp Panda targets government entities in Southeast Asia- Security Affairs
Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert
Chinese cyber spies target unpatched SonicWall gear • The Register
Lazarus group infiltrated South Korean finance firm twice last year | CSO Online
New Chinese regulatory body expected to streamline data governance rules | CSO Online
Vulnerability Management
Inadequate patches and advisories increase cyber risk - Help Net Security
Build Cyber Resiliency With These Security Threat-Mitigation Considerations
Zero Day Threat Protection for Your Network (trendmicro.com)
557 CVEs Added to CISA's Known Exploited Vulnerabilities Catalog in 2022 - SecurityWeek
Machine Learning Improves Prediction of Exploited Vulnerabilities (darkreading.com)
Security Patch Management Strengthens Ransomware Defense (trendmicro.com)
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022 | TechTarget
Vulnerabilities
Researchers discover 'kill switch' in Starlink terminals - Security - iTnews
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (thehackernews.com)
Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing - SecurityWeek
Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com)
Chinese cyber spies target unpatched SonicWall gear • The Register
Bitwarden flaw can let hackers steal passwords using iframes (bleepingcomputer.com)
Veeam warns to install patches to fix a bug in Backup & Replication- Security Affairs
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)
Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks - SecurityWeek
Jenkins Server Vulnerabilities Chained for Remote Code Execution - SecurityWeek
Other News
Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)
Tracking device technology: A double-edged sword for CISOs | CSO Online
From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)
What CISOs need to understand about document signing - Help Net Security
Thousands of websites hacked as part of redirection campaign- Security Affairs
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 February 2023
Black Arrow Cyber Briefing 24 February 2023:
-Employees Bypass Cyber Security Guidance to Achieve Business Objectives
-Three Quarters of Businesses Braced for Serious Email Attack this Year
-The Cost of Living Crisis is Triggering a Wave of Workplace Crime
-Fighting Ransomware with Cyber Security Audits
-Record Levels of Fraud Impacting 90% of Payment Compliance Teams
-CISOs Struggle with Stress and Limited Resources
-Cyber Threats and Regulations Mount for Financial Industry
-HardBit Ransomware Wants Insurance Details to Set the Perfect Price
-Social Engineering is Becoming Increasingly Sophisticated
-A Fifth of Brits Have Fallen Victim to Online Scammers
-Cyber Attacks Hit Data Centres to Steal Information From Companies
-Phishing Fears Ramp Up on Email, Collaboration Platforms
-The War in Ukraine has Shaken up the Cyber Criminal Eco-system
-Police Bust €41m Email Scam Gang
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Bypass Cyber Security Guidance to Achieve Business Objectives
Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.
https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/
Three Quarters of Businesses Braced for Serious Email Attack this Year
According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.
The Cost of Living Crisis is Triggering a Wave of Workplace Crime
Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000. Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.
Fighting Ransomware with Cyber Security Audits
With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.
https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html
Record Levels of Fraud Impacting 90% of Payment Compliance Teams
New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.
CISOs Struggle with Stress and Limited Resources
A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.
https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/
Cyber Threats and Regulations Mount for Financial Industry
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.
https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry
HardBit Ransomware Wants Insurance Details to Set the Perfect Price
Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.
Social Engineering is Becoming Increasingly Sophisticated
The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.
https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html
A Fifth of Brits Have Fallen Victim to Online Scammers
Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Cyber Attacks Hit Data Centres to Steal Information from Companies
Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.
Phishing Fears Ramp Up on Email, Collaboration Platforms
Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.
The War in Ukraine has Shaken up the Cyber Criminal Eco-System
One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.
Police Bust €41m Email Scam Gang
A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.
