Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 21 July 2023
Black Arrow Cyber Threat Briefing 21 July 2023:
-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals
-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
-Risk is Driving Medium-Sized Business Decisions
-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security
-Hybrid Work, Digital Transformation can Exploit Security Gaps
-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
-Pro-Russian Hacktivists Increase Focus on Western Targets
-Infosec Doesn't Know What AI Tools Orgs Are Using
-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.
A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.
https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/
MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals
The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.
The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.
https://www.theregister.com/2023/07/20/moveit_victim_count/
IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.
Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.
Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.
A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.
Risk is Driving Medium-Sized Business Decisions
Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.
In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.
Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security
For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.
However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.
This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.
Hybrid Work, Digital Transformation can Exploit Security Gaps
A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.
What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.
https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/
https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html
Pro-Russian Hacktivists Increase Focus on Western Targets
‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.
The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.
https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/
Infosec Doesn't Know What AI Tools Organisations Are Using
With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.
Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.
https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using
Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.
https://www.theregister.com/2023/07/19/google_cuts_internet/
Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.
The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023
Governance, Risk and Compliance
Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert
Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)
Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
CISOs are making cyber security a business problem - Help Net Security
Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)
Best practices for an effective cyber security strategy | CSO Online
Exploring the macro shifts in enterprise security - Help Net Security
Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro
Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)
Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)
SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)
New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek
Google’s Bard poses ransomware risk, say researchers | Cybernews
FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Ransomware Victims
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch
MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)
BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly
Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian
Russian medical lab suspends some services after ransomware attack (therecord.media)
Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Phishing & Email Based Attacks
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
BEC – Business Email Compromise
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent
Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)
AI models must be reconciled with data protection laws • The Register
1 in 4 Brits play with generative AI and some believe it too • The Register
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
AI must have better security, says top cyber official - BBC News
Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Google’s Bard poses ransomware risk, say researchers | Cybernews
Malware
Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)
Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs
Are Viruses Still a Threat to Cyber security? (makeuseof.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)
Mobile
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)
Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)
Botnets
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Denial of Service/DoS/DDOS
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop
Attackers intensify DDoS attacks with new tactics - Help Net Security
Internet of Things – IoT
How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)
US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)
Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)
Data Breaches/Leaks
MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek
Data compromises on track to set a new record - Help Net Security
Virustotal data leak exposed data of some registered customers - Security Affairs
What to do (and what not to do) after a data breach - Help Net Security
Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
LastPass: The lessons we learnt from our devastating breach | TechRadar
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)
FIA World Endurance Championship driver passports leaked - Security Affairs
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Colorado State University says data breach impacts students, staff (bleepingcomputer.com)
Organised Crime & Criminal Actors
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek
Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Former contractor accused of remotely accessing town's water treatment facility | Tripwire
Insider Risk Management Starts With SaaS Security (darkreading.com)
Fraud, Scams & Financial Crime
Growing scam activity linked to social media and automation - Help Net Security
A fresh look at the current state of financial fraud - Help Net Security
Tech support scammers now accepting cash via snail mail • The Register
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
AML/CFT/Sanctions
Insurance
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Dark Web
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
Supply Chain and Third Parties
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Supply chain executives unaware of growing customer trust issues - Help Net Security
Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)
Cloud/SaaS
Microsoft makes cloud security logs available for free • The Register
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Hybrid/Remote Working
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Securing The Hybrid Workforce Begins With Browsing (forbes.com)
Attack Surface Management
Identity and Access Management
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
The rise of hassle-free and secure authentication | CyberScoop
Encryption
Real-world examples of quantum-based attacks - Help Net Security
EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Signal president rejects ‘mass surveillance’ UK law | Fortune
API
Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)
API keys: Weaknesses and security best practices | TechTarget
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass: The lessons we learnt from our devastating breach | TechRadar
Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Social Media
Growing scam activity linked to social media and automation - Help Net Security
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
Training, Education and Awareness
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)
Digital Transformation
Travel
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
Regulations, Fines and Legislation
AI models must be reconciled with data protection laws • The Register
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Career Benefits of Learning Ethical Hacking (analyticsinsight.net)
Should You Be Using a Cyber security Careers Framework? (darkreading.com)
Law Enforcement Action and Take Downs
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Privacy, Surveillance and Mass Monitoring
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop
Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)
Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)
Ukraine innovates on cyber defence | Financial Times (ft.com)
China
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert
Xi wants to make the Great Firewall of China even greater • The Register
North Korea
JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)
North Korean hackers breached a US tech company to steal crypto | Reuters
Misc/Other/Unknown
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
APT Protection: The Key to Safeguarding Your Business (ts2.space)
How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
What is Vulnerability Assessment In Cyber security? (gbhackers.com)
Vulnerabilities
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)
Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)
OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs
Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)
5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)
Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek
Google says Apple employee found a zero-day but did not report it | TechCrunch
Tools and Controls
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)
A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)
Enterprise communication security a growing risk, priority | TechTarget
MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)
NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft's security roadmap: Protect Azure DevOps secrets • The Register
CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)
What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET
Insider Risk Management Starts With SaaS Security (darkreading.com)
67% of daily security alerts overwhelm SOC analysts - Help Net Security
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Microsoft makes cloud security logs available for free • The Register
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
API keys: Weaknesses and security best practices | TechTarget
Other News
Google restricting internet access to some employees for security (cnbc.com)
Enterprise communication security a growing risk, priority | TechTarget
Healthcare organisations in the crosshairs of cyber attackers - Help Net Security
Broadband consumers demand security and sustainability - Help Net Security
Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)
Cyber security measures SMBs should implement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 March 2023
Black Arrow Cyber Threat Briefing 24 March 2023:
-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority
-IT Security Spending to Reach Nearly $300 Billion by 2026
-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
-Board Cyber Shortage: Don’t Get Caught Swimming Naked
-Should Your Organisation Be Worried About Insider Threats?
-UK Ransomware Incident Volumes Surge 17% in 2022
-Financial Industry Hit by Rising Ransomware Attacks and BEC
-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
-Security Researchers Spot $36m BEC Attack
-New Victims Come Forward After Mass Ransomware Attack
-Ransomware Gangs’ Harassment of Victims is Increasing
-Wartime Hacktivism is Spilling Over Into the Financial Services Industry
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.
Controlling Third-Party Data Risk Should be a Top Cyber Security Priority
Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.
IT Security Spending to Reach Nearly $300 Billion by 2026
Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.
https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/
2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.
https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html
Board Cyber Shortage: Don’t Get Caught Swimming Naked
The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors.
Should your Organisation be Worried about Insider Threats?
Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.
https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/
UK Ransomware Incident Volumes Surge 17% in 2022
According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.
https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/
Financial Industry Hit by Rising Ransomware Attacks and BEC
According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.
55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.
Security Researchers Spot $36m BEC Attack
Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.
https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/
New Victims Come Forward After Mass Ransomware Attack
Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.
https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
Ransomware Gangs’ Harassment of Victims is Increasing
Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.
https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/
Wartime Hacktivism is Spilling Over into the Financial Services Industry
The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.
