Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

The Financial Sector is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift

A series of interviews with senior cyber executives and decision makers around the world gave insights into the attacks seen in the financial sector. The findings include 77% of financial organisations detecting campaigns to steal non-public market information, 48% falling victim to attacks solely focused on destroying data and 45% of organisations believing they were a victim of an attack which they were unable to detect. The financial sector remains a valuable target for cyber criminals and as such, organisations within this sector must proactively protect themselves.

Source: [PR News Wire]

The $10 Billion Cyber Insurance Industry Sees a Dangerous Year in Cyber Crime Ahead. AI, Ransomware, and War are its Biggest Concerns

A recent report by insurance broker Woodruff Sawyer sheds light on pressing concerns from the perspective of the insurance industry. Amidst ongoing global conflicts and the rise of AI-driven cyber threats, the boundaries between war and cyber attacks are blurring. Insurers are increasingly wary, with many opting not to provide coverage, particularly against war-related risks. The survey reveals a grim outlook, with 56% of clients anticipating a significant increase in cyber risks in 2024, primarily driven by ransomware and war associated threats. The challenge lies in defining and navigating these evolving risks, leaving clients uncertain about their cyber security strategies. Additionally, updated US Securities and Exchange Commission (SEC) rules mandating rapid disclosure of cyber breaches add further complexity to the cyber security landscape, warranting close monitoring by insurers. As cyber threats continue to evolve in a turbulent world, the insurance industry faces unprecedented challenges in safeguarding against cyber risks.

Source: [Fortune]

Microsoft Says Russian Hackers Used Known Identified Tactics to Breach Senior Exec Emails

Hackers allegedly linked to Russia’s Foreign Intelligence Service (SVR) breached a legacy non-production test tenant account in Microsoft last November, before pivoting into their senior executives’ email accounts. Microsoft only discovered the incident on 12 January. In a blog post, Microsoft said that the attackers had used a password spray attack on a limited number of accounts. One of these accounts was a legacy, non-production test account that had elevated access to the Microsoft corporate environment, and the ability to create malicious OAuth applications with access to other corporate mailboxes, leading to them accessing senior executives’ emails. Microsoft has since confirmed that multi-factor authentication was not enabled. Microsoft has previously warned the public about this exact scenario, writing that attackers “compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity.”

Sources: [The Record] [Bleeping Computer]

Old Methods, New Tricks: Cyber Criminals Are Still Using Social Engineering to Steal Your Credentials

2023 showed us that despite all the advancements in cyber security, most threat actors are simply just logging in. To do this an attacker needs credentials, often gained through phishing, the most common social engineering tactic. The emergence and utilisation of artificial intelligence has only made this easier, the point being that now virtually anyone can conduct a sophisticated phishing campaign, and with huge success. But what can organisations do? Focus on their human firewall. Social engineering will remain, and organisations need to ensure that their staff are consistently trained to be vigilant, as well as regular updated training on current trends. Users should ensure that they don’t reuse passwords across accounts, nor use easy to guess passwords or patterns. Users should be encouraged to use password managers to enable better, and more manageable, password hygiene. Where possible, multi factor authentication should be enforced.

Sources: [Security Boulevard] [Beta News] [Security Intelligence]

UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year

The UK government is urging organisations to prioritise cyber threats as a key business risk, on par with financial and legal challenges. They have released new guidelines, the Cyber Governance Code of Practice, aimed at directors and senior leaders to elevate cyber security as a focal point in business operations. The code recommends clear roles and responsibilities, customer protection, and plans to respond to cyber attacks. It also emphasises the need for employees to possess adequate cyber awareness and skills. As cyber security incidents rise, a report found that 77% of financial services organisations have experienced a cyber attack. Other figures also show that 32% of firms have suffered a cyber breach or attack in the past year alone. These guidelines align with the UK Government’s National Cyber Strategy, aiming to protect and promote online security in the country. With the financial sector experiencing underperforming cyber security providers, organisations need to strengthen their anti-fraud defences, possibly incorporating cyber risk ratings for a more robust security posture.

