Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Over Half of Companies Experienced Cyber Security Incidents Last Year

According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.

Sources: [Beta News] [Verdict]

Deepfake Video Conference Costs Business $25 Million

There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.

Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]

Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High

Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.

Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]

Malware-as-a-Service Now the Top Threat to Organisations

Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.

Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]

Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances

A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.

Sources: [The FinTech Times] [ Help Net Security]

Chinese State Hackers Hid in National Infrastructure for at Least 5 Years

US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.

Sources: [NTD] [Washington Times]

Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor

Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.

The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.

Sources: [New Electronics] [TechRadar]

Security Leaders, C-Suite Unite to Tackle Cyber Threats

A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.

Source: [Security Boulevard]

UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons

UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.

Source: [The Guardian]

What Does a ‘Cyber Security Culture’ Actually Entail?

Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.

Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.

Source: [ITPro Today]

Beyond Checkboxes: Security Compliance as a Business Enabler

In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.

Source: [Forbes]

No One in Cyber Security Is Ready for the SolarWinds Prosecution

The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.

Source:[Council on Foreign Relations]

Governance, Risk and Compliance

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)

• What Goes Into a Strong Cyber Security Culture? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard

• The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard

• Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)

• How CISOs navigate policies and access across enterprises - Help Net Security

• Resisting Hindsight Bias: A Proposed Framework for CISO Liability - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• The ransomware business is booming, even as enforcers shut down some players - The Verge

• Ransomware victim numbers rose by 50% in 2023 | CSO Online

• Known ransomware attacks up 68% in 2023 | Malwarebytes

• Paying ransoms is becoming a cost of doing business for many - Help Net Security

• Ransomware Payments Hit $1bn All-Time High Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget

• The hidden cost of ransomware is more painful than many realize | ITPro

• Cohesity Reveals over 9 in 10 UK Firms Have Paid Ransoms Despite Alleged "No Pay" Stances | The Fintech Times

• Is critical infrastructure prepared for OT ransomware? • The Register

• Akira and 8Base are the ransomware gangs to watch in 2024 • The Register

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

• ‘These are threat-to-life crimes’: How hospitals are responding to a rise in ransomware attacks – NBC4 Washington (nbcwashington.com)

• NCC Group records the most ransomware victims ever in 2023 | TechTarget

• LockBit Reigns Supreme in Soaring Ransomware Landscape - Infosecurity Magazine (infosecurity-magazine.com)

• How security experts unravel ransomware (engadget.com)

• Cyber Attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

• US govt ups bounty on Hive ransomware gang members to $15M • The Register

Ransomware Victims

• Industry giants Clorox and Johnson Controls report financial losses from cyber attacks (therecord.media)

• Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Lurie Children's Hospital cyber attack forces systems offline • The Register

• Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)

• Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? | Lamorna Ash | The Guardian

• California union confirms ransomware attack following LockBit claims (therecord.media)

• Another Chicago hospital announces cyber attack (therecord.media)

• Scots care charity target of huge cyber attack - TFN

• Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)

Phishing & Email Based Attacks

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)

• 222% surge in email attacks during 2023

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• South African Railways Lost Over $1M in Phishing Scam (darkreading.com)

• These were the most common phishing emails of 2023 — make sure you don't get caught out as well | TechRadar

Artificial Intelligence

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• Could a threat actor socially engineer ChatGPT? (securityintelligence.com)

• Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)

Malware

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network (thehackernews.com)

• Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Fresh 'Mispadu Stealer' Variant Emerges (darkreading.com)

• Mini PC maker ships systems with factory-installed spyware — AceMagic says issue was contained to the 'first shipment' | Tom's Hardware (tomshardware.com)

• Raspberry Robin Evolves With Stealth Tactics, New Exploits - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek

• 'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Top Mobile App Security Risks | MSSP Alert

• February 2024 Android security patch here for Pixels - Android Authority

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Warning from LastPass as fake app found on Apple App Store | Malwarebytes

• Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)

• This Android malware can steal all your photos and texts without being opened — how to stay safe | Tom's Guide (tomsguide.com)