Threats
Ransomware, Extortion and Destructive Attacks
LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)
UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg
BianLian ransomware crew swaps encryption for extortion • The Register
New victims come forward after mass-ransomware attack | TechCrunch
Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)
LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)
Free decryptor released for Conti-based ransomware following data leak | Tripwire
New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek
Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert
US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs
Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online
Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)
Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)
Prevent Ransomware with Cyber security Monitoring (trendmicro.com)
Ferrari in a spin as crims steal customer data • The Register
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)
Phishing & Email Based Attacks
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)
Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)
Mobile
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Android apps are spying on you — with no easy way to stop them | Digital Trends
Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar
How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)
Botnets
Denial of Service/DoS/DDOS
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Internet of Things – IoT
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Google sounds alarm on Samsung modem bugs in Android devices • The Register
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Data Breaches/Leaks
Complacency of staff to blame for data breaches (thesundaily.my)
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
Data breaches cost businesses nearly $6M on average: Mastercard | CTV News
Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)
NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs
Lowe’s Market chain leaves client data up for grabs- Security Affairs
Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)
South Korea fines McDonalds for data leak from raw SMB share • The Register
A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt
General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Insider Risk and Insider Threats
Should Your Organisation Be Worried About Insider Threats? - IT Security Guru
Top 5 Insider Threats to Look Out For in 2023- Security Affairs
Preventing Insider Threats in Your Active Directory (thehackernews.com)
Fraud, Scams & Financial Crime
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)
Deepfakes
Insurance
SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET
Cyber insurance carriers expanding role in incident response | TechTarget
Supply Chain and Third Parties
Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)
Companies vulnerable to cyber-attack via suppliers - research | RNZ News
Why you should treat ChatGPT like any other vendor service - Help Net Security
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Software Supply Chain
Cloud/SaaS
How access management helps protect identities in the cloud | VentureBeat
Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)
The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch
Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)
The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley
New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)
4 Tips for Better AWS Cloud Workload Security (trendmicro.com)
Hybrid/Remote Working
Identity and Access Management
How access management helps protect identities in the cloud | VentureBeat
The impact of AI on the future of ID verification - Help Net Security
Preventing Insider Threats in Your Active Directory (thehackernews.com)
CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)
API
Open Source
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
BBC presses staff to uninstall TikTok from corporate kit • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Training, Education and Awareness
Regulations, Fines and Legislation
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
India’s infosec reporting rules observed by just 15 orgs • The Register
Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)
Governance, Risk and Compliance
How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)
How to best allocate IT and cyber security budgets in 2023 - Help Net Security
IT security spending to reach nearly $300 billion by 2026 - Help Net Security
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
How Your Cyber security Strategy Enables Better Business (trendmicro.com)
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
How Can CISOs Connect With the Board of Directors? (darkreading.com)
Achieving The Five Levels Of Information Security Governance (forbes.com)
Enhance security while lowering IT overhead in times of recession - Help Net Security
Why organisations shouldn't fold to cyber criminal requests - Help Net Security
Models, Frameworks and Standards
Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Backup and Recovery
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch
How to protect online privacy in the age of pixel trackers - Help Net Security
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
French govt clears AI facial scans for Paris Olympics • The Register
Artificial Intelligence
EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews
ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
We need to create guardrails for AI | Financial Times (ft.com)
GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)
Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom
The impact of AI on the future of ID verification - Help Net Security
7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online
Why you should treat ChatGPT like any other vendor service - Help Net Security
Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch
French govt clears AI facial scans for Paris Olympics • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)
BBC presses staff to uninstall TikTok from corporate kit • The Register
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Nation State Actors
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
BBC presses staff to uninstall TikTok from corporate kit • The Register
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
The pressing threat of Chinese-made drones flying above US critical infrastructure | CyberScoop
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online
Vulnerability Management
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant
10 Vulnerabilities Types to Focus On This Year (darkreading.com)
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Vulnerabilities
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)
CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)
Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)
Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs
Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)
Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs
WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)
Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)
Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar
Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)
ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)
Tools and Controls
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Complacency of staff to blame for data breaches (thesundaily.my)
How access management helps protect identities in the cloud | VentureBeat
Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware
The Ethics of Network and Security Monitoring (darkreading.com)
Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica
How network perimeters secure enterprise networks | TechTarget
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Other News
Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News
Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica
What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)
Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)
Top ways attackers are targeting your endpoints - Help Net Security
What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)
Techno-nationalism explained: What you need to know (techtarget.com)
How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru
Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.