Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

• Why governance, risk, and compliance must be integrated with cyber security | CSO Online

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)

• Beating the drum on cyber risk: the battle for boardroom attention - Risk.net

• What is cyber hygiene and why businesses should know about it - Security Boulevard

• Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard

• What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)

• Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)

• Essential Guide To Information Security Compliance (informationsecuritybuzz.com)

• Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)

• The CISO: 2024’s Most Important C-Suite Officer (forbes.com)

• UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)

• How to Prioritize Cyber Security Spending: A Risk-Based Strategy for the Highest ROI (thehackernews.com)

• Cyber security 'blind spot' leaves businesses exposed - Accountancy Age

• MTTR: The Most Important Security Metric (darkreading.com)

• Building Your Cyber Incident Response Team - Security Boulevard

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• AWS on why CISOs should track 'the metric of no' | TechTarget

• 2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey (databreaches.net)

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying - Infosecurity Magazine (infosecurity-magazine.com)

• 69% of Organisations Infected by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)

• What CISOs Need To Know About The Lockbit Takedown - Security Boulevard

• Ransomware crews lean into infostealers for initial access • The Register

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Do ransomware attackers keep their word? - TechCentral.ie

• What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg

• Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)

• FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)

• What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future

• 3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)

• What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)

• Cyber criminals follow the money to hit manufacturing sector • The Register

• Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)

Ransomware Victims

• Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week

• Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)

• Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)

• Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)

• Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie

• Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)

• German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week

• US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)

• MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)

Phishing & Email Based Attacks

• European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar

• Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)

• Unmasking 2024's Email Security Landscape (securityaffairs.com)

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot

Other Social Engineering

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• How to stay safe from cyber criminal "quishing" attacks | TechRadar

• Scammers Often Rely on This Psychological Trick | TIME

Artificial Intelligence

• Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune

• AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• AI in cyber security presents a complex duality - Help Net Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

• BEAST AI attack can break LLM guardrails in a minute • The Register

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

• Ransomware crews lean into infostealers for initial access • The Register

• BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)

• GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

• Pikabot returns with new tricks up its sleeve - Help Net Security

• TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Cloud-focused malware campaigns on the increase (betanews.com)

• Hackers are infecting Macs with malware using calendar invites and meeting links | Tom's Guide (tomsguide.com)

• New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)

Mobile

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)

• Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)

Denial of Service/DoS/DDOS

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• DDoS attacks against web apps and APIs surge (betanews.com)

Internet of Things – IoT

• Half of IT Leaders Identify IoT as Security Weak Point - Infosecurity Magazine (infosecurity-magazine.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

Data Breaches/Leaks

• U-Haul says 67K customers' data was stolen in cyber attack • The Register

• Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar

Organised Crime & Criminal Actors

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• 8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)

• It’s only February and cyber crime is already running rampant (techinformed.com)

• Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)

• How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

Insider Risk and Insider Threats

• US man accused of making $1.8m from listening in on wife’s remote work calls | Securities and Exchange Commission | The Guardian

• Are remote workers at greater risk of cyber security threats? | TechRadar

• Over Half of UK Firms Concerned About Insider Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding employees' motivations behind risky actions - Help Net Security

• The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)

Insurance

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• A Cyber Insurance Backstop - Schneier on Security

Supply Chain and Third Parties

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• 98% of businesses linked to breached third parties - Help Net Security

Cloud/SaaS

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• CIOs rethink all-in cloud strategies | CIO

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

• Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert

• Cloud-focused malware campaigns on the increase (betanews.com)

Identity and Access Management

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)

Linux and Open Source

• From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

Social Media

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

Malvertising

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

• Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)

Training, Education and Awareness

• Cyber awareness education is a change-management initiative | CSO Online

• Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)

• 4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)

• Creating a cyber security training curriculum for SMBs and MSPs | TechRadar

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

Regulations, Fines and Legislation

• 81% of security leaders predict SEC rules will impact their businesses | Security Magazine

• Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)

• Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard

• NIST Publishes Final “Cyber Security Resource Guide” on Implementing the HIPAA Security Rule | Foley & Lardner LLP - JDSupra

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Backup and Recovery

• MTTR: The Most Important Security Metric (darkreading.com)

Models, Frameworks and Standards

• NIST CSF 2.0 released, to help all organisations, not just those in critical infrastructure - Help Net Security

• NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert

• Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)

• Preparing for the NIS2 Directive - Help Net Security

Data Protection

• UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• A Perfect Cyber Storm is Leading to Burnout | Network Computing

• The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)

• Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard

Law Enforcement Action and Take Downs

• Is the LockBit gang resuming its operation? (securityaffairs.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• US leading global alliance to counter foreign government disinformation | Cyberwar | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 15 Countries with Cyber Warfare Capabilities (yahoo.com)

• Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review

• When Hackers Are Hacked, A Chinese Spy Story - Worldcrunch

• Chinese Cyber Attacks:A 12-month Outlook (greydynamics.com)

• Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)

• The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

• Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

Russia

• Two Years On: How Ukraine's Cyber Warfront Is Redefining Global Cyber Security Strategies | HackerNoon

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia may have just carried out its first direct action against the West (yahoo.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• Ukraine signs security deals with Western allies to help counter Russian cyber attacks (therecord.media)

• Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies (therecord.media)

• Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

• Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

• Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (therecord.media)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

• Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

Iran

• Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defence Sectors (thehackernews.com)

North Korea

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

Vulnerability Management

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• CVE count set to rise by 25% in 2024 - Help Net Security

• Most Commercial Code Contains High-Risk Open Source Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• The rising threat of zero-day attacks | Security Magazine

Vulnerabilities

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)

• One of Apple's best iOS productivity tools had a pretty concerning security flaw, so patch now | TechRadar

• Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

• MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)

• Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)

• Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop

• Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)

Tools and Controls

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Cyber awareness education is a change-management initiative | CSO Online

• Why Cyber Security Must Include Protective DNS (hyas.com)

• Championing ethical hackers: a vital defence for the financial industry during turbulent times (finextra.com)

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard

• APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• MTTR: The Most Important Security Metric (darkreading.com)

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week

• Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)

• Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)

Reports Published in the Last Week

• A Comparative Study on Cyber Risk: Business vs. Security Perspectives (inforisktoday.com)

• Cyber threat landscape report | Professional Security

• Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE

Other News

• Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)

• IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)

• It's time to stop trusting your antivirus software | Digital Trends

• Three new advanced threat groups targeted industrial organisations last year | CSO Online

• What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard

• Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)

• Why Health Care Is Top Target for Cyber Criminals (govtech.com)

• RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)

• Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• How to Keep Cyber Attacks from Tanking Your Balance Sheet

According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.

The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.

When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.

https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet

• Company Size Doesn’t Matter When It Comes to Cyber Attacks

65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).

Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.

https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

• ‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.

Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.”  Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.

https://www.thetimes.co.uk/article/exceptional-cyberattacks-now-normal-says-bt-security-chief-nd2kfp3gc

• How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.

Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.

Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.

https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/

• Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.

In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.

https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/

• Don't be Polite When you Get a Text from a Wrong Number

You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.

https://www.kens5.com/article/money/consumer/wrong-number-text-messages/273-c94cd68b-6117-4add-bf16-e010f7e16726

• Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.

The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.

https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.

This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.

https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season

• Organisations Spend 100 Hours Battling Post-Delivery Email Threats

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.

Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.

https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/

• Ransomware Gangs Adopting Business-like Practices to Boost Profits

Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.

The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.

https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/

• The Sobering Truth about Ransomware—for the 80% Who Paid Up

Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.

Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.

Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.

https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up 

• The Great CISO Resignation: Why Security Leaders are Quitting in Droves

With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.

This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?

https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05/

• When is it Time for a Cyber Hygiene Audit?

Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.

Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.

An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.

https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html

Governance, Risk and Compliance

• Company size doesn't matter when it comes to cyber attacks - Help Net Security

• How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The great CISO resignation: Why security leaders are quitting in droves - SDxCentral

• ‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)

• Breaking Enterprise Silos and Improving Protection – Security Week

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Attackers leave organisations with no recovery option - Help Net Security

• Ransomware Gangs Adopting Business-like Practices to Boost Profits - Infosecurity Magazine (infosecurity-magazine.com)

• The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)

• Rogue IT security worker failed to cover his tracks | Tripwire

• Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week

• The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)

• Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment

• AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)

• BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)

• BlackCat claims the hack of the Casepoint legal technology platform used by US agencies - Security Affairs

• Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)

• Fighting ransomware: Perspectives from cyber security professionals - Help Net Security

Ransomware Victims

• New York county still dealing with ransomware 8 months later • The Register

• ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week

• MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)

• Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)

• Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability

Phishing & Email Based Attacks

• Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security

• Organisations spend 100 hours battling post-delivery email threats - Help Net Security

• Phishing remained the top identity abuser in 2022: IDSA report | CSO Online

• DocuSign-themed email leads to script-based infection

• New phishing technique poses as a browser-based file archiver | CSO Online

• Nigerian Cyber crime Ring's Phishing Tactics Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)

• North Korean phishing gang stole rocket tech info • The Register

Artificial Intelligence

• AI is 'a nuclear bomb and the entire world has already got it,' Palantir ethics expert warns (yahoo.com)

• Artificial intelligence is similar extinction risk as nuclear war and pandemics, say experts | Science & Tech News | Sky News

• AI: War crimes evidence erased by social media platforms - BBC News

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)

• What not to share with ChatGPT if you use it for work | Mashable

• Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends

• Generative AI: The new attack vector for trust and safety - Help Net Security

• What are the concerns around AI and are some of the warnings 'baloney'? | Science & Tech News | Sky News

2FA/MFA

• PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com)

Malware

• QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

• DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)

• Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)

• Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)

• PyPI malware ramps up the threat to the code repository • The Register

• Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)

• Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Mobile

• Don't be polite when you get a text from a wrong number | kens5.com

• Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)

• Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)

• Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)

Botnets

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Threatening botnets can be created with little code experience… – Unified Networking (unifiedguru.com)