Denial of Service/DoS/DDOS

• That electric toothbrush DDoS story you saw might have been a case of mistranslation | ITPro

Internet of Things – IoT

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Global cities unprepared for emerging risks warns study

• Understanding the Connection Between IoT Vulnerabilities and Home Network Intrusions - Security Boulevard

• As Smart Cities Expand, So Do the Threats (darkreading.com)

Data Breaches/Leaks

• AnyDesk forces password reset for customers as 18k credentials go up for sale online | SC Media (scmagazine.com)

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)

• Alleged data breach sees names, addresses and phone numbers of serving police staff shared on email - North Wales Live (dailypost.co.uk)

• Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch

• FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek

• 'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)

• Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)

• Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek

• Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)

• Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)

• Data of half the population of France stolen in its largest ever cyber attack. This is what we know | Euronews

• HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch

Organised Crime & Criminal Actors

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• As-a-Service tools empower criminals with limited tech skills - Help Net Security

• Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)

• Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)

• Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pig-butchering scams morph into DeFi threats (cointelegraph.com)

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

Insider Risk and Insider Threats

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• How bias can undermine insider threat monitoring | TechRadar

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• Engineer accused of stealing secret US government tech used to detect nuclear missile launches (nbcnews.com)

Supply Chain and Third Parties

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Removing the weakest link: Strengthen the security of your supply chain (techuk.org)

Cloud/SaaS

• Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

• Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing

Identity and Access Management

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

Encryption

• Raspberry Pi Pico cracks BitLocker in under a minute • The Register

Linux and Open Source

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

Social Media

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook fatal accident scam still rages on | Malwarebytes

Regulations, Fines and Legislation

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)

• Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say (databreaches.net)

• No one's happy with latest US cyber incident reporting plan • The Register

• 2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard

Models, Frameworks and Standards

• Exploring NIST Cyber Security Framework 2.0 - Help Net Security

Careers, Working in Cyber and Information Security

• Combatting Stress In The Cyber Security Industry (forbes.com)

• IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)

Law Enforcement Action and Take Downs

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• Romance fraudster jailed after conning women out of £300k - BBC News

• Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica

• How security experts unravel ransomware (engadget.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Misinformation, Disinformation and Propaganda

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Report Details Scope of Global Threat to Elections - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• NCSC and partners issue warning about state-sponsored attackers hiding out in critical infrastructure networks... - NCSC.GOV.UK

Nation State Actors

China

• Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)

• Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com

• China's Cyber Attackers Target US and Allied Militaries (newsweek.com)

• FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard

• Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)

• Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• Top US venture capitalists invest in China tech for big returns (nypost.com)

• Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times

• Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg

• Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)

Russia

• EU capitals fear Russian retaliation and cyber attacks after asset freezes – POLITICO

• The Kremlin threatens the West with years of trials and cyber attacks for trying to use its assets for Ukraine. - UBN

• Russia’s Countervalue Cyber Approach: Utility or Futility? - Carnegie Endowment for International Peace

Iran

• Designating Iranian Cyber Officials - United States Department of State

• Microsoft: Iran is refining its cyber operations | CyberScoop

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• US sanctions Iranian officials over cyber attacks on water plants - BBC News

North Korea

• Cyber attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Spyware business booming despite government crackdowns • The Register

Vulnerability Management

• How To Address OT And ICS Cyber Attack Vulnerabilities (forbes.com)

Vulnerabilities

• Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register

• Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)

• Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)

• Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)

• Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)

• Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)

• Critical vulnerability in Mastodon sparks patching frenzy • The Register

• Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)

• February 2024 Android security patch here for Pixels - Android Authority

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)

• QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek

Tools and Controls

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Close security gaps with attack path analysis and management | TechTarget

• Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard

• A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)

Reports Published in the Last Week

• Acronis Cyber Threats Report H2 2023 | Acronis Resource Center

Other News

• Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac

• Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine

• Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek

• ‘Elevated’ risk of hackers targeting UK drinking water, says credit agency | Cyber Crime | The Guardian

• What Will the Future of Cyber Security Bring? - Security Boulevard

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)

• McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)

• A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)

• Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)

• NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly

• Serious threats, unserious responses (reason.com)

• Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)

• We Need Cyber Security in Space to Protect Satellites | Scientific American

• Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly

• Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly

• How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year

A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.