Source: [The Fintech Times]

94% of Organisations Would Pay a Ransom, Despite Having ‘Do Not Pay’ Policies, as 79% Faced an Attack in 2023

A recent study has found that 94% of organisations would pay a ransomware demand, even if they had a ‘do not pay’ policy, in the event of an attack. The study found that 79% had suffered a ransomware related attack in the second half of 2023. When it came to resilience, only 21% had full confidence in their organisation’s cyber resilience and ability to address today’s escalating cyber challenges and threats, and 23% reported that they would need over three weeks to recover data and restore business processes. A common theme in the study was the belief that senior and executive management do not fully understand the serious risks, with only 35% of respondents believing risks were fully understood.

Sources: [Beta News] [ Security Magazine] [MSSP Alert]

Interpol Arrests More than 30 Cyber Criminals in Global Operation

This week, international law enforcement announced that it detained 31 suspected cyber criminals and identified 1,300 malicious servers which were used to conduct phishing attacks and distribute malware. The operation, labelled “Synergia” was in response to “the clear growth, escalation and professionalisation of transnational cyber crime and the need for coordinated action against new cyber threats” Interpol said. Nearly 60 law enforcement agencies and several private companies were involved in the operation.

Sources: [The Record]

Divide and Succeed: Splitting IT and Security Makes Business Sense

Maintaining year-round security hygiene is important to protect both consumers and organisations. Cyber attacks, like the recent one on 23andMe, often exploit vulnerabilities that persist due to incomplete patching and compromised credentials. Many organisations cite time constraints as the primary reason for not updating security features. Ideally, in any organisation, and indeed in all organisations that have reached a level of maturity in this space, security and IT teams should be separate; however, this is not really achievable in many organisations and hence the responsibility to protect ultimately falls on IT teams. Overburdened IT teams, and IT teams whose primary focus is on operational IT, further compound the issue, spending significant time managing data requests and analysing data, leading to cyber security risks. As consumers become more privacy-conscious, businesses must review and adapt their data privacy policies to build trust. Additionally, the growing use of artificial intelligence poses new risks, necessitating the development of company-wide AI policies to protect data privacy. While privacy legislation remains fragmented, staying proactive by updating data privacy policies, understanding data usage, and fortifying cyber security defences is crucial for organisations.

Source: [Digital Journal]

Ransomware Groups Gain Clout with False Attack Claims

A concerning trend is on the rise: fake breach claims by ransomware groups. Cyber criminals are leveraging the dark web and social media to spread misinformation about alleged breaches, triggering unwarranted cyber investigations and generating unwanted, and unwarranted, negative publicity for the alleged victim. Recent incidents involving Technica Corp and Europcar exemplify this growing threat. While these claims often lack credible evidence, they serve as a means for ransomware operators to gain attention and clout in the cyber criminal world. These groups resort to false claims to maintain relevance. Cyber security teams must adapt to this new ransomware misinformation communication strategy and exercise caution when evaluating breach claims.

Source: [Dark Reading]

Payment Fraud is Hitting Organisations Harder Than Ever Before

According to research, 96% of companies in the US were targeted with at least one fraud attempt in the past year. 36% who suffered said the average loss they experienced was more than $1 million and for 25%, this was more than $5 million. The study found misaligned perception as despite the number falling victim, only 5% believed they could not keep up with fraud. Of concern, 75% of C-level finance leaders said they would stop doing business with an organisation that fell victim to payment fraud.

Source: [Help Net Security]

Chinese Hacking Operations Have Entered a Far More Dangerous Phase, US Warns

In the US, the directors of the FBI, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), have stated that China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on critical infrastructure. It was identified that Chinese nation-state actors were planting malware on network routers and other internet-connected devices that, if triggered, could disrupt water, power, rail and other critical services, possibly causing widespread chaos, or even injury or deaths as a result.