• What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)

• CAPTCHA-Breaking Services with Human Solvers Helping Cyber criminals Defeat Security (thehackernews.com)

Denial of Service/DoS/DDOS

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

Internet of Things – IoT

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• How Safe Is Your Wearable Device? (darkreading.com)

• Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)

• Solar panels vulnerable to hackers, concern for network security - DutchNews.nl

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)

• Dutch watchdog looking into alleged Tesla data breach | Reuters

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• The root causes of API incidents and data breaches - Help Net Security

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Retailer Database Error Leaks Over One Million Customer Records - Infosecurity Magazine (infosecurity-magazine.com)

• Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs

Organised Crime & Criminal Actors

• Types of Cyber Crime: A Comprehensive Guide to Uncover and Prevent Digital Attacks - Security Boulevard

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

• What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online

• New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)

• Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)

Insider Risk and Insider Threats

• Report: ‘massive’ Tesla leak reveals data breaches, thousands of safety complaints | Tesla | The Guardian

• Rogue IT security worker failed to cover his tracks | Tripwire

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Fraud, Scams & Financial Crime

• Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

Insurance

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)

Dark Web

• The Dark Web: Exploring the Hidden Internet | TechSpot

Supply Chain and Third Parties

• Capita cyber attack: 90 organisations report data breaches | Capita | The Guardian

• Cyber Actors Impact Daily Life in Attacks on Critical Infrastructure, Supply Chains, Report Says - MSSP Alert

Software Supply Chain

• CISO-approved strategies for software supply chain security - Help Net Security

• Where SBOMs Stand Today (darkreading.com)

Cloud/SaaS

• One of Microsoft Azure's top tools has a serious security flaw | TechRadar

• Top public cloud security concerns for the media and entertainment industry - Help Net Security

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Why organisations should adopt a cloud cyber security framework - Help Net Security

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

• Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace (darkreading.com)

Hybrid/Remote Working

• Navigating cyber security in the age of remote work - Help Net Security

Shadow IT

• The shadow IT fight — 2023 style | Computerworld

Identity and Access Management

• Digital nomads drive changes in identity verification - Help Net Security

Encryption

• After 28 years, SSLv2 is still not gone from the internet... but we're getting there

API

• The root causes of API incidents and data breaches - Help Net Security

Open Source

• 2 Lenses for Examining the Safety of Open Source Software (darkreading.com)

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Passwords, Credential Stuffing & Brute Force Attacks

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Swiss real estate agency Neho fails to put a password on its systems - Security Affairs

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

Social Media

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• Twitter pulls out of voluntary EU disinformation code - BBC News

• AI: War crimes evidence erased by social media platforms - BBC News

Malvertising

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

Training, Education and Awareness

• Building an Effective Cyber security Training Program (hbr.org)

Travel

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)

• US court finds that border phone searches need a warrant • The Register

Parental Controls and Child Safety

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Regulations, Fines and Legislation

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

• Netflix warns it may remove content from UK catalogue over government media bill | The Independent

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Models, Frameworks and Standards

• Why organisations should adopt a cloud cyber security framework - Help Net Security

Data Protection

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

Careers, Working in Cyber and Information Security

• Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)

• Managing mental health in cyber security - Help Net Security

• ISACA pledges to help grow cyber security workforce in Europe | CSO Online

Law Enforcement Action and Take Downs

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

Privacy, Surveillance and Mass Monitoring

• The answer to the FBI's advanced persistent threat • The Register

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Twitter pulls out of voluntary EU disinformation code - BBC News

• The 2024 race promises to be 'very, very active' in terms of foreign and domestic meddling, says former CISA chief | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine war blurs lines between cyber crims and state hacks • The Register

• Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED

• Chinese State-Backed Cyber Operatives Threaten Critical Infrastructure in Espionage Campaign - MSSP Alert

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Predator may have more spyware capabilities than we know • The Register

• Cyber Army! US Mulls Creating A New Military Unit That Can 'Track & Whack' Chinese, Russian Aggression (eurasiantimes.com)

• Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)

• Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• AI: War crimes evidence erased by social media platforms - BBC News

Nation State Actors

• How APTs target SMBs - Help Net Security

• Chinese hackers seeking ways to cripple infrastructure 'likely to have targeted UK operators' (inews.co.uk)

• China hacking Guam: Can the US stop foreign cyber attacks? | The Week

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• Investigation Launched After London City Airport Website Hacked (simpleflying.com)

• Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times

• North Korea says spy satellite launch crashed into sea - BBC News

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)

• The next Chinese tech threat is already here | The Spectator

• North Korean phishing gang stole rocket tech info • The Register

• North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Vulnerability Management

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• 3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them (thehackernews.com)

• Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)

Vulnerabilities

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Zero-day vulnerability in MoveIt Transfer under attack | TechTarget

• Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)

• Chrome 114 Released With 18 Security Fixes – Security Week

• WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)

• WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)

• Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)

• Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security

• Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)

• Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

• Barracuda Email Security Gateway under active attack • The Register

• MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)

• FTC accuses Amazon of nightmare IoT security fails • The Register

• Critical Vulnerabilities Found in Faronics Education Software – Security Week

Tools and Controls

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• 6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cyber crime (thehackernews.com)

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• Digital nomads drive changes in identity verification - Help Net Security

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• The Top 10 endpoint security challenges and how to overcome them | VentureBeat

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Disaster recovery challenges enterprise CISOs face - Help Net Security

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru

Reports Published in the Last Week

• Global Threat Intelligence Report April (blackberry.com)

• Top Cyber attacks Revealed in New Threat Intelligence Report (darkreading.com)

Other News

• Undetected Attacks Against Middle East Targets Conducted Since 2020 (darkreading.com)

• 8 best practices for securing your Mac from hackers in 2023 (techrepublic.com)

• Hot Pixels attack checks CPU temp, power changes to steal data (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

• Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

• SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

• IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

• Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

• Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

• Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

• Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

• Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

• Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Governance, Risk and Compliance

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)

• Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times

• Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)

• Cyber Defence: Council conclusions stress the importance of further strengthening the EU resilience to face cyber threats - Consilium (europa.eu)

• 5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)

• Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek

• The biggest threats are always those we fail to predict - Big Think

• How continuous security monitoring is changing the compliance game - Help Net Security

• Forrester predicts 2023's top cyber security threats: From generative AI to geopolitical tensions | VentureBeat

• 50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy - Infosecurity Magazine (infosecurity-magazine.com)

• Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)

Threats

Ransomware, Extortion and Destructive Attacks

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Backup Repositories Targeted in 93% of Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)

• FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs

• Fortinet survey finds 78% of organisations felt prepared for ransomware attacks, yet half still fell victim | ITWeb

• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)

• Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims

• Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget

• The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)

• US saw 45% fewer ransomware victims posted on the dark web | Security Magazine

• BlackCat ransomware takes control of protected computers via new kernel driver | SC Media (scmagazine.com)

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)

• Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)

Ransomware Victims

• Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek

• Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million - Security Affairs

• Iowa hospital discloses breach following Royal ransomware leak | TechTarget

• Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)

• Mazars Group allegedly breached by BlackCat | Cybernews

• Dish Network says February ransomware attack impacted +300K - Security Affairs

• Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register

• Dorchester school IT system held to ransom in cyber attack - BBC News

• BlackByte lists city of Augusta after cyber 'incident' • The Register

Phishing & Email Based Attacks

• Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)

• Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• Threat actors exploit new channels for advanced phishing attacks - Help Net Security

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Phishing campaign targets ChatGPT users - Help Net Security

BEC – Business Email Compromise

• Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog

• Microsoft reports jump in business email compromise activity | CSO Online

• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool (darkreading.com)

Artificial Intelligence

• Employees are banned from using ChatGPT at these companies | Fortune

• When the tech boys start asking for new regulations, you know something’s up | John Naughton | The Guardian

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• 6 ChatGPT risks for legal and compliance leaders - Help Net Security

• 5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

• How to avoid shadow AI in your SOC - Help Net Security

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets ChatGPT users - Help Net Security

• The Security Hole at the Heart of ChatGPT and Bing | WIRED UK

2FA/MFA

• Cyber criminals masquerading as MFA vendors - Help Net Security

Malware

• New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)

• Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)

• Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Threat actors leverage kernel drivers in new attacks | TechTarget

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Google Unveils Bug Bounty Program For Android Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Botnets

• How smart bots are infecting and exploiting the internet - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Denial of Service/DoS/DDOS

• Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry (thehackernews.com)

Internet of Things – IoT

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• How Connected Car Cyber Risk will Evolve (trendmicro.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

Data Breaches/Leaks

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)

• Hackers steal the SSN of nearly 6 million people (pandasecurity.com)

• Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek

Organised Crime & Criminal Actors

• Inside the Mind of a Cyber Attacker | Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know

• IT employee piggybacked on cyber attack for personal gain - Help Net Security

• Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• Cyber criminals masquerading as MFA vendors - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

Insider Risk and Insider Threats

• How to prevent against the 5 main types of insider threats - IT Security Guru

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)

• Uncle Sam tries to wrangle 'money mules' • The Register

• Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Ads for lucrative jobs in Asia may be tech slavery scams • The Register

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Banking, tech and telecoms groups combine to gather intelligence on scammers | Financial Times (ft.com)

Supply Chain and Third Parties

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC

Software Supply Chain

• GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)

Cloud/SaaS

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)

Attack Surface Management

• The Need to Isolate Branch Offices in High-Risk Countries (darkreading.com)

Identity and Access Management

• 7 access management challenges during M&A - Help Net Security

• Think security first when switching from traditional Active Directory to Azure AD | CSO Online

Encryption

• Quantum attack would trigger Great Depression, think tank warns | SC Media (scmagazine.com)

API

• API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• What is API Security? | Definition from TechTarget

• The fragmented nature of API security ownership - Help Net Security

Open Source

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inactive accounts pose significant account takeover security risks | CSO Online

• What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)

• Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)