When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.

Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]

Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government

The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.

Sources: [BBC News] [ Security Affairs]

NCSC CTO: Cyber Security is Essential, Not Optional

Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.

The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.

Sources:  [Infosecurity Magazine] [Dark Reading]

69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs

According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.

A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.

Sources: [ITPro] [Beta News] [Security Magazine]

75% of Sports Related Passwords are Reused Across Accounts

According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.

Sources:  [Security Magazine] [Help Net Security]

Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift

As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.

Sources: [Barrons] [Help Net Security] [Computer Weekly]

Ransomware, Vendor Hacks Push Breach Number to Record High

The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.

Source: [Info Risk Today]

Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure

News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.

Sources: [Emerging Risks]

Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?

Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.

Source: [Property Industry Eye]

US Government Agency Was Hacked Thanks to 'End of Life' Software

The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.

Source:[ TechCrunch]

Digital Transformation, Security Implications, and their Effects on The Modern Workplace

The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.

Source:[ Forbes]

Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach

With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.

Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.

Sources: [Help Net Security]

Report Reveals Sorry State of Cyber Security at UK Football Clubs

A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.

Source: [Computer Weekly]

Governance, Risk and Compliance

• A fifth of UK businesses victims of cyber attacks in past year - Insurance Age

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC's Ollie Whitehouse on Why Cyber Security is Essential, Not Optional - Infosecurity Magazine (infosecurity-magazine.com)

• Digital Transformation And Its Effects On The Modern Workplace (forbes.com)

• UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)

• Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)

• Cyber security is a Team Sport (darkreading.com)

• 2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)

• Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)

• Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard

• SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)

• CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar

• Maximizing cyber security on a budget - Help Net Security

• Cyber and remote working: How Covid moved the cursor | Computer Weekly

• Why effective cyber security is more important than ever for European family offices | Campden FB

• Liability Fears Damaging CISO Role, Says Former Uber CISO - Infosecurity Magazine (infosecurity-magazine.com)

• Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal

• Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 69% of organisations facing ransomware attacks paid the ransom | Security Magazine

• 2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly

• Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)

• Ransomware attack costs are driving up inflation in the UK | ITPro

• Ransomware ramped up against private sector in November | TechTarget

• BlackCat threatens to directly extort vendor's customers • The Register

• New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)

• How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)

• Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)

• Expert warns of Turtle macOS ransomware (securityaffairs.com)

• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)

• Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)

• 75% of the Industrial Sector Experienced a Ransomware Attack in the Past Year, Claroty Study Finds (prnewswire.com)

• LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)

• BlackSuit ransomware - what you need to know | Tripwire

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

• Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)

Ransomware Victims

• Staples Confirms System Outage Was Due to Cyber Attack, Raising the Possibility of a Data Breach | Console and Associates, P.C. - JDSupra

• 60 US credit unions offline after cloud ransomware infection • The Register

• 'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)

• News focus: Cyber-attack on law firm IT provider CTS hits conveyancing firms – what lessons need to be learned? | Law Gazette

• Hackers extorting fintech unicorn Tipalti, threaten to leak data of clients Roblox an | Ctech (calcalistech.com)

• What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar

• Western Isles Council 'counting cost' of November's cyber attack - BBC News

• Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)

• Nissan Restoring Systems After Cyber Attack - SecurityWeek

• Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media

• Phishing & Email Based Attacks

• Cyber criminals are exploiting AI tools like ChatGPT to craft more convincing phishing attacks, alarming cyber security experts | TechRadar

• Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)

• Cyber Criminals Escalate Microsoft Office Attacks By 53% in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)

• Booking.com users angry at firm's response to hacks - BBC News

• Hershey warns of data breach following phishing attack (therecord.media)

• This huge Russian phishing campaign is hitting targets across the world | TechRadar

• Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT builder helps create scam and hack campaigns - BBC News