https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/
Threats
Ransomware, Extortion and Destructive Attacks
HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)
An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)
A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)
Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)
Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)
Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
IBM: Ransomware defenders showing signs of improvement | TechTarget
ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert
Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)
Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs
Student Medical Records Exposed After LAUSD Breach (darkreading.com)
Phishing & Email Based Attacks
Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online
Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)
Big rise in 'email thread hijacking' by cyber criminals (rte.ie)
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
BEC – Business Email Compromise
Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Social engineering, deception becomes increasingly sophisticated-Security Affairs
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)
2FA/MFA
Malware
Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)
Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica
Researchers warn of 'Havoc' command and control tool • The Register
New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)
Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs
New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)
Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)
Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Defenders on high alert as backdoor attacks become more common - Help Net Security
Mobile
Five easy steps to keep your smartphone safe from hackers | ZDNET
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek
Accidental WhatsApp account takeovers? It's a thing • The Register
Google will boost Android security through firmware hardening (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Sensitive US military emails exposed by unsecured Azure server • The Register
DNA testing firm inks settlement after forgotten DB break-in • The Register
Activision did not notify employees of data breach for months | TechCrunch
GoDaddy blasted for breach response | SC Media (scmagazine.com)
TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET
Russian cyber crime alliances upended by Ukraine invasion • The Register
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)
‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)
Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)
SBF faces four additional charges in FTX collapse case • The Register
Insider Risk and Insider Threats
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)
Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security
Fraud, Scams & Financial Crime
The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News
FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)
Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)
Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar
City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)
SBF faces four additional charges in FTX collapse case • The Register
Insurance
Supply Chain and Third Parties
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)
Software Supply Chain
Cloud/SaaS
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
Four steps SMBs can take to close SaaS security gaps - Help Net Security
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)
Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert
Containers
Encryption
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)
7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)
Cyber threats, Regulations Mount for Financial Industry (darkreading.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert
Benchmarking your cyber security budget in 2023 | VentureBeat
7 reasons to avoid investing in cyber insurance | CSO Online
5 top threats from 2022 most likely to strike in 2023 | CSO Online
Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online
Malicious actors push the limits of attack vectors - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
CISOs struggle with stress and limited resources - Help Net Security
Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security
Law Enforcement Action and Take Downs
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
Russian cybercrime alliances upended by Ukraine invasion • The Register
Musk restricts Starlink for Ukraine, cites World War III | Fortune
America Loves Spying by Balloon, Just Like China (gizmodo.com)
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Russia blames 'hackers' for fake missile strike alerts • The Register
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
Nation State Actors
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET
Russian cybercrime alliances upended by Ukraine invasion • The Register
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
America Loves Spying by Balloon, Just Like China (gizmodo.com)
EU Organisations Warned of Chinese APT Attacks - SecurityWeek
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)
Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Vulnerability Management
CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Vulnerabilities
US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek
A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED
VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)
PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek
Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)
Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget
Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security
Tools and Controls
Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)
Why privileged access management should be critical to your security strategy | VentureBeat
The battle for data security now falls on developers; here’s how they can win | VentureBeat
Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat
Advantages of the AWS Security Maturity Model (trendmicro.com)
Other News
Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
NSA shares guidance on how to secure your home network (bleepingcomputer.com)
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
Malicious actors push the limits of attack vectors - Help Net Security
Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)
Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)
How to Detect New Threats via Suspicious Activities (thehackernews.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 October 2021
Black Arrow Cyber Threat Briefing 01 October 2021:
-Cyber Second Only To Climate Change As Biggest Global Risk
-Businesses Unsure Which Tech Is Essential Against Ransomware
-Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours
-Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year
-Ransomware Attacks Up 1,070% Year Over Year
-Baby’s Death Alleged To Be Linked To Ransomware
-Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach
-More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic
-Cyber Attack Floors British Payroll Firm
-GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries
-50% Of Servers Have Weak Security Long After Patches Are Released
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Second Only To Climate Change As Biggest Global Risk
Cyber security has been ranked as the second largest threat to our way of life in a major new survey of 23,000 people, comprised of both experts and members of the public. Cyber came second only to climate change on the world stage, but was ranked as the number one risk in the Americas and second in Asia, Africa, and Europe. https://www.infosecurity-magazine.com/news/cyber-second-biggest-global-risk/
Businesses Unsure Which Tech Is Essential Against Ransomware
As ransomware attacks grow in number, a new report finds that many organisations are under the impression they have things in hand but most are unsure what protections they should have in place. The report, based on a survey of 455 business leaders and cyber security professionals, claims businesses are on top of employee training, risk assessments and cyber insurance. Where firms fall flat however is their “clear gap” in thinking, in what many respondents see as “essential tech” in the fight against ransomware – nearly half of respondents (49%) thought paying up was their best option. https://www.techradar.com/news/businesses-unsure-which-tech-is-essential-against-ransomware
Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours
A survey of over 2,000 adults suggests that 76% of respondents recognise the severity of data breaches. This heightened awareness may be driven by constant news of major consumer, enterprise and infrastructural breaches over the last year alone. https://www.helpnetsecurity.com/2021/10/01/risky-online-behaviors/
Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year
A recent report warns of a huge increase in attacks on the Remote Desktop Protocol (RDP), an almost universal protocol used by nearly every business in operation today. The figures show attacks on RDP have jumped 103.9% since its T1 report in June and represents around 55 billion devices. The RDP protocol is leveraged by threat actors to deploy ransomware and has become a popular target due to both heavy use by IT service providers and common misconfigurations. https://www.theregister.com/2021/09/30/eset_threat_report/
Ransomware Attacks Up 1,070% Year Over Year
The prevalence of ransomware is growing rapidly, according to the 2021 Ransomware Survey Report. The report shockingly found many of the ransom demands are paid, and comes as a result in the rise of “ransomware as-a-service”. The report found 94% of businesses are concerned about ransomware, with 49% stating they would simply pay the ransom outright. Respondents in Europe were more concerned than those in North America, and around 67% felt they had already been the target of ransomware. https://www.msspalert.com/cybersecurity-research/fortinet-report-ransomware-attacks-up-1070-year-over-year/
Baby’s Death Alleged To Be Linked To Ransomware
A US hospital paralyzed by ransomware in 2019 will be defending itself in court this November over the death of a newborn. The baby was born amid the hospital’s eighth day of fending off the attack. Court filings show the hospital – Springhill Medical Center in Alabama – believes wireless tracking systems and heartbeat monitoring equipment were compromised by the ransomware, leading to the death.
