Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

• One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

• Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

• Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

• Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

• Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

• Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

• 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

• Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

• What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Governance, Risk and Compliance

• Cyber Security experts have become targets for board seats (cnbc.com)

• The Impacts of Data Loss on Your Organisation -Security Affairs

• One third of security breaches go unnoticed by security professionals - Help Net Security

• Small organisations face security threats on a limited budget - Help Net Security

• How to cultivate a culture of continuous cyber Security improvement - Help Net Security

• CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

• Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of consumers prepared to ditch brands hit by ransomware - Help Net Security

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)

• Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

• Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)

• The rise in cyber extortion attacks and its impact on business security - Help Net Security

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek

• Microsoft Can Fix Ransomware Tomorrow (darkreading.com)

• Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs

• Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs

• Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity (yahoo.com)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Thirty-three US Hospitals Hit By Ransomware This Year - Infosecurity Magazine (infosecurity-magazine.com)

• How ransomware impacts the healthcare industry - Help Net Security

• Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW Vault | SC Media (scmagazine.com)

• June saw flurry of ransomware attacks on education sector | TechTarget

• Decryption tool for Akira ransomware available for free | Tripwire

• Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert

• What is WannaCry Ransomware? | Definition from TechTarget

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Ransomware Victims

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• One million NHS patients’ data compromised after cyber Attack on University of Manchester | The Independent

• Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

• Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• TSMC says IT supplier extorted by LockBit • The Register

• MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg

• UCLA among victims of worldwide cyber attack – NBC Los Angeles

• BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg

• Chipmaker TSMC says supplier targeted in cyber Attack | Reuters

• MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• Suspicious Email Reports Up a Third as NCSC Trumpets Active Defence - Infosecurity Magazine (infosecurity-magazine.com)

• Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert

• Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)

BEC – Business Email Compromise

• 6 Steps To Outsmart Business Email Compromise Scammers (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Quishing on the rise: How to prevent QR code phishing | TechTarget

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Artificial Intelligence

• AI’s rise is ‘most profound’ tech shift to impact ‘all of our lives’, Google UK chief says | The Independent

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

• Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times

• AI-generated attack vectors cyber Security should watch for (fastcompany.com)

• The EU hasn’t got its AI Act together yet - The Verge

• OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• GPT-4 is great at infuriating telemarketing scammers • The Register

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Malware

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Meduza Stealer Targets Windows Users With Advanced Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Fileless attacks increase 1,400% - Help Net Security

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms (therecord.media)

• CISA: Truebot malware infecting networks in US, Canada | TechTarget

• Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)

• Android users at risk as banking trojan targets more apps | Fox News

• Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert

• We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Botnets

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

Denial of Service/DoS/DDOS

• CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics (thehackernews.com)

Data Breaches/Leaks

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• The Impacts of Data Loss on Your Organisation- Security Affairs

• Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone (thehackernews.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)

• OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop

• 28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek

Organised Crime & Criminal Actors

• Exploring the Dark Web Job Market (socradar.io)

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• Hackers stole millions of dollars worth of crypto assets from Poly Network platform- Security Affairs

Insider Risk and Insider Threats

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Fraud, Scams & Financial Crime

• Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)

• Support from British businesses crucial in removing over... - NCSC.GOV.UK

• GPT-4 is great at infuriating telemarketing scammers • The Register

• Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Scammers using AI voice technology to commit crimes - Help Net Security

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

AML/CFT/Sanctions

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)

• Cyber insurance rates drop 10% in June, report says | Reuters

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Dark Web

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring the Dark Web Job Market (socradar.io)

• Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)

Supply Chain and Third Parties

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

Software Supply Chain

• A CISO's Guide to Paying Down Software Supply Chain Security Debt (darkreading.com)

Cloud/SaaS

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Japan rebukes Fujitsu for cloud security fails • The Register

• Cloud security: Sometimes the risks may outweigh the rewards – Cyber Reports Cyber Security News & Information (cyber-reports.com)

• 53% of SaaS licenses remain unused - Help Net Security

• IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Attack Surface Management

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

Encryption

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Exploring the Dark Web Job Market (socradar.io)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• Security Experts Raise Major Concerns With Online Safety Bill - Infosecurity Magazine (infosecurity-magazine.com)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

API

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Mission Linux: How the open source software is now a lucrative target for hackers | CSO Online

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch

• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)