Source: [Defense One]

Governance, Risk and Compliance

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• Recognizing Security as a Strategic Component of Business (darkreading.com)

• Top Five Risks Facing Corporate Boards | The Volkov Law Group - JDSupra

• Despite awareness, small businesses still highly vulnerable to cyber attacks | Insurance Business America (insurancebusinessmag.com)

• Improving cyber security culture: A priority in the year of the CISO | CSO Online

• UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year | The Fintech Times

• Top 3 Cyber Security Trends for SME Business Leaders | MSSP Alert

• Building good cyber security posture doesn't have to be expensive – NCA | Insurance Business America (insurancebusinessmag.com)

• What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard

• Divide and succeed: Splitting IT and Security makes business sense - Digital Journal

• Prioritizing cyber crime intelligence for effective decision-making in cyber security - Help Net Security

• Strengthening Cyber Security: The rise of the Security Assurance Officer (securitybrief.co.nz)

• Proactive Cyber Security: A strategic approach to cost efficiency and crisis management - Help Net Security

• 5 Cyber Security Strategies You Must Embrace to Protect Your Business | Inc.com

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Survey Shows 94% of Companies Would Pay | MSSP Alert

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• Ransomware's Impact May Include Heart Attacks, Strokes & PTSD (techrepublic.com)

• 79% of organisations faced a ransomware attack in H2 2023 | Security Magazine

• Ransomware Groups Gain Clout With False Attack Claims (darkreading.com)

• LockBit remorseless in latest children's hospital attack • The Register

• Alpha Ransomware Group Launches Data Leak Site on the Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

• The Ransomware Threat in 2024 is Growing: Report - Security Week

• Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register

• “More Groups, More Problems”: Searchlight Cyber Report Reveals Ransomware Groups to Watch in 2024 | Business Wire

• OpenText Cyber Security Global Ransomware Survey: The Risk Perception Gap | MSSP Alert

• The State of Ransomware 2024 - Security Boulevard

• The evolution of ransomware: Lessons for the future (securityintelligence.com)

• New strain of the Phobos ransomware discovered in VBA script | SC Media (scmagazine.com)

• Canadian Man Sentenced to Prison for Ransomware Attacks - Security Week

• Ransomware Research Reveals Millions Spent Despite Do Not Pay Policies - IT Security Guru

• A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)

• Online ransomware decryptor helps recover partially encrypted files (bleepingcomputer.com)

• Higher cyber defences lead to higher ransoms, study finds | Cybernews

• ICS Ransomware Danger Rages Despite Fewer Attacks (darkreading.com)

Ransomware Victims

• ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch

• Pentagon investigating theft of sensitive files by ransomware group | CyberScoop

• Johnson Controls says ransomware attack cost $27 million, data stolen (bleepingcomputer.com)

• "Cyber security matter" prompted network outage at Lurie Children's Hospital - CBS Chicago (cbsnews.com)

• New Jersey School District Shut Down by Cyber Attack (darkreading.com)

• Cactus ransomware gang claims the Schneider Electric hack (securityaffairs.com)

• Schneider Electric Responding to Ransomware Attack, Data Breach  - Security Week

• Akira ransomware gang says it stole passport scans from Lush • The Register

• Kansas public transportation authority hit by ransomware (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica

• Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it's being offered for sale for barely nothing to lure new criminals in | TechRadar

• In 2023, Cyber Criminals Were Still Using Social Engineering to Steal Your Credentials - Security Boulevard

• The top phishing themes of 2023 (betanews.com)

• AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

Artificial Intelligence

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• AI-Powered Attacks and Deepfake Technology Fuel Cyber Attack Concern - IT Security Guru

• ChatGPT bug leaked conversations from others in your history (bgr.com)

• AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

• Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One

• AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week

• AI-generated code leads to security issues for most businesses: report | CIO Dive

• Poisoned AI went rogue during training and couldn't be taught to behave again in 'legitimately scary' study | Live Science