https://threatpost.com/babys-death-linked-ransomware/175232/
Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach
Around a third (32%) of enterprises experienced a six-figure breach last year, but well over half (61%) admitted to concealing it. The findings come as a global survey of 1,400 decision makers in cyber is released. https://www.foxbusiness.com/technology/ransomware-cyber-breach-concealed
More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic
Around 91.5% of malware detections in Q1 2021 were concealed in HTTPS-encrypted connections. A ubiquitous protocol – used to secure traffic any time you open a web page – only 20% of organisations have mechanisms in place to scan the arriving HTTPS traffic. The terrifying result found that most firms are missing over nine-tenths of malware hitting their networks every day. https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic
Cyber Attack Floors British Payroll Firm
A "sophisticated" cyber attack has forced a British payroll company to shut down its entire network, leaving some contractors without pay. Giant Group confirmed on September 24 that it had taken its network, fully integrated IT infrastructure, phone, and email systems offline last Wednesday after detecting suspicious activity. https://www.infosecurity-magazine.com/news/cyberattack-floors-british-payroll/#.YVQiuXlCjOA.twitter
GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries
A malicious trojan has been making its way through the Google Play Store since at least November of 2020. The app, purportedly harmless on the surface, hijacks payments on the victim device, resulting in a series of hidden charges and a nasty surprise at the end of the month. Researchers who discovered the malware estimate its impact to be over 10 million victims in 70 countries, and several hundreds of millions of Euros in losses. https://securityaffairs.co/wordpress/122730/malware/grifthorse-malware-campaign.html
50% Of Servers Have Weak Security Long After Patches Are Released
Over 50% of servers scanned still have weak security, a new study suggests, even after patches have been issued. Researchers found that servers were still vulnerable weeks and even months after critical updates, leaving many businesses wide open to attack. https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released
Threats
Ransomware
United Health Centres Reportedly Compromised By Ransomware Attack
JVCKenwood Hit By Conti Ransomware Claiming Theft Of 1.5TB Data
Ransomware Gangs Are Complaining That Other Crooks Are Stealing Their Ransoms
United Health Centers Reportedly Compromised By Ransomware Attack
REvil Customers Complain Ransomware Gang Uses Backdoors To Filch Ransoms
The Biggest Problem With Ransomware Is Not Encryption, But Credentials
Phishing
Other Social Engineering
Malware
Thousands Of Online Gaming Accounts Hit In Major Cyber Attack
Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers
New Malware Steals Steam, Epic Games Store, And EA Origin Accounts
Vulnerabilities
Threat Actors Use Recently Discovered CVE-2021-26084 Atlassian Confluence
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
Thousands of University Wi-Fi Networks Expose Log-In Credentials
Exploit Released For VMware Vulnerability After CISA Warning
Outsourced Software Poses Greater Risks to Enterprise Application Security
Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
Apple Responds To Security Researcher Who Found Multiple iOS 15 Zero-Day Flaws
Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes
Cyber Security Vulnerability Could Affect Millions Of Hikvision Cameras
Data Breaches/Leaks
Anonymous: We've Leaked Disk Images Stolen From Far-Right-Friendly Web Host Epik
3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale
Emails, Chat Logs, More Leaked Online From Far-Right Militia Linked To US Capitol Riot
Cryptocurrency/Cryptojacking
Ethereum Dev Admits Helping North Korea Mine Crypto-Bucks, Faces 20 Years Jail
China Says All Crypto Currency-Related Transactions Are Illegal And Must Be Banned
Insider Threats
Dark Web
DoS/DDoS
Nation State Actors
APT Focus: ‘Noisy’ Russian Hacking Crews Are Among The World’s Most Sophisticated
APT29 Targets Active Directory Federation Services With Stealthy Backdoor
Nation-State Attacks Fears Grow, Execs Don’t Trust Governments To Protect Them From Cyber Threats
APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated
Cloud
Huawei Cloud Services: U.S. Lawmakers Express Security Concerns
Why CEOs Should Absolutely Concern Themselves With Cloud Security
Cloud Security: Report Finds 68% of Malware Delivered From Cloud Apps
Privacy
Reports Published in the Last Week
Other News
Revealed: How To Steal Money From Victims' Contactless Apple Pay Wallets
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts
Report Highlights Cyber Security Dangers Of Elastic Stack Implementation Mistakes
Russian Authorities Arrest Cyber Security Giant Group-IB’s CEO On Treason Charges
Corporate Attack Surface Exploding As A Result Of Remote Work
