Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 01 March 2024
Black Arrow Cyber Threat Intelligence Briefing 01 March 2024:
-Phishing, Smishing and Vishing Skyrocket 1,265%
-Business Email Compromise Attacks Are Evolving, But What Can Be Done About It
-Vulnerabilities Count Set to Rise by 25% in 2024
-BYOD Increases Mobile Phishing; Risks Have Never Been Higher
-Risk-based spending: An Imperative for Cyber Security That Demands Board Attention
-If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks
-Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business
-Why Governance, Risk and Compliance Must be Integrated with Cyber Security
-More and More UK Firms Concerned About Insider Threats
-98% of Businesses Linked to Breached Third Parties
-What Companies Should Know About Rising Legal Threats
-CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Risk-based spending: An Imperative for Cyber Security That Demands Board Attention
Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.
Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.
Sources: [Security Week] [The Hacker News] [Risk.net]
If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks
Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.
Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]
Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business
Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.
Sources: [Information Week] [Security Boulevard]
Why Governance, Risk and Compliance Must be Integrated with Cyber Security
With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.
Source: [CSO Online]
More and More UK Firms Concerned About Insider Threats
A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.
Source: [Infosecurity Magazine]
98% of Businesses Linked to Breached Third Parties
A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.
Source: [Help Net Security]
Phishing, Smishing and Vishing Skyrocket 1,265%
According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.
A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.
Source: [Bleeping Computer] [Help Net Security] [Security Affairs]
Business Email Compromise Attacks Are Evolving, But What Can Be Done About It
Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.
Source: [ITPro]
Vulnerabilities Count Set to Rise by 25% in 2024
The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.
Source: [Help Net Security]
BYOD Increases Mobile Phishing; Risks Have Never Been Higher
The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.
Source: [MSSP Alert]
What Companies Should Know About Rising Legal Threats
The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.
Source: [Darkreading]
CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments
As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.
This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.
Sources: [CyberScoop] [CIO]
Governance, Risk and Compliance
Why governance, risk, and compliance must be integrated with cyber security | CSO Online
Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista
The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week
Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)
Beating the drum on cyber risk: the battle for boardroom attention - Risk.net
What is cyber hygiene and why businesses should know about it - Security Boulevard
Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard
What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)
Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)
Essential Guide To Information Security Compliance (informationsecuritybuzz.com)
Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)
The CISO: 2024’s Most Important C-Suite Officer (forbes.com)
UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)
Cyber security 'blind spot' leaves businesses exposed - Accountancy Age
Building Your Cyber Incident Response Team - Security Boulevard
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
AWS on why CISOs should track 'the metric of no' | TechTarget
2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)
What CISOs Need To Know About The Lockbit Takedown - Security Boulevard
Ransomware crews lean into infostealers for initial access • The Register
78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)
Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)
Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)
What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg
Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)
Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)
Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)
What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future
3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)
What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)
Cyber criminals follow the money to hit manufacturing sector • The Register
Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)
Ransomware Victims
Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED
LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week
Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)
Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)
Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)
Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie
Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)
German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week
US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)
MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)
Phishing & Email Based Attacks
European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security
BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert
SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar
Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)
Unmasking 2024's Email Security Landscape (securityaffairs.com)
Registrars can now block all domains that resemble brand names (bleepingcomputer.com)
Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot
Other Social Engineering
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security
The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard
Registrars can now block all domains that resemble brand names (bleepingcomputer.com)
How to stay safe from cyber criminal "quishing" attacks | TechRadar
Artificial Intelligence
Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune
AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)
AI in cyber security presents a complex duality - Help Net Security
AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)
Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)
Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
BEAST AI attack can break LLM guardrails in a minute • The Register
2FA/MFA
Malware
Ransomware crews lean into infostealers for initial access • The Register
BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)
North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica
Pikabot returns with new tricks up its sleeve - Help Net Security
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)
CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)
Cloud-focused malware campaigns on the increase (betanews.com)
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)
Mobile
BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert
Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)
Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
U-Haul says 67K customers' data was stolen in cyber attack • The Register
Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar
Organised Crime & Criminal Actors
Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista
8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)