• Assessing and quantifying AI risk: A challenge for enterprises | CSO Online

• AI And 5G are Defining a New Era of Cyber Security: The Industry Must Collectively Adapt - Infosecurity Magazine (infosecurity-magazine.com)

• Identity verification systems need hybrid liveness detection to protect against AI spoofs, say experts | ITPro

• Worried About AI Voice Clone Scams? Create a Family Password | Electronic Frontier Foundation (eff.org)

2FA/MFA

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

Malware

• It's true — Microsoft Teams group chat requests can be bad for you, as hackers hijack them to spread malware | TechRadar

• One of the world's biggest web hosting companies revealed that it eradicated nearly 500 million malware threats in 2023 - a staggering 250 instances per customer | TechRadar

• How the ZeuS Trojan Info Stealer Changed Cyber Security (securityintelligence.com)

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks (thehackernews.com)

• Windows PCs are now being hit by dangerous malware — here's the steps you need to take to stay safe | TechRadar

• Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines (thehackernews.com)

• Fake Google ads are trying to trick users into downloading nasty malware — here's how you can fight back | TechRadar

• Police disrupt Grandoreiro banking malware operation, make arrests (bleepingcomputer.com)

• Threat Actors Using Adult Games To Launch Remcos RAT Attack - Security Boulevard

• Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware (thehackernews.com)

• More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)

• Don't believe everything you read - hackers are pushing malware via media, news sites | TechRadar

Mobile

• Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping  - Security Week

• More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attack power skyrockets to 1.6 Tbps - Help Net Security

Internet of Things – IoT

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world (talosintelligence.com)

Data Breaches/Leaks

• There was a 39% surge in data exfiltration cyber attacks in 2023 | Security Magazine

• Europcar denies data breach of 50 million users, says data is fake (bleepingcomputer.com)

• 3.5M exposed in COVID-19 e-passport leak (securityaffairs.com)

• Mercedes-Benz accidentally exposed sensitive data, including source code (securityaffairs.com)

• FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)

• 23andMe confirms last year's massive data breach went unnoticed for five months, hackers stole raw genotype data | TechSpot

• 23andMe admits it didn’t detect cyber attacks for months | TechCrunch

• Millions of corporate messages leaked by Miracle Software's unsecured MongoDB instance | SC Media (scmagazine.com)

• Football Australia investigating 'critical data' leak - ESPN

• Top 3 Data Breaches of 2023, and What Lies Ahead in 2024 (darkreading.com)

• A Look Back at the Biggest Data Breaches in 2023: a Cautionary Tale for All Businesses - Hayes Connor

• DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)

• Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security

• Data leak at fintech giant Direct Trading Technologies (securityaffairs.com)

• Timex breach leaks employee Social Security numbers | SC Media (scmagazine.com)

• Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)

• Keenan warns 1.5 million people of data breach after summer cyber attack (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Dark Web Drugs Vendor Forfeits $150m After Guilty Plea - Infosecurity Magazine (infosecurity-magazine.com)

• ReasonLabs Releases Annual "State of Consumer Cyber Security Report" for 2024 (prnewswire.com)

• Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security

• ‘Extremely heinous’: Myanmar hands over 10 leading cyber scam suspects to China | South China Morning Post (scmp.com)

• Smarter, Meaner, Sneakier: Security Trends for 2024 (trendmicro.com)

• How businesses can tackle the cyber crime economy (siliconrepublic.com)

• Expert explains the alarming creativity of today's cyber attacks, and five unlikely places you're vulnerable (techxplore.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bitcoin worth £1.4bn seized after ex-takeaway worker tried to buy £23m mansion, court hears | UK News | Sky News

• Pump-and-Dump Schemes Make Crypto Fraudsters $240m - Infosecurity Magazine (infosecurity-magazine.com)

• Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping  - Security Week

• Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k (securityaffairs.com)

Insider Risk and Insider Threats

• Top-tier IT talent doesn't stick around in 'mid-market' organisations - which could also be a major security risk | TechRadar

• DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)

• Put People First When Facing Sophisticated Cyber Threats (forbes.com)

Insurance

• A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

Supply Chain and Third Parties

• Supply Chain Security and NIS2: What You Need to Know - Security Boulevard

• Third-party risk management best practices and why they matter - Help Net Security

• Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)

• Cyber criminals embrace smarter strategies, less effort - Help Net Security

• Expert explains the alarming creativity of today's cyber attacks, and five unlikely places you're vulnerable (techxplore.com)

Cloud/SaaS

• Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it's being offered for sale for barely nothing to lure new criminals in | TechRadar

• Microsoft Teams phishing pushes DarkGate malware via group chats (bleepingcomputer.com)

• Why adversaries have their heads in the cloud - Red Canary

• 'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally (darkreading.com)

• Cyber Attacks, AI and Multicloud Hit Cyber Security in 2023 - The New Stack

• Why DNS protection should be the first step in hybrid cloud security | TechRadar

Identity and Access Management

• Microsoft tells how Russia's Cozy Bear broke into its email • The Register

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica

• Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)

Linux and Open Source

• Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard

• New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)

• White House releases report on securing open-source software | CyberScoop

Passwords, Credential Stuffing & Brute Force Attacks

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

• ‘Credential stuffing’ attacks set to rise (theage.com.au)

• Hundreds of network operators’ credentials found circulating in Dark Web (securityaffairs.com)

• US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)

Social Media

• A tangled mess: Government rules for social media security lack clarity | CyberScoop

• Defending Against Corporate Social Media Account Takeovers (databreachtoday.co.uk)

Malvertising

• Fake Google ads are trying to trick users into downloading nasty malware — here's how you can fight back | TechRadar

Regulations, Fines and Legislation

• ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch

• Thе Cyber Resilience Act: What Startups Should Know About Hardware and Software Transparency in 2024 - TheRecursive.com

• SolarWinds Files Motion to Dismiss SEC Lawsuit (darkreading.com)

• What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard

• A tangled mess: Government rules for social media security lack clarity | CyberScoop

• AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week

• The SEC Won't Let CISOs Be: Understanding New SaaS Cyber Security Rules (thehackernews.com)

• How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week

• UK law could ban Apple security updates across the world in an 'unprecedented overreach' | TechRadar

Models, Frameworks and Standards

• Supply Chain Security and NIS2: What You Need to Know - Security Boulevard

• NIS2 Directive raises stakes for security leaders - Help Net Security

• Complete Guide To PCI DSS Compliance - Security Boulevard

• CMMC Is the Starting Line, Not the Finish (darkreading.com)

Data Protection

• ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch

Careers, Working in Cyber and Information Security

• Wait, infosec isn't a computer science degree requirement? • The Register

• The Future Of Cyber Security Is More Human Than You Think (forbes.com)

Law Enforcement Action and Take Downs

• Interpol arrests more than 30 cyber criminals in global ‘Synergia’ operation (therecord.media)

• Interpol-Led Initiative Targets 1300 Suspicious IPs - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Drugs Vendor Forfeits $150m After Guilty Plea - Infosecurity Magazine (infosecurity-magazine.com)

• Bitcoin worth £1.4bn seized after ex-takeaway worker tried to buy £23m mansion, court hears | UK News | Sky News

• US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)

• US sanctions 3 for supporting ISIS with cyber security expertise, money transfers - UPI.com

• Canada's 'most prolific hacker' jailed for two years (bitdefender.com)

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care | TechRadar

• Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• Cyber attacks as war crimes | International Bar Association (ibanet.org)

• What Are State-Sponsored Cyber Attacks? - Security Boulevard

• Satya Nadella Worries About Hackers Causing 'Breakdown of World Order' (businessinsider.com)

• Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One

• The Cyber Warfare Option Against Hostile States and Groups | National Review

Nation State Actors

China

• Chinese hacking operations have entered a far more dangerous phase, US warns - Defense One