Social Media

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Malvertising

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

Regulations, Fines and Legislation

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• European companies slam the EU’s incoming AI regulations in open letter - The Verge

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

Models, Frameworks and Standards

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Careers, Working in Cyber and Information Security

• Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru

• 3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)

• Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)

• CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru

• Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)

• ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security

Law Enforcement Action and Take Downs

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Privacy, Surveillance and Mass Monitoring

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• TSA hopes to expand facial recognition over next ten years • The Register

• NJ cops must get wiretap order for real-time Facebook snoop • The Register

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Switzerland’s Security Report: Impact of Russia–Ukraine Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite system used by Russian military is hacked - The Washington Post

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)

China

• US authorities warn on China’s new counter-espionage la' • The Register

• Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research

• Chinese threat actor attacks diplomats across Europe • The Register

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

Iran

• Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks | SC Media (scmagazine.com)

North Korea

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• North Korean satellite had no military utility for spying • The Register

Misc/Other/Unknown

• Advanced Persistent Threats: A Wake-Up Call for Cyber Security (ts2.space)

Vulnerability Management

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

Vulnerabilities

• CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild | SC Media (scmagazine.com)

• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)

• Microsoft puts out Outlook fire, downplays Teams flaw • The Register

• Critical Flaw Exposes ArcServe Backup to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek

• Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)

• StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)

• Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic- Security Affairs

Tools and Controls

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Small organisations face security threats on a limited budget - Help Net Security

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• Mitigating Risk With Threat Intelligence (darkreading.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Reports Published in the Last Week

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com)

Other News

• Foreign spies hacked government 20 years ago (thetimes.co.uk)

• GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru

• Hacks targeting British exam boards raise fears of students cheating (therecord.media)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• Is your browser betraying you? Emerging threats in 2023 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

• The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

• Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

• Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

• Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

• Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

• Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

• EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

• Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

• How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

• Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

• 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

• Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

• US, UK slap sanctions on Russians linked to Conti and more • The Register

• Threat Analysis: VMware ESXi Attacks Soared in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• December ransomware attack leads to massive data breach from California health network - The Record from Recorded Future News

• Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs

• New ESXi ransomware strain spreads, foils decryption tools | TechTarget

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure-Security Affairs

• US Warns Critical Sectors Against North Korean Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cisco Talos spots new MortalKombat ransomware attacks | TechTarget

• Ion: after the hack, the clean-up - Risk.net

• Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS

• City of Oakland systems offline after ransomware attack (bleepingcomputer.com)

• MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)

• MTU data appears on dark web after cyber attack – The Irish Times

• Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)

• LockBit spree hits three large companies (techmonitor.ai)

• Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch

• City of Oakland issued state of emergency after ransomware attack-Security Affairs

• Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland

• LockBit and Royal Mail Ransomware Negotiation Leaked - Infosecurity Magazine (infosecurity-magazine.com)

• No relief in sight for ransomware attacks on hospitals | TechTarget

• Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)

• Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)

Phishing & Email Based Attacks

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security GuruCyber

• Venmo Phishing Abusing LinkedIn "slink"

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC Groups Target Firms With Multilingual Impersonation Attacks - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Malware

• Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Npm Package Uses Typosquatting, Downloads Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft OneNote Abuse for Malware Delivery Surges - Security Week

• New TA886 group targets companies with Screenshotter malware-Security Affairs

• Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security Guru

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Pepsi distributor blames info-stealing malware for breach • The Register

• Malware that can do anything and everything is on the rise - Help Net Security

• Lokibot, AgentTesla Grow in January 2023's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)

• Thousands of WordPress sites have been infected by a mystery malware | TechRadar

• Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)

• Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)

• Hackers Targeting US and German Firms Monitor Victims' Desktops with Screenshotter (thehackernews.com)

• Malware authors leverage more attack techniques that enable lateral movement | CSO Online

Mobile

• RedEyes hackers use new malware to steal data from Windows, phones (bleepingcomputer.com)

Botnets

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)

• 87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)

• The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs

Internet of Things – IoT

• Digital burglaries: The threat from your smart home devices | Fox News

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Data Breaches

• MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

• 4 misconceptions about data exfiltration | VentureBeat

• Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI

• Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)

• Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

• After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop

• Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

• Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk

• A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

• Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• 451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)

• DeFi exploits and access control hacks cost crypto investors billions in 2022: Report (cointelegraph.com)