Biometrics

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Social Media

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

Training, Education and Awareness

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Realistic simulations are transforming cyber security training - Help Net Security

Travel

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Four ways your devices can be hacked in hotels and how to stay safe | This is Money

• Tips to Protect Against Holiday and Airline Scams - IT Security Guru

Parental Controls and Child Safety

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Regulations, Fines and Legislation

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

Models, Frameworks and Standards

• NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)

• New security model launched to eliminate 95% of cyber breaches - IT Security Guru

Backup and Recovery

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

Data Protection

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How to become a bug bounty hunter: Getting started | TechTarget

Law Enforcement Action and Take Downs

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

Privacy, Surveillance and Mass Monitoring

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• UK police to 'embed' facial recog but oversight is at risk • The Register

• Abuse of government spying powers: What's to worry about? • The Register

• Reflections on Ten Years Past The Snowden Revelations (ietf.org)

Misinformation, Disinformation and Propaganda

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Opinion: Cyber war and (no) peace (insuranceinsider.com)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• What’s Russia Planning? (informationsecuritybuzz.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• What’s Russia Planning? (informationsecuritybuzz.com)

• United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Nation State Actors

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)

• SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• GoldenJackal: Threat Risk For Organisations In Middle East & South Asia (informationsecuritybuzz.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (thehackernews.com)

• Fata Morgana Watering Hole Attack Targets Shipping, Logistics Firms - Infosecurity Magazine (infosecurity-magazine.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• Five Eyes and Microsoft accuse China US infrastructure raids • The Register

• Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security

• Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)

• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)

Vulnerability Management

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Fresh perspectives needed to manage growing vulnerabilities - Help Net Security

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• How to check for new exploits in real time? VulnCheck has an answer | CSO Online

Vulnerabilities

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites (searchenginejournal.com)

• Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)

• Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)

• Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)

• Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)

• GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)

• 83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)

• CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs

• Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security

• Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Tools and Controls

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• CMOs & CISOs: Uniting for Stronger Brands (cmswire.com)

• Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• How continuous security monitoring is changing the compliance game - Help Net Security

• Blacklist untrustworthy apps that peek behind your firewall - Help Net Security

• How generative AI is reshaping the identity verification landscape - Help Net Security

• What is API Security? | Definition from TechTarget

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• The fragmented nature of API security ownership - Help Net Security

• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)

• Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• 6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Attributes of a mature cyber-threat intelligence program | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats

Across all sectors employees are feeling the ramifications of economic uncertainty, coupled with ransomware attacks continuing to evolve and become more sophisticated, and with this, cyber crime gangs are increasing their recruitment efforts. All the while, the cyber security skills gap persists and continues to widen for most organisations. This has the potential to create a perfect storm in terms of insider threats.

Insider threats can be malicious or unintentional, and they might come from current or former employees, business partners, board members or consultants. A recent report found that the past two years have seen a 44% rise in insider incidents. There is no quick fix to solve the insider threat problem. At a time when many businesses are struggling with visibility issues brought on by digital transformation and vendor sprawl, what’s needed is planning. Reducing the risk associated with insider threats requires a multifaceted approach.

https://www.securityweek.com/triple-threat-insecure-economy-cybercrime-recruitment-and-insider-threats/

• Ensuring Security Remains/Becomes Everyone’s Responsibility

In the same way as organisations believe that everyone is somewhat responsible for keeping costs reasonable, why would an organisation not think the same of cyber security, especially as cyber security is not just a technology problem: it is a business problem. One of the best methods for ensuring that security is everyone’s responsibility is to make cyber a top-down issue, with the board and C-suite setting the tone for security; they should provide clear direction and guidance, prioritising security as a business objective.

Other methods that can help ensure security as everyone’s responsibility include integrating it into the functions of roles, creating a security culture, providing awareness and training and rewarding employees for responses such as reporting phishing attacks.

https://cisoseries.com/20-ways-to-ensure-security-remains-becomes-everyones-responsibility/

• Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.

According to the survey by Barracuda Networks, 77% of organisations with cyber insurance were hit at least once, compared to 65% without insurance. Of those with insurance, 39% paid the ransom. Worryingly, the survey found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay the ransom, and less likely to use backup systems to help them recover.

https://www.csoonline.com/article/3696350/insured-companies-more-likely-to-be-ransomware-victims-sometimes-more-than-once.html

• Software Supply Chain Attacks Hit 61% of Firms

More than three-fifths (61%) of businesses have been directly impacted by a software supply chain threat over the past year, according to a new report. The report pointed to open source software as a key source of supply chain risk. Open source is now used by 94% of companies in some form, with over half (57%) using multiple open source platforms, the report revealed.

Organisations may be putting themselves at further risk by not having a full view of the software which is used within their corporate environment. One of the first things an organisation seeking to reduce their risk of a software supply chain attack should do is to understand their attack surface and maintain a record of the software which they use.

https://www.infosecurity-magazine.com/news/software-supply-chain-attacks-hit/

• More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees

In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financial, retailing and media, researchers analysed 2.27 billion exposed dark web assets. These assets included more than 423 million records containing personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.  

Additional findings include 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords, and a 62% re-use rate of passwords amongst Fortune 1000 employees. Whilst the research focuses on Fortune 1000 employees, it is unlikely that these are the only employees who are exposed on the dark web. Organisations should be aware of how such PII could include their own employees, and how to avoid password re-use in the corporate environment.

https://www.msspalert.com/cybersecurity-research/more-than-2-25-million-exposed-assets-on-the-dark-web-tied-to-fortune-1000-employees/

• Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot

Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cyber criminals, but challenges for defenders remain. It can seem like cyber criminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. With such pressure, financially motivated threat actors are pivoting to crimes that have a higher rate of success, such as selling data instead of extorting, and romance scams and pig butchering (building rapport and trust with victims over time only to steal from them) are replacing the old get-rich schemes.

https://www.csoonline.com/article/3696748/law-enforcement-crackdowns-and-new-techniques-are-forcing-cybercriminals-to-pivot.html

• Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table

Cyber security is no longer a fringe issue for businesses. What was once a siloed function is now woven into the fabric of any successful business. Any business still treating its cyber security initiatives as a side project is setting itself up to fail. The US Securities and Exchange Commission (SEC) has laid to rest any doubts about the importance of cyber security with new regulations around how boards of directors should approach it. The regulations, which are in the process of being finalised, will require companies to openly report any serious cyber security attack and explain who on their board is responsible for dealing with it. The regulations also will require businesses to include board of directors' cyber security experience and credentials as part of any public disclosure.

https://www.darkreading.com/vulnerabilities-threats/talking-security-strategy-cybersecurity-has-a-seat-at-the-boardroom-table

• How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response

Incident response rehearsals and readiness exercises can aid organisations by identifying security gaps, testing communications in the event of a cyber attack, and understanding roles in reducing response times. All of which benefits the business objectives of the organisation.

The importance for organisations to understand who their adversaries are and how they operate against their enterprise environments cannot be overstated. An organisation's approach to cyber security testing and resilience improvements in the face of an increasingly volatile threat landscape must be underpinned around this perspective.

Rehearsals should look to leverage scenarios based on evolving and emerging attacker techniques, tactics and procedures (TTPs), with different levels of complexity; this allows an organisation to constantly sharpen their technique and update rehearsals to reflect the current attack environment. These TTPs should be driven by an intelligence-led and risk-based approach. Additionally, organisations need to set metrics for understanding the results of rehearsals, which in turn should be used in established feedback channels to drive improvement in the organisation’s incident response.

https://www.darkreading.com/edge-articles/5-ways-security-testing-can-aid-incident-response 

• Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information

The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, Kaspersky said in a new report.

Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores. The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.

https://www.msspalert.com/cybersecurity-research/ransomwares-real-goals-are-exploit-internet-facing-apps-mine-intellectual-property-grab-sensitive-info/

• Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats

A steady increase in cyber attacks and an evolving threat landscape are resulting in more organisations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according to Immersive Labs. The report found that while 86% of organisations have a cyber resilience program, 52% of respondents say their organisation lacks a comprehensive approach to assessing cyber resilience.

Organisations have taken steps to deploy cyber resilience programs; however, 53% of respondents indicate the organisation’s workforce is not well-prepared for the next cyber attack and just over half say they lack a comprehensive approach to assessing cyber resilience. These statistics indicate that although cyber resilience is a priority and programs are in place, their current structure and training are ineffective.

https://www.helpnetsecurity.com/2023/05/18/cyber-resilience-programs-shortcomings/

• Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation

Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. The fraud attempt begins with an email containing a payment request for a fake invoice. The recipient, an employee in a company’s finance department, reads the email and checks who sent it. The sender’s email address looks like it belongs to one of the company’s trusted vendors, and the VP of Finance has been CC-ed. Soon after, the “VP of Finance” replies to the email thread, and asks the employee (by name) to pay this at the earliest convenience.