Artificial Intelligence

• Cyber criminals are exploiting AI tools like ChatGPT to craft more convincing phishing attacks, alarming cyber security experts | TechRadar

• ChatGPT builder helps create scam and hack campaigns - BBC News

• Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek

• How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)

• Exploring the impact of generative AI in the 2024 presidential election - Help Net Security

• Put guardrails around AI use to protect your org, but be open to changes - Help Net Security

• Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek

• 2024 cyber security outlook: The rise of AI voice chatbots and prompt engineering innovations - Help Net Security

• Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)

• Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law

• Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security

Malware

• Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)

• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)

• Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)

• Kaspersky malware report for Q3 2023 | Securelist

• PC malware statistics, Q3 2023 | Securelist

• Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)

• Mac users are being targeted again with dangerous malware - here's what to know | TechRadar

• Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)

• Trojan-Proxy Threat Expands Across macOS, Android and Windows - Infosecurity Magazine (infosecurity-magazine.com)

• New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)

• Hackers switch from email attacks to downloads (therecord.com)

• Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)

Mobile

• Android users warned about new threat after one victim loses $280K - PhoneArena

• Mobile malware statistics, Q3 2023 | Securelist

• December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)

• 94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek

• Top mobile password managers could be exposing user details | TechRadar

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek

• Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)

• Hackers have found a sneaky new way to spy on iPhone users — here’s how | Tom's Guide (tomsguide.com)

• SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)

• Trojan-Proxy Threat Expands Across macOS, Android and Windows - Infosecurity Magazine (infosecurity-magazine.com)

• Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)

• Apple and some Linux distros are open to Bluetooth attack • The Register

Denial of Service/DoS/DDOS

• ENISA published ENISA Threat Landscape for DoS Attacks (securityaffairs.com)

Internet of Things – IoT

• EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)

• Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)

• The importance of Cyber Secure EV Charging stations – making the connection more secure (csl-group.com)

Data Breaches/Leaks

• 23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch

• After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica

• 23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)

• 23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch

• 23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)

• Data breach debacle hits yet another UK public sector org • The Register

• Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)

• Ninety Percent of Energy Companies Suffer Supplier Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Blue Shield of California customer data stolen in cyber attack | Tacoma News Tribune (thenewstribune.com)

• Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)

• Hershey warns of data breach following phishing attack (therecord.media)

• Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)

• GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)

• Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)

• Millions of patient scans and health records spilling online thanks to decades-old protocol bug | TechCrunch

Organised Crime & Criminal Actors

• Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)

• Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)

• Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)

• Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Insider Risk and Insider Threats

• Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defence' (thehackernews.com)

Insurance

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)

• Brokers urged to deliver cyber threat message (emergingrisks.co.uk)

• Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra

Supply Chain and Third Parties

• Third-party breaches shake the foundations of the energy sector - Help Net Security

• Thousands of house purchases frozen by cyber attack and so will they complete before Christmas? - Property Industry Eye

• Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)

• 60 US credit unions offline after cloud ransomware infection • The Register

• How TUI Group Strengthened its Third-Party Risk Management - Infosecurity Magazine (infosecurity-magazine.com)

• Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)

• What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar

• Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek

• BlackCat threatens to directly extort vendor's customers • The Register

Cloud/SaaS

• 60 US credit unions offline after cloud ransomware infection • The Register

• Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)

• Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)

• More oversight needed for cloud in banking, say regulators - Tech Monitor

• How can SMBs protect against fraud in the cloud? | ITPro

Encryption

• Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)

• HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek

Linux and Open Source

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)

• Apple and some Linux distros are open to Bluetooth attack • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 75% of sports-related passwords are reused across accounts | Security Magazine

• New Relic admits attack on staging systems, user accounts • The Register

• After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica

• 23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)

• Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)

• Top mobile password managers could be exposing user details | TechRadar

Malvertising

• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)

Training, Education and Awareness

• Are companies falling behind on cyber security awareness training? | CTV News

Regulations, Fines and Legislation

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines - Infosecurity Magazine (infosecurity-magazine.com)

• EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)

• SEC Cyber Security Rules Go Live in Days. Companies Still Aren't Sure What to Expect | Corporate Counsel (law.com)