• Chinese hackers preparing to 'wreak havoc' on US, warns FBI chief Christopher Wray | US News | Sky News

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• Wray’s stunning warning points to a new age of US vulnerability | CNN Politics

• Cyber attacks as war crimes | International Bar Association (ibanet.org)

• EU economic security plan eyes China with more defence than offense (qz.com)

Russia

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technicac

• Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)

• Russia hacks Microsoft: It’s worse than you think | Computerworld

• Microsoft Threat Report: How Russia’s War on Ukraine Is Impacting the Global Cyber Security Community (darkreading.com)

• Series of Cyber Attacks Hit Ukrainian Critical Infrastructure Organisations (darkreading.com)

• Russian 'cyber war' could exploit divisions in Scotland | The Herald (heraldscotland.com)

• Pawn Storm Uses Brute Force and Stealth Against High-Value Targets (trendmicro.com)

• Russian threat actors dig in, prepare to seize on war fatigue | Security Insider (microsoft.com)

• Russian spies impersonating Western researchers in ongoing hacking campaign (therecord.media)

• Ukranian Military intelligence claims cyber attack on IT company providing services to Russian defence industry (kyivindependent.com)

• Ukraine's POW Coordination Headquarters restores services after cyber attack (kyivindependent.com)

• Ukraine Military Targeted With Russian APT PowerShell Attack (darkreading.com)

Iran

• New Leaks Expose Web of Iranian Intelligence and Cyber Companies - Infosecurity Magazine (infosecurity-magazine.com)

• Iran's 'Cyber Centers' Dodge Sanctions to Sell Cyber Operations (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• US sanctions 3 for supporting ISIS with cyber security expertise, money transfers - UPI.com

Vulnerability Management

• Does CVSS 4.0 solve the exploitability problem? - Help Net Security

• Why the Right Metrics Matter When it Comes to Vulnerability Management (thehackernews.com)

• Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard

• Why organisations need risk-based vulnerability management | TechTarget

Vulnerabilities

• Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register

• Ivanti Struggling to Hit Zero-Day Patch Release Schedule - Security Week

• Ivanti releases patches for old and new VPN zero-days • The Register

• A zero-day vulnerability (and PoC) to blind defences relying on Windows event logs - Help Net Security

• 45k Jenkins servers exposed to RCE attacks using public exploits (bleepingcomputer.com)

• Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (thehackernews.com)

• New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)

• CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS (thehackernews.com)

• If you’re using this router brand, you may want to disconnect now — security researchers found more vulnerabilities and a hardcoded password in Totolink hardware | TechRadar

• Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care | TechRadar

• Tor Code Audit Finds 17 Vulnerabilities - Security Week

Tools and Controls

• Microsoft tells how Russia's Cozy Bear broke into its email • The Register

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica

• Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)

• Building good cyber security posture doesn't have to be expensive – NCA | Insurance Business America (insurancebusinessmag.com)

• Prioritizing cyber crime intelligence for effective decision-making in cyber security - Help Net Security

• What is DMARC? - Security Boulevard

• Multi-factor authentication suffers from three major weaknesses | TechRadar

• AI-generated code leads to security issues for most businesses: report | CIO Dive

• 3 Best Practices to Improve Threat Hunting - Security Boulevard

• How to make developers accept DevSecOps - Help Net Security

• Assessing and quantifying AI risk: A challenge for enterprises | CSO Online

• How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week

• Why DNS protection should be the first step in hybrid cloud security | TechRadar

• What Is Cyber Threat Hunting? (Definition & How it Works) (techrepublic.com)

• Proactive cyber security: A strategic approach to cost efficiency and crisis management - Help Net Security

• The Future Of Cyber Security Is More Human Than You Think (forbes.com)

• Managing the hidden risks of shadow APIs • The Register

Reports Published in the Last Week

• Cyber Bank Heists | Cyber Security Threats Facing Financial Sector | Contrast Security

• ReasonLabs Releases Annual "State of Consumer Cyber Security Report" for 2024 (prnewswire.com)