It’s only February and cyber crime is already running rampant (techinformed.com)
Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)
How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Insider Risk and Insider Threats
Are remote workers at greater risk of cyber security threats? | TechRadar
Understanding employees' motivations behind risky actions - Help Net Security
The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)
Insurance
Supply Chain and Third Parties
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)
98% of businesses linked to breached third parties - Help Net Security
Cloud/SaaS
Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert
Cloud-focused malware campaigns on the increase (betanews.com)
Identity and Access Management
How organisations can navigate identity security risks in 2024 - Help Net Security
Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Rights groups file GDPR suits on Meta's pay-or-consent model • The Register
Meta Patches Facebook Account Takeover Vulnerability - Security Week
Malvertising
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)
Training, Education and Awareness
Cyber awareness education is a change-management initiative | CSO Online
Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)
4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)
Creating a cyber security training curriculum for SMBs and MSPs | TechRadar
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
Regulations, Fines and Legislation
81% of security leaders predict SEC rules will impact their businesses | Security Magazine
Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)
Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
Backup and Recovery
Models, Frameworks and Standards
NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert
Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)
Data Protection
UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update
Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)
Rights groups file GDPR suits on Meta's pay-or-consent model • The Register
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
A Perfect Cyber Storm is Leading to Burnout | Network Computing
The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)
Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard
Law Enforcement Action and Take Downs
Is the LockBit gang resuming its operation? (securityaffairs.com)
Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)
Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica
US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review
Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)
The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)
The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED
Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)
Beijing Silent Over Russia's Reported War-Gaming of China Invasion
Russia
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica
Russia may have just carried out its first direct action against the West (yahoo.com)
Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)
Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)
Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)
Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)
Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)
Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)
Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)
Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)
Beijing Silent Over Russia's Reported War-Gaming of China Invasion
Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Iran
North Korea
Vulnerability Management
Vulnerabilities
Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)
Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)
Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week
CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)
Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week
Meta Patches Facebook Account Takeover Vulnerability - Security Week
MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)
Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)
Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop
Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)
Tools and Controls
The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week
Cyber awareness education is a change-management initiative | CSO Online
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)
How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard
APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)
How organisations can navigate identity security risks in 2024 - Help Net Security
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week
Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)
Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)
Other News
Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)
IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)
It's time to stop trusting your antivirus software | Digital Trends
Three new advanced threat groups targeted industrial organisations last year | CSO Online
What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard
Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)
Why Health Care Is Top Target for Cyber Criminals (govtech.com)
RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)
Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 January 2024
Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:
-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
-Cyber Insecurity and Misinformation Top WEF Global Risk List
-Why Effective Cyber Security and Risk Management are Crucial for Business Growth
-The Cost of Dealing with a Cyber Attack Doubled Last Year
-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
-Mandiant, SEC Lose Control of X Accounts Without 2FA
-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
-Cyber Security is the Number One Priority for the Financial Sector Again
-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.
When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.
Sources: [Lexology] [Security Brief]
Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.
Sources: [Data Breaches] [UK mortgage news] [The Hacker News]
Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.
Source: [TechRadar]
Cyber Insecurity and Misinformation Top WEF Global Risk List
In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.
Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.
Source: [Infosecurity Magazine]
Why Effective Cyber Security and Risk Management are Crucial for Business Growth
Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.
Source: [World Economic Forum]
The Cost of Dealing with a Cyber Attack Doubled Last Year
New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.
Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.
Source: [TechRadar]
Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.
The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.
Source: [Security Week] [Dark Reading]
Mandiant, SEC Lose Control of X Accounts Without 2FA
While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.
In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.
Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.
Source: [Dark Reading]
If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling. Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.
Source: [Help Net Security]
82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.
Sources: [Infosecurity Magazine] [SecurityWeek]
Cyber Security is the Number One Priority for the Financial Sector Again
In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.
Sources: [The Fintech Times] [Islamic Finance News]
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.