Most organisations view social engineering methods as a one step process; however, threat actors are employing multiple layers. In this case, adding management to increase authenticity. Businesses looking to bolster their resilience should look to ensure that these kinds of attacks are addressed in their organisation’s user education and awareness training.

https://www.helpnetsecurity.com/2023/05/16/payment-request-fraud/

• Capita Warns Customers They Should Assume Data was Stolen

Outsourcing giant Capita is warning customers to assume that their data was stolen in a cyber attack that affected its systems in early April. This includes the Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, which holds pensions of over 500,000 individuals. A total of 350 UK corporate retirement schemes are believed to be impacted. The cyber attack, originally described to be a technical problem, has been reported to the UK’s Information Commissioner’s Office.

https://www.bleepingcomputer.com/news/security/capita-warns-customers-they-should-assume-data-was-stolen/

Governance, Risk and Compliance

• Cyber security Often Overlooked as Key Factor for Business Success, New Study Says - MSSP Alert

• Cyber Risk Management in 2023: The People Element (trendmicro.com)

• Is Your Cyber security “Too” Good? (securityintelligence.com)

• Cyber risk: Can banks win the arms race? | Financial Times (ft.com)

• Security breaches push digital trust to the fore | CSO Online

• Cyber-Resilience Programs Failing on Poor Visibility - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security Testing Can Aid Incident Response (darkreading.com)

• Organisations reporting cyber resilience are hardly resilient: Study | CSO Online

• Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security

• Keeping a competitive edge in the cyber security ‘game’ | CyberScoop

• UK NCSC, ICO debunk 6 cyber attack reporting myths | CSO Online

• An Executive's Guide To The Cyber crime Underground (forbes.com)

• Accelerating Security Risk Management (trendmicro.com)

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• 20 Ways to Ensure Security Remains/Becomes Everyone’s Responsibility (cisoseries.com)

• Talking Security Strategy: Cyber security Has a Seat at the Boardroom Table (darkreading.com)

• ‘Attackers only have to get it right once’: how cyber security burst into the boardroom | Financial Times (ft.com)

• Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online

• Ransomware payments nearly double in one year | Cyber crime | The Guardian

• Ransomware’s Real Goals are Exploit Internet Facing Apps, Mine Intellectual Property, Grab Sensitive Info - MSSP Alert

• The Week in Ransomware - May 12th 2023 - New Gangs Emerge (bleepingcomputer.com)

• New trends in ransomware attacks shape the future of cyber security - Help Net Security

• Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol-Security Affairs

• Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability (thehackernews.com)

• ABB 'suffers cyber attack' by ransomware gang Black Basta (techmonitor.ai)

• Why Amazon S3 is a ransomware target and how to protect it | TechTarget

• Experts question San Bernardino's $1.1M ransom payment | TechTarget

• Manufacturers Targeted as Ransomware Victim Numbers Spike 27% - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware corrupts data, making restoration harder • The Register

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• VPN vulnerability linked to ransomware attack on Law Society: PDPC - CNA (channelnewsasia.com)

• New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems (thehackernews.com)

• Philadelphia Inquirer operations disrupted after cyber attack (bleepingcomputer.com)

• Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)

• New RA Group ransomware targets US orgs in double-extortion attacks (bleepingcomputer.com)

• Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)

• US Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator (thehackernews.com)

• Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyber attacks (darkreading.com)

• Qilin's Dark Web Ransomware Targets Critical Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware-as-a-service groups pay affiliates top dollar • The Register

• Russian ransomware affiliate charged with attacks on critical infrastructure (bleepingcomputer.com)

• This new ransomware group is targeting big businesses - here's what you need to know | TechRadar

• Warning Issued About BianLian Ransomware Attacks By CISA & FBI (informationsecuritybuzz.com)

• FBI confirms BianLian ransomware switch to extortion only attacks (bleepingcomputer.com)

• 'Strictly limit' remote desktop to avoid BianLian ransomware • The Register

• MalasLocker ransomware targets Zimbra servers, demands charity donation (bleepingcomputer.com)

• Russian national indicted for ransomware attacks against the US | CSO Online

• A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop

• Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - -Security Affairs-Security Affairs

Phishing & Email Based Attacks

• What the Email Security Landscape Looks Like in 2023-Security Affairs

• New Phishing-as-a-Service Platform Lets Cyber criminals Generate Convincing Phishing Pages (thehackernews.com)

• Ongoing Facebook phishing campaign without a sender and (almost) without links

• Google's .zip Top Level domain is already used in phishing attacks - gHacks Tech News

• New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)

• Exploring the tactics of phishing and scam websites in 2023 - Help Net Security

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security

• Insider threats surge across US CNI as attackers exploit human factors | CSO Online

• Microsoft Teams Features Amp Up Orgs' Cyber attack Exposure (darkreading.com)

• Social Engineering Risks Found in Microsoft Teams - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online

Artificial Intelligence

• 10 Types of AI Attacks CISOs Should Track (darkreading.com)

• New Google search tool will distinguish real images from AI-generated phonies | ZDNET

• AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert

• AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)

• Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France – Naked Security (sophos.com)

• Generative AI Empowers Users but Challenges Security (darkreading.com)

• ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence - SecurityWeek

• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Security Vulnerabilities of ChatGPT-Generated Code (trendmicro.com)

• 3 Ways Hackers Use ChatGPT to Cause Security Headaches (darkreading.com)

• ChatGPT is about to revolutionize cyber security | VentureBeat

• Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)

2FA/MFA

• The Ultimate Guide to Multi-Factor Authentication - Security Boulevard

Malware

• Microsoft is scanning the inside of password-protected zip files for malware | Ars Technica

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)

• Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• Lancefly APT Custom Backdoor Targets Government and Aviation Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• No more macros? No problem, say attackers, we'll adapt • The Register

• Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market - Infosecurity Magazine (infosecurity-magazine.com)

• The new info-stealing malware operations to watch out for (bleepingcomputer.com)

• DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)

• Stealthy MerDoor malware uncovered after five years of attacks (bleepingcomputer.com)

• Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems (thehackernews.com)

• New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)

• Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security

• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Once Again, Malware Discovered Hidden in npm (darkreading.com)

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Mobile

• Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cyber crime Enterprise (darkreading.com)

• Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)

• Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)

• Converso walks back E2EE claims, yanks app from stores • The Register

• OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users (thehackernews.com)

• Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek

• Millions of Smartphones Distributed Worldwide With Preinstalled 'Guerrilla' Malware - SecurityWeek

Botnets

• Beware Bots: Human Internet Traffic Dives to Lowest Level in Eight Years, New Report Finds - MSSP Alert

• Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs

• Bad bots are coming for APIs - Help Net Security

• Spanish cops arrest 69 in immigration bot scheme • The Register

Denial of Service/DoS/DDOS

• Polish news websites hit by DDoS attacks | Reuters

• Europe: The DDoS battlefield - Help Net Security

Internet of Things – IoT

• Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance (thehackernews.com)

• Why 2.4GHz Wi-Fi is both the savior and the scourge of the smart home - The Verge

• Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)

• Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)

• Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyber attacks (darkreading.com)

• Government Publishes Playbook to Enhance Smart City Security - Infosecurity Magazine (infosecurity-magazine.com)

• Is your car safe from a cyber attack? | E&T Magazine (theiet.org)

Data Breaches/Leaks

• UK's largest private pension scheme hit by Capita attack • The Register

• Capita warns customers they should assume data was stolen (bleepingcomputer.com)

• More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees - MSSP Alert

• MP’s laptop stolen from Welcome Break spot 'not covered by CCTV' | UK News | Metro News

• Discord discloses data breach after support agent got hacked (bleepingcomputer.com)

• Data of 237,000 US government employees breached - CNA (channelnewsasia.com)

• Toyota: Car location data of 2 million customers exposed for ten years (bleepingcomputer.com)

• Toyota's bungling of customer privacy is becoming a pattern • The Register

• Making Sure Lost Data Stays Lost (darkreading.com)

• WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers - SecurityWeek

• Personal info of 90k hikers leaked by French tourism company La Malle Postale-Security Affairs

• Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)

• Airline exposes passenger info to others due to a 'technical error' (bleepingcomputer.com)

• University admission platform exposed student passports-Security Affairs

• Millions of deleted files recovered in hard drives purchased online | TechRadar

Organised Crime & Criminal Actors

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• An Executive's Guide To The Cyber crime Underground (forbes.com)

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case (thehackernews.com)

• How Cyber criminals Adapted to Microsoft Blocking Macros by Default (darkreading.com)

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cyber crime Enterprise (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley

• Hacker admits he was connected to 'tens of thousands’ laptops to mine crypto (finbold.com)

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs

• North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters

• DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)

• Landmark crypto rules make exchanges liable for customer losses in EU | Ars Technica

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency (thehackernews.com)

Insider Risk and Insider Threats

• Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek

• Avoiding Reputational Damage By Conquering Insider Threats (informationsecuritybuzz.com)

• Insider threats surge across US CNI as attackers exploit human factors | CSO Online

• Ex-Apple engineer accused of stealing self-driving car secrets - BBC News

• Identity crimes: Too many victims, limited resources - Help Net Security

Fraud, Scams & Financial Crime

• Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security

• Exploring the tactics of phishing and scam websites in 2023 - Help Net Security

• Edinburgh coffee shop owner devastated after losing £100,000 life savings to cyber criminals in internet scam | Edinburgh News (scotsman.com)

• How To Avoid Mother's Day Scams By Protecting Your Purse And Heart (informationsecuritybuzz.com)

• US Says VoIP Firm Delivered Billions of Scam Robocalls - Infosecurity Magazine (infosecurity-magazine.com)

• Spanish cops arrest 69 in immigration bot scheme • The Register

• This Is Catfishing on an Industrial Scale | WIRED

• Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs

• 18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)

AML/CFT/Sanctions

• How China came to dominate the black market for money laundering (telegraph.co.uk)

Insurance

• Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online

Dark Web

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)

Supply Chain and Third Parties

• Capita warns customers they should assume data was stolen (bleepingcomputer.com)

• Capita hit by new data breach incident | Financial Times (ft.com)

• Another security calamity for Capita: Unsecured AWS bucket • The Register

• UK's largest private pension scheme hit by Capita attack • The Register

• Discord Informs Users of Data Breach Involving Customer Support Provider - SecurityWeek

• Preparing for federal supply chain security standardization - Help Net Security

Software Supply Chain

• Software Supply Chain Attacks Hit 61% of Firms - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Security experts share cloud auditing best practices | TechTarget

• Stop worrying about cloud-lock-in, and outages: Gartner • The Register

• Microsoft Azure VMs Hijacked in Cloud Cyber attack (darkreading.com)

• Why High Tech Companies Struggle with SaaS Security (thehackernews.com)

• Sticking to traditional security playbook is mistake for cloud security: Palo Alto Networks SVP (techrepublic.com)

• Capita hit by new data breach incident | Financial Times (ft.com)