• Using the blockchain to prevent data breaches | VentureBeat

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump - Infosecurity Magazine (infosecurity-magazine.com)

Insider Risk and Insider Threats

• A former Credit Suisse employee leaked employees' historic bonus data (efinancialcareers.com)

Fraud, Scams & Financial Crime

• Russian IT biz owner made $90M from stolen financial info • The Register

• Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)

• MoneyGram Fraud Victims Get $115m in Compensation - Infosecurity Magazine (infosecurity-magazine.com)

• 'Pig butchering' scams on the rise, luring victims with promises of relationships and riches | CyberScoop

• Cyber security Experts Warn Against Valentine's Day Romance Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Romance scam targets security researcher, hilarity ensues • The Register

• 10 signs that scammers have you in their sights | WeLiveSecurity

• Hackers Leverage PayPal to Send Malicious Invoices - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US, UK slap sanctions on Russians linked to Conti and more • The Register

Insurance

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

Dark Web

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

Supply Chain and Third Parties

• How to manage third-party cyber security risks that are too costly to ignore | TechCrunch

• 5 biggest risks of using third-party services providers | CSO Online

Cloud/SaaS

• Reimagining zero trust for modern SaaS - Help Net Security

• Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat

• Application and cloud security is a shared responsibility - Help Net Security

Attack Surface Management

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLine

Open Source

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)

• Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag

• Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

Social Media

• Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic

• Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies • Graham Cluley

• Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)

• Venmo Phishing Abusing LinkedIn "slink"

Malvertising

• AdSense fraud campaign relies on 10,890 sites that were infected since September 2022-Security Affairs

Training, Education and Awareness

• High-risk users may be few, but the threat they pose is huge - Help Net Security

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Regulations, Fines and Legislation

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• The Online Safety Bill: An attack on encryption (element.io)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

Governance, Risk and Compliance

• Security buyers lack insight into threats, attackers, report finds | Computer Weekly

• Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

• Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think - MSSP Alert

• Actionable intelligence is the key to better security outcomes - Help Net Security

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLineT

• Majority of Firms Make Cyber security Decisions Without Attacker Insight - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations - MSSP Alert

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online

• Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

• Storage security for compliance and cyberwar in 2023 • The Register

Backup and Recovery

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

Careers, Working in Cyber and Information Security

• Get hired in cyber security: Expert tips for job seekers - Help Net Security

• 3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)

• Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)

Law Enforcement Action and Take Downs

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The FBI’s most controversial surveillance tool is under threat | Ars Technica

Artificial Intelligence

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters

Misinformation, Disinformation and Propaganda

• Revealed: the hacking and disinformation team meddling in elections | Technology | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week

• SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi

• US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian

• Six companies join US entity list after Chinese spy balloon • The Register

• How Alan Turing still casts his genius in the age of cyberwar | Metro News

• US warns its citizens in Russia to get out immediately over security fears | Euronews

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• ‘Significant’ debris from China spy balloon retrieved, says US military | US national security | The Guardian

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)

• A.I. in the military could be a game changer in warfare | Fortune

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• The Lessons From Cyberwar, Cyber-in-War and Ukraine  - security Week

• Storage security for compliance and cyberwar in 2023 • The Register

Nation State Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week

• MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• North Korean Hackers Are Attacking US Hospitals | WIRED

• Six companies join US entity list after Chinese spy balloon • The Register

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Group-IB Blocks Attack By Chinese Tonto Team Hackers - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese ship accused of using ‘military-grade laser’ against Philippine vessel | Philippines | The Guardian

• Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)

• A new operating system has been released in Russia! (gizchina.com)

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries (thehackernews.com)

• SideWinder APT Attacks Regional Targets in New Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

Vulnerabilities

• Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)

• Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week

• Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week

• Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch

• Intel issues patches for SGX vulnerabilities • The Register

• Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week

• Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (thehackernews.com)

• Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)

• Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)

• Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week

• Dozens of Vulnerabilities Patched in Intel Products - Security Week

• High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)

• Critical Vulnerability Patched in Cisco Security Products - Security Week

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Tools and Controls

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

• SOAR vs. SIEM: What's the difference? | TechTarget

• PAM is failing - IT Security Guru

• Combining identity and security strategies to mitigate risks - Help Net Security

• Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online

• Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)

• Attack surface management (ASM) is not limited to the surface - Help Net Security

• How to filter Security log events for signs of trouble | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.