• More oversight needed for cloud in banking, say regulators - Tech Monitor

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek

• SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)

Models, Frameworks and Standards

• NIST Cyber Security Framework Update – Adding the Sixth Pillar - ClearanceJobs

Data Protection

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Alert fatigue puts pressure on security and development teams - Help Net Security

Law Enforcement Action and Take Downs

• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)

• Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Exploring the impact of generative AI in the 2024 presidential election - Help Net Security

• Russian AI-generated propaganda struggles to find an audience  | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Deputy Prime Minister speech on cyber operations - GOV.UK (www.gov.uk)

• Establishing New Rules for Cyber Warfare (darkreading.com)

• Cyber Security: The Fifth Battlefield (forbes.com)

• 10 Of The Most Advanced Cyber Warfare Tools (slashgear.com)

Nation State Actors

China

• Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor

• Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)

• UK government denies China/Russia nuke plant hack claim • The Register

Russia

• Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News

• NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly

• UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)

• 2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)

• Russian hackers have plenty of data left to leak - and the timing could be a serious problem | Science & Tech News | Sky News

• Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)

• Fancy Bear goes phishing in US, European high-value networks • The Register

• This huge Russian phishing campaign is hitting targets across the world | TechRadar

• Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)

• Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)

• Russian hackers accused of targeting US intelligence community with spear phishing campaign - CBS News

• Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)

• Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability (thehackernews.com)

Iran

• Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek

• US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg

• Iranian hackers attempt to damage critical infrastructure through Israeli Unitronics | Ctech (calcalistech.com)

North Korea

• North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)

• S.Korea, US, Japan hold 1st trilateral working-level talks on N.Korea's cyber threats | MorungExpress | morungexpress.com

• North Korean hackers stole anti-aircraft system data from South Korean firm (therecord.media)

• $10 million up for grabs in fight against North Korean hackers (bitdefender.com)

Vulnerability Management

• CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch

• CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop

• Key drivers of software security for financial services - Help Net Security

• 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities | CSO Online

Vulnerabilities

• 20,000 Microsoft Exchange servers have reached end-of-life and are vulnerable to attack | SC Media (scmagazine.com)

• Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)

• Quick: Update iPhones and Macs – WebKit security hole found • The Register

• VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)

• Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)

• Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)

• December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)

• 94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek

• Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)

• Chrome 120 launches with security updates, password sharing and automatic Safety Checks - gHacks Tech News

• Atlassian reveals four fresh critical flaws • The Register

• Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)

• Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop

• Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek

Tools and Controls

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• How to recover systems in the event of a cyber attack | Computer Weekly

• Five tips for recovering | Professional Security

• How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)

• 78% of CISOs Concerned About AppSec Manageability - Infosecurity Magazine (infosecurity-magazine.com)

• How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget

• Why you should create a physical security standard for your company (securitybrief.co.nz)

• Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard

• Comparing SOAR and XDR for MSSPs | MSSP Alert

• The reality behind bypassing EDR attempts | TechTarget

• New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek

• Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)

• Maximizing cyber security on a budget - Help Net Security

• Modern Attack Surface Management for CISOs (trendmicro.com)

• Brokers urged to deliver cyber threat message (emergingrisks.co.uk)

• Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online

• Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia

• Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)

• When Should You Replace A Cyber Security Vendor? (forbes.com)

• Are companies falling behind on cyber security awareness training? | CTV News

Other News

• NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review

• Ofcom publishes UK age verification proposals • The Register

• Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek

• US aerospace companies are facing dangerous new cyber attacks | TechRadar

• Cyber security: MEPs back plans to increase cooperation against threats | News | European Parliament (europa.eu)

• Report reveals sorry state of cyber security at UK football clubs | Computer Weekly

• Porn Age Checks Threaten Security and Privacy, Report Warns - Infosecurity Magazine (infosecurity-magazine.com)

• 2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)

• Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)

• Mayor of London funds cyber crime service | UKAuthority

• The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag

• Public sector has misplaced confidence in cyber security (securitybrief.co.nz)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.