Source: [Security Boulevard]
Governance, Risk and Compliance
If you prepare, a data security incident will not cause an existential crisis - Help Net Security
IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)
The cost of dealing with a cyber attack doubled last year | TechRadar
Board Priorities 2024: Cyber preparedness & resilience - Lexology
Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)
Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
The expanding scope of CISO duties in 2024 - Help Net Security
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
The power of basics in 2024's cyber security strategies - Help Net Security
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
Threats
Ransomware, Extortion and Destructive Attacks
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)
There is a Ransomware Armageddon Coming for Us All (thehackernews.com)
Ransomware victims targeted in follow-on extortion attacks • The Register
Swatting: The new normal in ransomware extortion tactics • The Register
Another top US mortgage firm hit by major cyber attack | TechRadar
Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Babuk ransomware decryptor updated with Tortilla support • The Register
"Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)
Ransomware payment ban: Wrong idea at the wrong time • The Register
Ransomware Victims
In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard
Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin
Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)
Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)
LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)
Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch
HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week
Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im
Ransomware wrecks Paraguay’s largest telco (databreaches.net)
Phishing & Email Based Attacks
Uncovering the hidden dangers of email-based attacks - Help Net Security
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
Female cyber pros group targeted in phishing scam | IT Business
Artificial Intelligence
Adapting Security to Protect AI/ML Systems (darkreading.com)
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Why Cyber Security Is Foundational To AI Safety (forbes.com)
FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)
The growing challenge of cyber risk in the age of synthetic media - Help Net Security
Securing AI systems against evasion, poisoning, and abuse - Help Net Security
Staying One Step Ahead of Hackers When It Comes to AI | WIRED
New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW
AI discovers that not every fingerprint is unique (techxplore.com)
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
2FA/MFA
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
Malware
A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Linux devices are under attack by a never-before-seen worm | Ars Technica
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Mobile
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
Internet of Things – IoT
Coming Soon to a Network Near You: More Shadow IoT - Security Week
The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard
Surveyed drivers prefer low-tech cars over data-sharing ones • The Register
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
Data Breaches/Leaks
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)
Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch
Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)
Organised Crime & Criminal Actors
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard
Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Cryptocurrency community lost over $100 million last week (coinpaper.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED
Insider Risk and Insider Threats
Insurance
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Supply Chain and Third Parties
Cloud/SaaS
SaaS cyber crime levels are expected to rise this year - Digital Journal
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
Identity and Access Management
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
What is credential stuffing and how do you keep your accounts safe from it (engadget.com)
Social Media
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)
Sexual assault in the metaverse investigated by British police • Graham Cluley
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)
Malvertising
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Regulations, Fines and Legislation
US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online
SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra
What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard
Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)
Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke
Models, Frameworks and Standards
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
Nation State Actors
China
AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop
Bribed US Navy sailor sold secrets to China for just $14k • The Register
China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week
Russia
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)
Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register
Ukraine is on the front lines of global cyber security - Atlantic Council
Iran
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)
North Korea
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week
Young Britons exposed to online radicalisation following Hamas attack - BBC News
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Vulnerability Management
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week
Researchers develop technique to prevent software bugs - Help Net Security
Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard
Vulnerabilities
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)
Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)
Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week
KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)
Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)
CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week
Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security
Tools and Controls
Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
APIs are increasingly becoming attractive targets - Help Net Security
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)
Other News
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)
A cyber attack hit the Beirut International Airport (securityaffairs.com)
Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop
Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)
6 of the biggest threats banks faced in 2023 | American Banker
US to hospitals: Meet security standards or no federal money • The Register
Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)
Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 November 2023
Black Arrow Cyber Threat Intelligence Briefing 24 November 2023:
-The Human Element- Cyber Security’s Great Challenge
-Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
-Despite Increasing Ransomware Attacks, Some Companies in Denial
-A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
-The True Cost of a Ransomware Attack
-Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
-Cyber Security Investment Involves More Than Just Technology
-Questions Leaders Must Ask Themselves on Security Culture
-There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
-Cyber Attack on British Library Highlights Lack of UK Resilience
-Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
-The Cyber Security Lawsuit Boards are Talking About
-UK and Republic of Korea Issue Warning About North Korea State-Linked Cyber Actors Attacking Software Supply Chains
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
The Human Element- Cyber Security’s Great Challenge
According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.
Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.
Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.
Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]
Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.
The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.
Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.
Sources [Computer Weekly] [Beta News] [Beta News]
Despite Increasing Ransomware Attacks, Some Companies are in Denial
A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.
Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.
In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.
Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]
A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.
In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.
Sources: [The Register] [Computer Weekly]
The True Cost of a Ransomware Attack
While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.