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 September 2021
Black Arrow Cyber Threat Briefing 10 September 2021
-91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations
-Ransomware Attacks Increased Exponentially In 2021
-One In Three Suspect Phishing Emails Reported By Employees Really Are Malicious
-Hackers Shift From Malware To Credential Hijacking
-Attacker Breakout Time Now Less Than 30 Minutes
-Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices
-The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge
-Hackers Exploit Camera Vulnerabilities To Spy On Parents
-39% Of All Internet Traffic Is From Bad Bots
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations
A new survey suggests that most IT staff have felt pressured to ignore security concerns in favour of business operations. On Thursday, a new study report was released, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/
Ransomware Attacks Increased Exponentially In 2021
The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. https://www.ehackingnews.com/2021/09/ransomware-attacks-increased.html
Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious
All the time spent ticking boxes in cyber security training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click". Researchers analysed over 200,000 emails that were flagged by employees from organisations across the globe in the first half of 2021 and found that 33% of the reports could be classified as phishing. https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/
Hackers Shift From Malware To Credential Hijacking
Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report conducted by researchers. “According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.” https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/
Attacker Breakout Time Now Less Than 30 Minutes
The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to researchers. The findings come from researchers own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes. https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/
Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html
53% Find It Difficult To Prevent An Insider Attack During Data Aggregation
Recent data from researchers found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception. To fully understand any insider incident, visibility into the entire kill chain of an attack is imperative to preventing the exfiltration of critical data. https://venturebeat.com/2021/09/02/53-find-it-difficult-to-prevent-an-insider-attack-during-data-aggregation/
The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge
Not only have ransomware attacks spiked, the amount of ransom demanded has grown exponentially—to somewhere between $50 and $70 million dollars. Cyber Insurers can’t cover “whatever amount the hacker demands”—so major policies lost money. Insurers have responded by raising premiums, restricting coverage, or even getting out of the cyber-insurance game altogether in vulnerable markets. https://www.helpnetsecurity.com/2021/09/10/cyber-insurance-ransomware/
Hackers Exploit Camera Vulnerabilities To Spy On Parents
Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were found in the IoT gadgets, made by China based developer Victure, that were found by researchers. In a security report, researchers revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html
39% Of All Internet Traffic Is From Bad Bots
Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.
These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals. https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/
Threats
Ransomware
BEC
Phishing
Other Social Engineering
Malware
Traffic Exchange Networks Distributing Malware Disguised As Cracked Software
New Malware Uses Novel Fileless Technique To Evade Detection
Mobile
IOT
Vulnerabilities
Zoho ManageEngine Password Manager Zero-Day Gets A Fix, Amid Attacks
New CPU Side-Channel Attack Takes Aim At Chrome’s Site Isolation Feature
Microsoft, CISA Urge Mitigations For Zero-Day RCE Flaw In Windows
Atlassian CISO Defends Company's Confluence Vulnerability Response, Urges Patching
PoC Released For GhostScript Vulnerability That Exposed Airbnb, Dropbox
New 0-Day Attack Targeting Windows Users With Microsoft Office Documents
Cisco Patches Critical Authentication Bug With Public Exploit
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Insider Threats
DoS/DDoS
Nation State Actors
Cloud
Privacy
Other News
OWASP Shakes Up Web App Threat Categories With Release Of Draft Top 10
A Zero-Trust Future: Why Cyber Security Should Be Prioritized For The Hybrid Working World
Microsoft Has A $20 Billion Hacking Plan, But Cyber Security Has A Big Spending Problem
Misbehaving Microsoft Teams Ad Brings Down The Entire Windows 11 Desktop
This Seemingly Normal Lightning Cable Will Leak Everything You Type
HSE Cyber Attack: Irish Health Service Still Recovering Months After Hack
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.