• Gartner Report: Innovation Insight for Application Security Posture Management (legitsecurity.com)

Other News

• The Financial Sector Is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift, According to the Modern Bank Heists Report From Contrast Security (prnewswire.com)

• How SMBs can lower their risk of cyber attacks and data breaches (bleepingcomputer.com)

• FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)

• Global critical infrastructure faces relentless cyber activity - Help Net Security

• Why the healthcare industry must prioritize cyber resilience | World Economic Forum (weforum.org)

• UK says Emirates-backed stake in Vodafone poses national security risk | Vodafone | The Guardian

• Cyber attacks soar to 13 per second – with OT a key target - Drives and Controls Magazine (drivesncontrols.com)

• Israeli Government: Smallest of SMBs Hit Hardest in Cyber Attacks (darkreading.com)

• How to prepare for the increasing cyber attacks on critical infrastructure - Data Centre & Network News (dcnnmagazine.com)

• CISA: Vendors must secure SOHO routers against Volt Typhoon attacks (bleepingcomputer.com)

• Firmware remains the soft underbelly of banking cyber defence (techmonitor.ai)

• Cyber attacks on state and local governments rose in 2023, says CIS report | StateScoop

• City Cyber Taskforce Launches to Secure Corporate Finance - Infosecurity Magazine (infosecurity-magazine.com)

• Fulton County Suffers Power Outages as Cyber Attack Continues (darkreading.com)

• How to Prepare for a Cyber Attack - Security Boulevard

• The Imperative for Robust Security Design in the Health Industry (darkreading.com)

• National cyber security plans lack performance measures and estimated costs, GAO says | CyberScoop

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.

The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.

The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.

https://www.bleepingcomputer.com/news/security/morgan-stanley-client-accounts-breached-in-social-engineering-attacks/

• Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More

Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).

The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.

Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.

BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.

https://www.zdnet.com/article/ransomware-is-scary-but-another-scam-is-costing-victims-much-much-more-says-fbi/#ftag=RSSbaffb68

• Phishing Kits Constantly Evolve to Evade Security Software

Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.

Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.

Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.

https://www.bleepingcomputer.com/news/security/phishing-kits-constantly-evolve-to-evade-security-software/

• Ransomware Payment Demands Rose Dramatically in 2021

Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.

IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."

Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.

https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021

• 7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK

The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.

"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.

https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

• Here's How Fast Ransomware Encrypts Files

Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.

The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.

Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.

https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files

• HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For

Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.

This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

• The Cyber Warfare Predicted in Ukraine May Be Yet to Come

In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.

The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.

https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca

• The Three Russian Cyber Attacks the West Most Fears

The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.

Russia has previously stated that such accusations are "Russophobic".

However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.

Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.

"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.

This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.

https://www.bbc.co.uk/news/technology-60841924

• Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks

The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:

The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:

• Deploy modern security tools on your computers and devices to continuously look for and mitigate threats

• Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors

• Back up your data and ensure you have offline backups beyond the reach of malicious actors

• Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack

• Encrypt your data so it cannot be used if it is stolen

• Educate your employees to common tactics that attackers will use over email or through websites

• Work with specialists to establish relationships in advance of any cyber incidents.

https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks/

• Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone

The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.

IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.

BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.

"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.

https://www.darkreading.com/attacks-breaches/fbi-cybercrime-victims-suffered-losses-of-over-6-9b-in-2021

• Expanding Threat Landscape: Cyber Criminals Attacking from All Sides

Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.

“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.

“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”

Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.

Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.

https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/

Threats

Ransomware

• Ransomware Infections Follow Precursor Malware – Lumu • The Register

• Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com

• Serious Security: DEADBOLT – The Ransomware That Goes Straight For Your Backups – Naked Security (sophos.com)

• AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)

• What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)

• Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)

• Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)

• Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register

• Talos warns of BlackMatter-linked BlackCat Ransomware • The Register

• Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat

• Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)

• Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)

• Hackers Demand $15 Million Ransom from TransUnion After Cracking "password" Password (bitdefender.com)

• Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)

• Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop

Phishing & Email

• New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)

• Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost

• 'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)

Other Social Engineering

• Social Engineering Attacks To Dominate Web3, The Metaverse | ZDNet

Malware

• Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)

• BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)

Mobile

• URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)

• Downloaders Currently the Most Prevalent Android Malware (darkreading.com)

• Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)

• Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)

IoT

• Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)

• Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register

• How to Secure Your Home WiFi Router - The Washington Post

Data Breaches/Leaks

• UK MoD's Capita-Run Recruitment Portal Support Offline • The Register

• Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Over 40,000 London Voters Have Data Leaked to Strangers - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)

• Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters

• Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)

• Oxford Teen Accused Of Making More Than £10m As A Leader Of International Cyber Gang (telegraph.co.uk)

Cryptocurrency/Cryptomining/Cryptojacking

• An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)

• Global Regulators Monitor Crypto Use in Ukraine War | Reuters

• Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)

Insider Risk and Insider Threats

• 6 Types Of Insider Threats And How To Prevent Them (techtarget.com)

• HP Staffer Blew $5m On Personal Expenses With Company Card • The Register

Fraud, Scams & Financial Crime

• Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security

• NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)

• DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt

Insurance

• How The Increase in Ransomware Has Impacted The Cyber Insurance Market - Help Net Security

• Cyber Insurance and War Exclusions (darkreading.com)

Dark Web

• Dark Web Drug Peddler Gets Nine Years - Infosecurity Magazine

Supply Chain

• 'Secrets Sprawl' Haunts Software Supply Chain Security | SecurityWeek.Com

Cloud

• As Breaches Soar, Companies Must Turn to Cloud-Native Security Solutions For Protection - Help Net Security

Passwords & Credential Stuffing

• The Top 5 Things the 2022 Weak Password Report Means for IT Security (bleepingcomputer.com)

Spyware, Espionage & Cyber Warfare

• Russia Preparing To Conduct Cyber Attacks, White House warns - IT Security Guru

• New Mustang Panda Hacking Campaign Targets Diplomats, ISPs (bleepingcomputer.com)

• Vidar Spyware Is Now Hidden in Microsoft Help Files | ZDNet

• FCC Adds Kaspersky To Covered List Due To Unacceptable Risks To Security - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online

• Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)

• Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs

• President Biden Says Russia Exploring Revenge Cyber Attacks • The Register

• Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics

• Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert

• Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)

• Anonymous Targets Western Companies Still Active in Russia - Security Affairs

• Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs

• NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)

• Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News

• Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs

• Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet

• Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register

Nation State Actors – China

• Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)

• Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost

• Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet

Nation State Actors – North Korea

• Dual North Korean Hacking Efforts Found Attacking Google Chrome Vulnerability for 6 Weeks - CyberScoop

Vulnerabilities

• CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)

• Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (thehackernews.com)

• Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs

• Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)

• Vulnerabilities Found in 250 HP Printer Models | CSO Online

• VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register

• Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)

Sector Specific

Health/Medical/Pharma Sector

• Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News

• 12,000 Sensitive Patient Images Leaked - IT Security Guru

• Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com

Retail/eCommerce

• For Magecart groups and other credit-card skimmers, old and new opportunities abound - CyberScoop

Transport and Aviation

• SATCOM Networks on High Alert After US Govt Warning • The Register

Energy & Utilities

• US Charges Four Russians Over Hacking Campaign on Energy Sector - BBC News

Education and Academia

• Heriot-Watt University in Second Week of Outage • The Register

Reports Published in the Last Week

• The 2022 State of Cyber Assets Report (jupiterone.com)

• 2022 Weak Password Report - Specops Software

Other News

• A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)

• The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com

• Soldiers told to use Signal instead of WhatsApp for security | The Times

• Cyber Security Compliance: Start With Proven Best Practices - Help Net Security

• Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat

• Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop

• The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security

• South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)

• ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine

• Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.