For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [ITPro]
Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.
The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.
Source: [TechXplore]
Cyber Security Investment Involves More Than Just Technology
C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Dark Reading]
Questions Leaders Must Ask Themselves on Security Culture
In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.
Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.
Source: [AT&T]
There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.
Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.
Sources: [The Currency]
Cyber Attack on British Library Highlights Lack of UK Resilience
A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).
The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.
Source: [FT]
Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.
With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.
Sources: [Help Net Security] [Help Net Security]
The Cyber Security Lawsuit Boards are Talking About
For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.
Source: [The New York Times]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget
Companies step up investment in ransomware protection (betanews.com)
CISOs can marry security and business success - Help Net Security
7 must-ask questions for leaders on security culture (att.com)
The human element -- cyber security's greatest challenge (betanews.com)
Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Cyber security Investment Involves More Than Just Technology (darkreading.com)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
Only 9% of IT budgets are dedicated to security - Help Net Security
Why transparency and accountability are important in cyber security | Computer Weekly
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Internal audit leaders are wary of key tech investments - Help Net Security
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
Stressed staff put enterprises at risk of cyber attack (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)
More than money: The true cost of a ransomware attack | ITPro
Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert
Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Companies step up investment in ransomware protection (betanews.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)
The shifting sands of the war against cyber extortion - Help Net Security
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Ransomware groups rack up victims among corporate America | CyberScoop
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio
UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology
Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)
Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)
4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)
Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal
Ransomware Victims
Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor
British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International
London & Zurich ransomware attack causes customer chaos • The Register
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek
Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)
Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar
Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)
St Helens Council suspected cyber attack caused significant disruption - BBC News
Western Isles Council backup systems 'inaccessible' following cyber attack | STV News
Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)
BlackCat claims attack on Fidelity National Financial • The Register
Phishing & Email Based Attacks
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon
Artificial Intelligence
Cyber threats reached a new high this year, with AI playing a major role | TechRadar
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)
Smaller businesses embrace GenAI, overlook security measures - Help Net Security
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
OII | Large Language Models pose risk to science with false answers, says Oxford study
Malware
5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)
Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE
Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
Mirai malware infects routers and cameras for new botnet • The Register
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)
Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)
Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)
How Ducktail steals Facebook accounts | Kaspersky official blog
Cyber criminals turn to ready-made bots for quick attacks - Help Net Security
3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)
New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)
Mobile
FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek
Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog
Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
4 data loss examples keeping backup admins up at night | TechTarget
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)
US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)
Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)
Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)
Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)
Sumo Logic says customer data untouched during breach • The Register
Organised Crime & Criminal Actors
Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Supply Chain and Third Parties
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)
Cloud/SaaS
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your password hygiene remains atrocious, says NordPass • The Register
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
UK watchdog threatens enforcement action over ad cookies • The Register
Models, Frameworks and Standards
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
US cyber cops trace and return nearly $9M stolen by scammers • The Register
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Why cyber war readiness is critical for democracies - Help Net Security
Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)
Nation State Actors
China
Russia
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)
Iran
Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg
Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online
North Korea
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg
Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)
Tools and Controls
Only 9% of IT budgets are dedicated to security - Help Net Security
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)
Companies step up investment in ransomware protection (betanews.com)
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
The 7 Deadly Sins of Security Awareness Training (darkreading.com)
Identity And Access Management: 18 Important Trends And Considerations
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
MFA under fire, attackers undermine trust in security measures - Help Net Security
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)
The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)
Other News
Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)
Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)
UK proposes 'super-complaints' to help keep internet safe • The Register
Consumers plan to be more consistent with their security in 2024 - Help Net Security
Security trends public sector leaders are watching | CyberScoop
Even gas pumps aren't safe from cyber attacks at the moment | TechRadar
Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider
The US government wants to offer better cyber security to major infrastructure firms | TechRadar
The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar
Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)
Shields Ready: Critical Infrastructure Security and Resilience
Crimeware and financial cyberthreat predictions for 2024 | Securelist
Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters
Read again: Decoding cyber security, safeguarding educational institutions | Edexec
What direction for the EU Cyber security Competence Centre? – EURACTIV.com
Unveiling the Most Common Cyber Threats in Retail – International Supermarket News
Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.