• Why Amazon S3 is a ransomware target and how to protect it | TechTarget

• Microsoft lets Azure AD choose authentication method • The Register

Encryption

• Converso walks back E2EE claims, yanks app from stores • The Register

• Protect against current and future threats with encryption | TechTarget

API

• Bad bots are coming for APIs - Help Net Security

• Attack automation becomes a prevalent threat against APIs - Help Net Security

Open Source

• EU attempts to secure software could hurt open source • The Register

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)

• Malicious open-source components threatening digital infrastructure - Help Net Security

• Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop

• Enhancing open source security: Insights from the OpenSSF on addressing key challenges - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Time Taken For Hackers to Crack Passwords Revealed - IT Security Guru

• AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert

• Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica

• Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)

• KeePass 2.X Master Password Dumper allows retrieving the KeePass master password-Security Affairs

Social Media

• Former TikTok official says China had access to app data | Al Arabiya English

• Ongoing Facebook phishing campaign without a sender and (almost) without links

• Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News

• Twitter sued over Saudi spying that allegedly landed popular user in prison [Updated] | Ars Technica

Training, Education and Awareness

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

Parental Controls and Child Safety

• Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)

Regulations, Fines and Legislation

• EU attempts to secure software could hurt open source • The Register

• AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)

• ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence - SecurityWeek

• Preparing for federal supply chain security standardization - Help Net Security

Secure Disposal

• Making Sure Lost Data Stays Lost (darkreading.com)

• Millions of deleted files recovered in hard drives purchased online | TechRadar

Careers, Working in Cyber and Information Security

• How I Got Started: Offensive Security

• Open source and Linux skills are still in demand in a dark economy | ZDNET

• Top 10 Ideas for Addressing the Cyber security Skills Gap in 2023 (analyticsinsight.net)

• Google Cloud CISO on why the Google Cyber security Certificate matters - Help Net Security

• Improving cyber mindfulness - IT Security Guru

• The Future is (Cyber) Mindful - IT Security Guru

Law Enforcement Action and Take Downs

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Spanish cops arrest 69 in immigration bot scheme • The Register

• Identity crimes: Too many victims, limited resources - Help Net Security

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs

• 18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)

• Russian national indicted for ransomware attacks against the US | CSO Online

Privacy, Surveillance and Mass Monitoring

• The UK’s Secretive Web Surveillance Program Is Ramping Up | WIRED

• WhatsApp allows users to lock sensitive chats - Help Net Security

• Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)

• Google details its next steps for wiping out Chrome tracking cookies | Engadget

• Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France – Naked Security (sophos.com)

Misinformation, Disinformation and Propaganda

• Pakistan shut down the internet - but that didn't stop the protests - BBC News

• Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber Warfare Escalates Amid China-Taiwan Tensions - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (thehackernews.com)

• China's 'Satellite Killer' Spacecraft Threatens To Puncture US Military In Space By Crippling Its Recon, Navigation & EW Satellites

• President Zelensky imposes sanctions against the Russian IT sector-Security Affairs

• 4 Countries Join NATO Cyber Defence Center - SecurityWeek

Nation State Actors

• Former TikTok official says China had access to app data | Al Arabiya English

• Cyber Warfare Escalates Amid China-Taiwan Tensions - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (thehackernews.com)

• Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol-Security Affairs

• Gatewatcher unveils research into advanced persistent threats | Data Centre Solutions

• China's 'Satellite Killer' Spacecraft Threatens To Puncture US Military In Space By Crippling Its Recon, Navigation & EW Satellites

• How China came to dominate the black market for money laundering (telegraph.co.uk)

• Lancefly APT Custom Backdoor Targets Government and Aviation Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign (thehackernews.com)

• North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters

• Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)

• Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)

• Cyble — Cisco Routers Exploited by Russian State-Sponsored Attackers

• DOJ links Iran, China and Russia to five IP theft-related cases | SC Media (scmagazine.com)

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Vulnerability Management

• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica

• Remote updates on motherboards could lead to bricked servers • The Register

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Microsoft Advisories Are Getting Worse (darkreading.com)

• How to build a better vulnerability management program | TechTarget

• Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek

• How to Protect Your Organisation From Vulnerabilities (darkreading.com)

Vulnerabilities

• Hackers target Wordpress plugin flaw after PoC exploit released (bleepingcomputer.com)

• Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks (thehackernews.com)

• KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security

• Apple fixes three new zero-days exploited to hack iPhones, Macs (bleepingcomputer.com)

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)

• Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers - SecurityWeek

• CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface (paloaltonetworks.com)

• Arm confident Cortex-M is secure after side-channel attack • The Register

• Microsoft Follina Bug Is Back in Meme-Themed Cyber attacks Against Travel Orgs (darkreading.com)

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Remote updates on motherboards could lead to bricked servers • The Register

• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica

• Microsoft pulls Defender update fixing Windows LSA Protection bug (bleepingcomputer.com)

• WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities – WP Tavern

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency (thehackernews.com)

• Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities - SecurityWeek

Tools and Controls

• Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)

• Cyber-Resilience Programs Failing on Poor Visibility - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security Testing Can Aid Incident Response (darkreading.com)

• Organisations reporting cyber resilience are hardly resilient: Study | CSO Online

• Making Sure Lost Data Stays Lost (darkreading.com)

• Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica

• Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms – Zero-Day Zone (zerodayzone.com)

• The Ultimate Guide to Multi-Factor Authentication - Security Boulevard

• Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

• Protect against current and future threats with encryption | TechTarget

• Can AI Decision-Making Be Trusted for Cyber security? (analyticsinsight.net)

• 'Strictly limit' remote desktop to avoid BianLian ransomware • The Register

• Millions of deleted files recovered in hard drives purchased online | TechRadar

• Key Metrics In Evaluating DevOps Threat Matrix (informationsecuritybuzz.com)

• ChatGPT is about to revolutionize cyber security | VentureBeat

• A Requirements-Driven Approach to Cyber Threat Intelligence | Mandiant

• Embedding Security by Design: A Shared Responsibility (darkreading.com)

Reports Published in the Last Week

• UK Cyber security Landscape: challenges and opportunities | Expel

• Kaspersky Incident Response report 2022 | Securelist

• The State of Pentesting 2023 Report | Cobalt

• Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - -Security Affairs-Security Affairs

Other News

• Heightened cyber attacks threat before Council of Europe summit in Reykjavik – EURACTIV.com

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

• 12 common network protocols and their functions explained | TechTarget

• Pentagon Hacking Fears Fueled by Microsoft's Monopoly on Military IT (newsweek.com)

• Ukraine, Ireland, Japan and Iceland join NATO CCDCOE-Security Affairs

• Web entity activity reveals insights into internet security - Help Net Security

• Microsoft Security highlights from RSAC 2023 - Microsoft Security Blog

• Top 5 Cyber security Predictions and Statistics for 2023 (analyticsinsight.net)

• No more macros? No problem, say attackers, we'll adapt • The Register

• Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms – Zero-Day Zone (zerodayzone.com)

• Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online

• Rebinding Attacks Persist With Spotty Browser Defences (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

• Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

• Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

• Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

• Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

• 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

• 97% of organisations indicated they are experiencing private cloud problems.

• 75% have experienced a cyber security breach, threat and/or theft of data.

• 75% said shadow IT “impairs their ability to keep data secure.”

• 60% allow employees to download sensitive data to their personal devices.

• 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

• 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

• Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

• Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

• When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

• Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

• How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

• Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

• Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

• Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/

Threats

Ransomware, Extortion and Destructive Attacks

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Microsoft patches vulnerability used in Nokoyawa ransomware attacks | CSO Online

• How LockBit Changed Cyber security Forever (securityintelligence.com)

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Rorschach ransomware deployed by misusing a security tool - Help Net Security

• Medusa ransomware claims attack on Open University of Cyprus (bleepingcomputer.com)

• Cyble — New Cylance Ransomware with Power-Packed CommandLine Options

• Taiwanese PC Company MSI Falls Victim to Ransomware Attack (thehackernews.com)

• KFC, Pizza Hut owner discloses data breach after ransomware attack (bleepingcomputer.com)

• 7 Things Your Ransomware Response Playbook Is Likely Missing (darkreading.com)

• Cyber crime group exploits Windows zero-day in ransomware attacks-Security Affairs

• Windows zero-day vulnerability exploited in ransomware attacks (bleepingcomputer.com)

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Latitude Financial Refuses to Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)

• Superyacht-Maker Hit by Easter Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Microsoft: Phishing attack targets accountants as Tax Day approaches (bleepingcomputer.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Phishing Campaign Targeting YouTube Content Creators, Malware Hitting Charging Stations - MSSP Alert

BEC – Business Email Compromise

• 'BEC 3.0' Is Here with Tax-Season QuickBooks Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Simple psychology is the most dangerous form of cyber attack (thetimes.co.uk)

2FA/MFA

• Comparing enabled and enforced MFA in Microsoft 365 | TechTarget

• Rilide browser extension steals MFA codes - Help Net Security

Malware

• New Mirai Variant Employs Uncommon Tactics to Distribute Malware (darkreading.com)

• Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques (thehackernews.com)

• BlackGuard Stealer Extends its Capabilities in New Variant - MSSP Alert

• Check Point Software Technologies: Qbot Top Malware in March 2023 - MSSP Alert

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

• Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks (bleepingcomputer.com)

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft, Fortra Gains Legal Rights Against Cobalt Strike Abuse (informationsecuritybuzz.com)

• Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users (darkreading.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Mobile

• Protect your data with a USB condom | ZDNET

• FBI warns about dangers of public USB charging ports | Popular Science (popsci.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Android phones vulnerable to remote hacking — update right now | Tom's Guide (tomsguide.com)

• Burglars tunnel through Apple Store’s neighbour, allegedly steal $500K in iPhones | Ars Technica

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• Cyber criminals To Add Android Malware On Google Play Up To $20,000 (informationsecuritybuzz.com)

• Cyber criminals Turn to Android Loaders on Dark Web to Evade Google Play Security (thehackernews.com)

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Flood NPM with Bogus Packages Causing a DoS Attack (thehackernews.com)

• DDoS attacks shifting to VPS infrastructure for increased power (bleepingcomputer.com)

• DDoS threat report for 2023 Q1 (cloudflare.com)

• DDoS alert traffic reaches record-breaking level of 436 petabits in one day - Help Net Security

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

Internet of Things – IoT

• Printers Pose Persistent Yet Overlooked Threat (darkreading.com)

• There’s a new form of keyless car theft that works in under 2 minutes | Ars Technica

• Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters

• Default static key in ThingsBoard IoT platform can give attackers admin access | CSO Online

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• New Ultrasonic Acoustic Attack Targeting Microphones and Voice Assistants Gives Remote Access to Most Smart Devices - The Debrief

• Zigbee PRO 2023 introduces new security mechanisms, feature enhancements - Help Net Security

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Data Breaches/Leaks

• Samsung employees unwittingly leaked company secret data by using ChatGPT-Security Affairs

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Service NSW breach exposes personal data affecting thousands of customers | 7NEWS

• Leaked n documents provide rare window into depth of US intelligence on allies and foes | CNN Politics

• Military Intel Leak Investigated By US Officials (informationsecuritybuzz.com)

• Hyundai data breach exposes owner details in France and Italy (bleepingcomputer.com)

• Over 20,000 Iowa Medicaid Members Affected By Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Criminal businesses adopt corporate behaviour as they grow - Help Net Security

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Breached shutdown sparks migration to ARES data leak forums (bleepingcomputer.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• 5 Types of Cyber Crime Groups (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Sentiment DeFi Hacker Makes Amends by Returning 90% of Funds (beincrypto.com)

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• EU-Funded Report Calls for Crypto ID Checks, Police Training to Combat Darknet Markets (coindesk.com)

Insider Risk and Insider Threats

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Cyber criminals use simple trick to obtain personal data - Help Net Security

• Nearly Half of Workers Pilfer Former Employers’ Passwords to Access Accounts, Study Says - MSSP Alert

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Building a human firewall to block cyber attacks | McKinsey

• How to Combat Insider Threats-Security Affairs

Fraud, Scams & Financial Crime

• FBI warns of companies exploiting sextortion victims for profit (bleepingcomputer.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• When Banking Laws Don't Protect Consumers From Cybertheft (darkreading.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

• Stolen Card Numbers Plummet 94% Globally - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• 3CX confirms North Korean hackers behind supply chain attack (bleepingcomputer.com)

• Capita: IT outsourcer reels from being locked out of its own IT (thetimes.co.uk)

Cloud/SaaS

• Western Digital struggles to fix massive My Cloud outage, offers workaround (bleepingcomputer.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse - SecurityWeek

• How and Why to Put Multicloud to Work (darkreading.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

Hybrid/Remote Working

• 4 ways to secure your remote work setup | ZDNET

• Hybrid work environments are stressing CISOs - Help Net Security

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

Attack Surface Management

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• The new weakest link in the cyber security chain - Help Net Security

Shadow IT

• How to use a CASB to manage shadow IT | TechTarget

Identity and Access Management

• Identity Management Day: 3 Things MSSPs Need to Know - MSSP Alert

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

Encryption

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Why the US Needs Quantum-Safe Cryptography Deployed Now (darkreading.com)

API

• How to fix the top 5 API vulnerabilities | TechTarget

• Google launches dependency API and curated package repository with security metadata | CSO Online

• Why Shadow APIs are More Dangerous than You Think (thehackernews.com)

Open Source

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Almost Half of Former Employees Say Their Passwords Still Work (darkreading.com)

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Why it's time to move towards a passwordless future - Help Net Security

• AI can crack most password in less than a minute | TechRadar

• How an AI tool could crack your passwords in seconds | ZDNET

• Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype | Ars Technica

Social Media

• Tech layoffs raise new alarms about how platforms protect users | CNN Business

Malvertising

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

Training, Education and Awareness

• How to transform cyber security learning and make content more engaging - Help Net Security

Regulations, Fines and Legislation

• Lagging regulations frustrate protecting data from cyber attacks (themandarin.com.au)

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Battle could be brewing over new FCC data breach reporting rules | CSO Online

• When Banking Laws Don't Protect Consumers From Cyber Theft (darkreading.com)

Governance, Risk and Compliance

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Skyhigh Security Report: 75% of Organizations Have Suffered a Cyber security Breach - MSSP Alert

• Strategising cyber security: Why a risk-based approach is key | World Economic Forum (weforum.org)

• Who should I inform after a data hack? (thetimes.co.uk)

• Two-Fifths of IT Pros Told to Keep Breaches Quiet - Infosecurity Magazine (infosecurity-magazine.com)

• Outcome-based cyber security paves way for organizational goals - Help Net Security

• Why reporting an incident only makes the cyber security community stronger | CSO Online

• 6 common challenges facing cyber security teams and how to overcome them | TechCrunch

• Top 10 Cyber security Trends for 2023: From Zero Trust to Cyber Insurance (thehackernews.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Gartner: Human-Centric Design Is Top Cyber Security Trend for 2023 (darkreading.com)

Law Enforcement Action and Take Downs

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Spanish cops arrest teenage 'Robin Hood hacker' • The Register

• Australia Is Scouring the Earth for Cyber criminals — the US Should Too (darkreading.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• Dutch Police mails RaidForums members to warn they’re being watched (bleepingcomputer.com)

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Tesla Sued Over Workers' Alleged Access to Car Video Imagery - SecurityWeek

• Consumers take data control into their own hands amid rising privacy concerns - Help Net Security

Artificial Intelligence

• 5 ChatGPT security risks in the enterprise | TechTarget

• Samsung employees unwittingly leaked company secret data by using ChatGPT - Security Affairs

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• US cyber chiefs warn of threats from China and AI • The Register

• When you're talking to a chatbot, who's listening? | CNN Business

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• GPT-4 tried to escape into the internet today and it ‘almost worked’ | by Cezary Gesikowski | Mar, 2023 | Bootcamp (uxdesign.cc)

• It sounds like science fiction but it’s not: AI can financially destroy your business | Gene Marks | The Guardian

• AI can crack most password in less than a minute | TechRadar

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• European privacy watchdog creates ChatGPT task force | Reuters

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers linked to widespread attacks targeting NATO and EU (bleepingcomputer.com)

• NTC Vulkan leak shows evolving Russian cyberwar capabilities | CSO Online

• What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine | CyberScoop

• The Discord servers at the center of a massive US intelligence leak | CyberScoop

• Cisco trashed offices and destroyed spares as it quit Russia • The Register

• Another zero-click Apple spyware biz shows up in town again • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Experts warn of new spyware threat targeting journalists and political figures | Hacking | The Guardian

• Russia's Joker DPR Claims Access to Ukraine Troop Movement Data (darkreading.com)

• Spyware Offered to Cyber attackers via PyPI Python Repository (darkreading.com)

• Russian hackers ‘target security cameras inside Ukraine coffee shops’ | Ukraine | The Guardian

• Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool | CyberScoop

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

Nation State Actors

• Russia-linked APT29 is behind recent attacks targeting NATO and EU-Security Affairs

• North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack (thehackernews.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• US cyber chiefs warn of threats from China and AI • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• Google is on a crusade against cyber security threats from North Korea | TechRadar

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Leaked US. assessment includes warning about Russian hackers accessing sensitive infrastructure (nbcnews.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• Lazarus Group's DeathNote Campaign Reveals Shift in Targets - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Eliminating 2% of Exposures Could Protect 90% of Critical Assets - Infosecurity Magazine (infosecurity-magazine.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Google Launches New Cyber security Initiatives to Strengthen Vulnerability Management (thehackernews.com)

Vulnerabilities

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Windows admins warned to patch critical MSMQ QueueJumper bug (bleepingcomputer.com)

• Nokoyawa ransomware attacks with Windows zero-day | Securelist

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• Apple issues emergency patches for spyware-style 0-day exploits – update now! – Naked Security (sophos.com)

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek

• Cisco Patches Code and Command Execution Vulnerabilities in Several Products - SecurityWeek

• CISA orders agencies to patch Backup Exec bugs used by ransomware gang (bleepingcomputer.com)

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips • The Register

• Twitter 'Shadow Ban' Bug Gets Official CVE (darkreading.com)

• Exploit available for critical bug in VM2 JavaScript sandbox library (bleepingcomputer.com)

• Microsoft finally gets around to fixing half-decade-old Firefox CPU bug | TechRadar

• SAP releases security updates for two critical-severity flaws (bleepingcomputer.com)

• Adobe Plugs Gaping Security Holes in Reader, Acrobat - SecurityWeek

• Limit Login Attempts Plugin Patches Severe Unauthenticated Stored XSS Vulnerability – WP Tavern

• Fortinet Patches Critical Vulnerability in Data Analytics Solution - SecurityWeek

• How Microsoft’s Shared Key authorization can be abused and how to fix it | CSO Online

• Microsoft shares fix for Outlook issue blocking access to emails (bleepingcomputer.com)

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Tools and Controls

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• Stopping criminals from abusing security tools - Microsoft On the Issues

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• LastPass Breach Reveals Important Lessons (darkreading.com)

• The Pope's Security Gets a Boost With Vatican's MDM Move (darkreading.com)

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• Detailed Analysis Of The Best Password Managers In 2023 (informationsecuritybuzz.com)

• How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments (darkreading.com)

• SD-WAN vs. VPN: How do they compare? | TechTarget

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

• What is an Intrusion Prevention System (IPS)? (techtarget.com)

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• 4 strategies to help reduce the risk of DNS tunnelling | CSO Online

Reports Published in the Last Week

• DDoS threat report for 2023 Q1 (cloudflare.com)

Other News

• MSI Confirms Cyber Attack, Issues Firmware Download Guidance - SecurityWeek

• Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign - Microsoft Security Blog

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Western Digital restores service; attack details remain unclear | TechTarget

• 5 tips for tackling technical debt | CIO

• The Internet Reform Trilemma (darkreading.com)

• Rapid7 Has Good News for UK Security Posture - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving

Ransomware is the biggest cyber security threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.

"Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they're increasingly offered by gangs as a service, lowering the bar for entry into cyber crime," said Lindy Cameron, CEO of the NCSC in a speech at Tel Aviv Cyber Week.

She added that the NCSC has dealt with "nationally significant incidents" along with hundreds of general cyber incidents that "affect the UK more widely every year".

While she didn't detail any specific instances of responding to ransomware incidents, Cameron warned that "these complex attacks have the potential to affect our societies and economies significantly", and implied that if it weren't for the work of NCSC incident responders, alongside their counterparts in the industry and international counterparts, the attacks could have had a major impact.

https://www.zdnet.com/article/ransomware-attacks-are-the-biggest-global-cyber-threat-and-still-evolving-warns-cybersecurity-chief/

• Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion

Titaniam, Inc., the data security platform, announced the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organisations have an existing set of prevention, detection, and backup solutions, nearly 40% of organisations have been hit with ransomware attacks in the last year, and more than 70% have experienced one in the previous five years, proving existing solutions to be woefully inadequate in managing the risks and impacts from these attacks.

Data exfiltration during ransomware attacks is up 106% relative to where it was five years ago. We are seeing the emergence of a new trend where cyber criminals are no longer limiting themselves to just encrypting entire systems—they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim. The survey found that 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60% say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59% of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.

Data is being exposed for theft and extortion in other ways too. Nearly half (47%) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78%), prevention & detection (75%), and backup and recovery (73%) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks.

https://www.darkreading.com/attacks-breaches/study-reveals-traditional-data-security-tools-have-a-60-failure-rate-against-ransomware-and-extortion

• Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Attacks against companies spiked in Q1 2022 with patchable and preventable external vulnerabilities responsible for the bulk of attacks.

Eighty-two percent of attacks on organisations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.

The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyber attacks against United States organisations between January and March 2022.

The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credentials are still major factors in attacks against organisations.

https://threatpost.com/lead-causes-of-q1-attacks/180096/

• Three in Four Vulnerability Management Programs Ineffective

How at risk are organisations to unsecured vulnerabilities in their networks? NopSec, a threat and exposure management provider, gives us the answers in a new study of some 430 cyber security professionals.

Are security teams finding successful approaches to their vulnerability management, or are “open doors around their attack surface” leaving them susceptible to disaster in their organisation? The answer, as it turns out, is that some organisations are better at detection, response and remediation of their vulnerabilities.

Perhaps more importantly, others are not as locked down as they believe, according to the report. Keeping track of known vulnerabilities and responding quickly is one thing, but locating flaws they did not previously know existed is quite another.

Seventy percent of respondent say their vulnerability management program (VMP) is only somewhat effective or worse, blind spots and shadow IT remain top challenges, and vulnerabilities take too long to patch.

https://www.msspalert.com/cybersecurity-research/three-in-four-vulnerability-management-programs-ineffective-study-finds/

• EMEA Continues to Be a Hotspot for Malware Threats

Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.

Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.

The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.

https://www.helpnetsecurity.com/2022/06/30/emea-malware-threats/

• A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.

So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive, and remain undetected, is the hallmark of a highly sophisticated threat actor.

"While compromising small office/home office (SOHO) routers as a vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organisation."

The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.

https://www.wired.com/story/zuorat-trojan-malware-hacking-routers/

• What Are Shadow IDs, and How Are They Crucial in 2022?

Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)

Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems that new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT.

"Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services, are often created using a simple email-and-password-based registration. Cloud access security broker (CASB) and corporate single-sign-on (SSO) solutions are limited to a few sanctioned applications, and are not widely adopted on most websites and services either. This means, that a large part of an organisation's external surface - as well as its user identities - may be completely invisible.

https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html

• Zero-Days Aren't Going Away Anytime Soon, and What Leaders Need to Know

Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just recently, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. And because the internal security teams have no time to prepare or patch their systems to defend against these software vulnerabilities, crafty threat actors can take advantage, taking their time after they've accessed an organisation's environment to observe and exfiltrate data while remaining completely unseen.

And though sophisticated threat actors and nations have exploited zero-days for nearly two decades, last year saw a historic rise in the number of vulnerabilities detected. Both Google and Mandiant tracked a record number of zero-days last year, with the caveat that more zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal, though. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there's some basic cyber hygiene strategies that can keep your organisation sufficiently prepared to mitigate zero-day exploits.

https://www.darkreading.com/attacks-breaches/zero-days-aren-t-going-away-anytime-soon-and-what-leaders-need-to-know

• Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities

Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.

According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organisations applied more comprehensive patching.

“On top of that, four of the 2022 zero-days are variants of 2021 in-the-wild zero-days. Just 12 months from the original in-the-wild zero-day being patched, attackers came back with a variant of the original bug,” Stone says.

The most recent of these issues is the Follina vulnerability in the Windows platform. Tracked as CVE-2022-30190, it is a variant of an MSHTML zero-day tracked as CVE-2021-40444.

CVE-2022-21882 is another Windows vulnerability that is a variant of an in-the-wild zero-day that was improperly resolved last year, namely CVE-2021-1732.

An iOS IOMobileFrameBuffer bug (CVE-2022-22587) and a type confusion flaw in Chrome’s V8 engine (CVE-2022-1096) are two other zero-days that are variants of exploited security flaws found last year – CVE-2021-30983 and CVE-2021-30551, respectively.

Other 2022 zero-days that are variants of improperly addressed security defects are CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence), and CVE-2022-26925 (Windows flaw called PetitPotam).

https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities

• Human Error Remains the Top Security Issue

Human error remains the most effective vector for conducting network infiltrations and data breaches.

The SANS Institute security centre issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also tracked the maturity level of respondents' security awareness programs and their effectiveness in reducing human risk.

"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it," the cyber security training and education organisation said.

"These larger teams are more effective at working with the security team to identify, track, and prioritise their top human risks, and at engaging, motivating, and training their workforce to manage those risks."

The SANS Institute study ranked maturity by five levels, from lowest to highest: nonexistent, compliance-focused, promoting awareness and behaviour change, long-term sustainment and culture change, and metrics framework. The report found that while approximately 400 respondents said their programs promote awareness and behaviour change - the highest such response for any maturity level - the number represented a 10% decrease from the previous year's report.

https://www.techtarget.com/searchsecurity/news/252522226/SANS-Institute-Human-error-remains-the-top-security-issue

• Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks

Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyber attacks.

A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based business revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

Back in 2019, the security operations team spotted an internal email account sending spam to other addresses. It turned out miscreants had hijacked 124 employee Microsoft Office 365 email accounts, and were using them to send phishing emails to harvest more credentials. This, we're told, gave the intruders access to personal data on 180,000 Carnival employees and customers. It's likely the miscreants first broke in using phishing mails or brute-forcing passwords; either way, there was no multi-factor authentication.

Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.

https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/

• Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules

A federal judge on Tuesday said a former Uber Technologies Inc. security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.

The US Department of Justice had in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the US Federal Trade Commission.

https://www.reuters.com/business/uber-ex-security-chief-accused-hacking-coverup-must-face-fraud-charges-judge-2022-06-28/

Threats

Ransomware

• Ransomware market evolution results in fewer variants, but rise in off-the-shelf cyber crime kits continues | The Daily Swig (portswigger.net)

• Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts - MSSP Alert

• Cyber Security Experts Warn of Emerging Threat of "Black Basta" Ransomware (thehackernews.com)

• 5 years after NotPetya: Lessons learned | CSO Online

• AstraLocker 2.0 infects users directly from Word attachments (bleepingcomputer.com)

• Mitel VoIP Bug Exploited in Ransomware Attacks | Threatpost

• Black Basta Ransomware Gang Attacks 50 Companies, Cybereason Reports - MSSP Alert

• How Dangerous Is BlackBasta Ransomware? (informationsecuritybuzz.com)

• LockBit 3.0 Debuts With Ransomware Bug Bounty Program (darkreading.com)

• Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit (trendmicro.com)

• Son of Conti: Ransomware tries its hand at politics - The Record by Recorded Future

• Kaseya Ransomware - Cyber Leader’s Thoughts & Learnings One Year Later (informationsecuritybuzz.com)

• Are Protection Payments the Future of Ransomware? (tripwire.com)

• Conti vs. LockBit: A Comparative Analysis of Ransomware Groups (trendmicro.com)

• This new malware is at the heart of the ransomware ecosystem | ZDNet

• Macmillan Publishing shuts down systems after likely ransomware attack (bleepingcomputer.com)

• Walmart denies being hit by Yanluowang ransomware attack (bleepingcomputer.com)

• Fake copyright infringement emails install LockBit ransomware (bleepingcomputer.com)

• Cisco Talos techniques uncover ransomware sites on dark web (techtarget.com)

• RansomHouse gang claims to have some stolen AMD data • The Register

• 'Prolific' NetWalker extortionist pleads guilty • The Register

Phishing & Email Based Attacks

• Google Warns About Hacker-for-Hire Services Trying to Phish Users (pcmag.com)

• Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)

• Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)

• How phishing attacks are becoming more sophisticated - Help Net Security

• How Evilnum Cyber Attacks Target Microsoft Office Files - MSSP Alert

• New Matanbuchus Campaign drops Cobalt Strike beacons - Security Affairs

• Kaspersky Reveals Phishing Emails That Employees Find Most Confusing (darkreading.com)

• Ukraine arrests cyber crime gang operating over 400 phishing sites (bleepingcomputer.com)

Malware

• Microsoft finds Raspberry Robin worm in hundreds of Windows networks (bleepingcomputer.com)

• Microsoft Exchange servers worldwide backdoored with new malware (bleepingcomputer.com)

• Microsoft warning: This malware that targets Linux just got a big update | ZDNet

• ZuoRAT Hijacks SOHO Routers From Cisco, Netgear (darkreading.com)

• XFiles info-stealing malware adds support for Follina delivery (bleepingcomputer.com)

• Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)

• Minors Use Discord Servers To Earn Extra Pocket Money Through Spreading Malware (informationsecuritybuzz.com)

• PyPi python packages caught sending stolen AWS keys to unsecured sites (bleepingcomputer.com)

Mobile

• Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine

• Google warns Hermit spyware is infecting phones. What is it and how do you protect yourself from it? | Mashable

• Phone Hackers: 9 Ways To Tell If You Have Fallen Victim (informationsecuritybuzz.com)

• Apple revokes certificates for Hermit spyware app - 9to5Mac

• Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru

Internet of Things – IoT

• Swarm of malfunctioning driverless taxis brings traffic to a halt for hours (telegraph.co.uk)

Data Breaches/Leaks

• Millions of free VPN user records leaked | TechRadar

• Leaky Access Tokens Exposed Amazon Photos of Users | Threatpost

• California gun dashboards expose 10 years of personal data • The Register

Organised Crime & Criminal Actors

• The strange business of cyber crime | CSO Online

• Russia-China cyber criminal collaboration could “destabilize” international order | CSO Online

• Canadian admits to hacking spree with Russian cyber-gang - BBC News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pentagon finds concerning vulnerabilities on blockchain | TechRepublic

• Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0daySecurity Affairs

• Hackers steal $100m from another breached crypto bridge | TechRadar

• Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine

• Dozens of cryptography libraries vulnerable to private key theft | The Daily Swig (portswigger.net)

• Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted - BBC News

• Singapore warns of ‘brutal, unrelentingly hard’ crypto regs • The Register

Insider Risk and Insider Threats

• Rogue HackerOne employee steals bug reports to sell on the side (bleepingcomputer.com)

• Japanese worker loses city's personal data in USB fail • The Register

• How you handle independent contractors may determine your insider threat risk | CSO Online

Fraud, Scams & Financial Crime

• Threat actors increasingly use third parties to run their scams - Help Net Security

• Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine

• Evolving online habits have paved the way for fraud. What can we do about it? - Help Net Security

Insurance

• Cyber Insurance: The Good, the Bad, and the Ugly - IT Security Guru

Software Supply Chain

• It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? (darkreading.com)

• Over a Decade in Software Security: What Have We learned? - IT Security Guru

Denial of Service DoS/DDoS

• Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)

Attack Surface Management

• Digital Shadows Weaken Your Attack Surface (securityintelligence.com)

Shadow IT

• Shadow IT Spurs 1 in 3 Cyber Attacks (darkreading.com)

• What is Shadow IT and why is it so risky? (thehackernews.com)

Open Source

• CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• RansomHouse Hackers Claim to Breach AMD With Bad Passwords (gizmodo.com)

• Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (bleepingcomputer.com)

• Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)

Social Media

• Verified Twitter accounts hacked to send fake suspension notices (bleepingcomputer.com)

• Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign (darkreading.com)

• New YTStealer malware steals accounts from YouTube Creators (bleepingcomputer.com)

• Facebook 2FA phish arrives just 28 minutes after scam domain created – Naked Security (sophos.com)

Training, Education and Awareness

• Time Constraints Hamper Security Awareness Programs (darkreading.com)

Privacy

• ‘Supercookies’ Have Privacy Experts Sounding the Alarm | WIRED

• UK should immediately ban use of live facial recognition, warns report | Financial Times (ft.com)

• Snoopers’ Charter Ruled Partially Unlawful - Infosecurity Magazine

• We must stop sleepwalking towards a surveillance state | Financial Times (ft.com)

Parental Controls and Child Safety

• How parents can talk about online safety and personal info protection with their kids - Help Net Security

Regulations, Fines and Legislation

• Manx government department fined over data breach - BBC News

• Clearview fine: The unacceptable face of modern surveillance - Help Net Security

• UK security services must seek approval to access telecoms data, judges rule | UK security and counter-terrorism | The Guardian

Law Enforcement Action and Take Downs

• Global Police Crack Down on Online Sexual Exploitation - Infosecurity Magazine

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Lethal drinking water, runs on banks and panic buying: What a real Undeclared War cyber attack could mean (inews.co.uk)

• Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation | CSO Online

• Clear Rules Needed to Prevent Conflict and Struggle in Cyber Space, Says NCSC Chief - Infosecurity Magazine

• NATO to create cyber rapid response force, increase cyber defence aid to Ukraine - CyberScoop

• Could the Russian cyber attack on Lithuania draw a military response from NATO? | World News | Sky News

• Evilnum hackers return in new operation targeting migration orgs (bleepingcomputer.com)

• Commercial cyber products must be used responsibly, says NCSC CEO (computerweekly.com)

• G7 to tackle cyber threats and disinformation from Russia: communique | Reuters

• Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru

• Apple revokes certificates for Hermit spyware app - 9to5Mac

• China lured graduate jobseekers into digital espionage | Ars Technica

• FCC commissioner calls TikTok Chinese spyware and wants it pulled from mobile app stores (androidpolice.com)

• Google warns Hermit spyware is infecting phones. What is it and how do you protect yourself from it? | Mashable

Nation State Actors

Nation State Actors – Russia

• Ukraine targeted by almost 800 cyber attacks since the war started (bleepingcomputer.com)

• Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas - Security Affairs

• Russian Hacker Group Says Cyber Attacks Continue On Lithuania (informationsecuritybuzz.com)

• Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)

• Russia's Killnet hacker group says it attacked Lithuania | Reuters

Nation State Actors – China

• Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia | SecurityWeek.Com

• Chinese Hackers Target Building Management Systems | SecurityWeek.Com

• China lured graduate jobseekers into digital espionage | Ars Technica

Nation State Actors – North Korea

• Experts blame North Korea-linked Lazarus APT for Harmony hack - Security Affairs

Vulnerability Management

• 18 Zero-Days Exploited So Far in 2022 (darkreading.com)

• Why more zero-day vulnerabilities are being found in the wild | CSO Online

• Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)

• Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree (thehackernews.com)

• Microsoft's quiet mishandling of vulnerabilities is becoming a public mess - OnMSFT.com

Vulnerabilities

• MITRE shares this year's list of most dangerous software bugs (bleepingcomputer.com)

• Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (darkreading.com)

• How and why threat actors target Microsoft Active Directory | CSO Online

• Atlassian Confluence Exploits Peak at 100K Daily (darkreading.com)

• Patch Now: Linux Container-Escape Flaw in Azure Service Fabric (darkreading.com)

• Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (bleepingcomputer.com)

• OpenSSL 3.0.5 awaits release to fix potential security flaw • The Register

• CISA: Adopt Modern Auth now for Exchange Online • The Register

• CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)

• CISA orders agencies to patch Windows LSA bug exploited in the wild (bleepingcomputer.com)

• Mitel VoIP Bug Exploited in Ransomware Attacks | Threatpost

• Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware (trendmicro.com)

• Jenkins discloses dozens of zero-day bugs in multiple plugins (bleepingcomputer.com)

• New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)

Sector Specific

Critical National Infrastructure (CNI)

• Stress and Burnout Could Lead to Exodus of CNI Cyber Security Leaders - Infosecurity Magazine

Financial Services Sector

• Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine

FinTech

• A Fintech Horror Story: How One Company Prioritizes Cyber Security (darkreading.com)

• Security and compliance concerns limit ‘open finance’ expansion, say executives (scmagazine.com)

Telecoms

• Why the next-gen telecom ecosystem needs better regulations (techtarget.com)

OT, ICS, IIoT, SCADA and Cyber-Physical Systems

• APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (thehackernews.com)

• Cyber-Physical Security: Benchmarking to Advance Your Journey | SecurityWeek.Com

• Critical Security Flaws Identified in CODESYS ICS Automation Software (thehackernews.com)

• Microsoft Exchange bug abused to hack building automation systems (bleepingcomputer.com)

• 5 Cyber Security Tips for Smart Buildings - IT Security Guru

• Chinese Hackers Target Building Management Systems | SecurityWeek.Com

• OT security: Helping under-resourced critical infrastructure organisations - Help Net Security

Energy & Utilities

Oil, Gas and Mining

Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia | SecurityWeek.Com

Food and Agriculture

• Wiltshire Farm Foods Cyberattack (informationsecuritybuzz.com)

Education and Academia

• Threat Actor Claims Responsibility For IBM and Stanford University Hack - Infosecurity Magazine (infosecurity-magazine.com)

Web3

• Securing the Metaverse and Web3 | SecurityWeek.Com

• Cyber security and the metaverse: Identifying the weak spots | VentureBeat

Reports Published in the Last Week

• State of Email Security | Mimecast

• Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf

• State of Data Exfiltration and Extortion 2022 - Titaniam

• SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organisation’s Cyber Security | SANS Institute

• Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues

Other News

• Cyber Attacks Gain Steam in Early '22: Tetra Defense Report - MSSP Alert

• FBI warns crooks are using deepfake videos in job interviews • The Register

• Destructive firmware attacks pose a significant threat to businesses - Help Net Security

• 48% of security practitioners seeing 3x increase in alerts per day - Help Net Security

• Adversarial machine learning explained: How attackers disrupt AI and ML systems | CSO Online

• Companies are desperate for cyber security workers—more than 700K positions need to be filled | Fortune

• 82% Cyber Breaches In Verizon’s Report Preventable, Says MyCena (informationsecuritybuzz.com)

• SolarWinds hack explained: Everything you need to know (techtarget.com)

• Properly securing APIs is becoming increasingly urgent - Help Net Security

• 97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors - Infosecurity Magazine

• LGBTQ+ folks warned of dating app extortion scams • The Register

• What is Zero Trust and why would you want it? • The Register

• Tencent admits to poisoned QR code attack on QQ accounts • The Register

• Exploring the insecurity of readily available Wi-Fi networks - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.