Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 April 2024
Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:
-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
-Ransomware Incidents Reported to UK Financial Regulator Doubled
-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
-AI Abuse and Misinformation Campaigns Threaten Financial Institutions
-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
-AI Makes Phishing Attacks Accessible to Basic Users
-Cyber Attacks Wreaking Physical Disruption on the Rise
-73% Brace for Cyber Security Impact on Business in Next Two Years
-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
-Cyber Security Imperative for Protecting Executives
-The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.
Sources: [Help Net Security ] [Dark Reading]
Ransomware Incidents Reported to UK Financial Regulator Doubled
The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.
Sources: [Digital Journal] [Digital Journal]
Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.
A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.
To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.
Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]
Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.
The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.
Sources: [Infosecurity Magazine] [Infosecurity Magazine]
AI Abuse and Misinformation Campaigns Threaten Financial Institutions
According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.
Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”
Source: [Help Net Security]
Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.
Source: [CSO Online]
AI Makes Phishing Attacks Accessible to Basic Users
One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.
Source: [The Economic Times]
Cyber Attacks Wreaking Physical Disruption on the Rise
According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.
Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.
Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.
Source: [Dark Reading]
73% Brace for Cyber Security Impact on Business in Next Two Years
A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.
Source: [Help Net Security]
To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.
Source: [IBTimes]
Cyber Security Imperative for Protecting Executives
The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.
Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.
Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.
Source: [Forbes]
The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.
Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.
Source: [JDSupra]
Governance, Risk and Compliance
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Security teams are ‘overconfident’ about handling next-gen threats | CSO Online
Banks told to expand risk management to cover AI (finextra.com)
Corporations With Cyber Governance Create 4X More Value (darkreading.com)
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
73% brace for cyber security impact on business in the next year or two - Help Net Security
Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)
Why your data isn’t as safe as you think and what it could cost you - IT Security Guru
Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)
Businesses must prioritise prevention to lock out online threats (yahoo.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Lessons from the World's Costliest Corporate Cyber Attacks - Management Today
Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)
Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)
Instilling the Hacker Mindset Organisationwide (darkreading.com)
How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Cyber security incidences surge in the UK financial services sector - Digital Journal
Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Ransomware Victims
Ransomware attacks ravaged municipal governments in March | TechTarget
NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security
Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Ransomware gang leaks UK city council’s confidential files • The Register
Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)
World’s second-largest lens-maker blinded by cyber incident • The Register
Phishing & Email Based Attacks
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)
A phish by any other name should still not be clicked – Computerworld
Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)
Microsoft Teams phishing attacks and how to prevent them | TechTarget
Artificial Intelligence
Banks told to expand risk management to cover AI (finextra.com)
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
22% of employees admit to breaching company rules with GenAI - Help Net Security
6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)
Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech
Microsoft GM on AI and elections: 'There will be fakes' • The Register
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
Security and AI occupy SME thoughts | Microscope (computerweekly.com)
Malware
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Detecting Windows-based Malware Through Better Visibility (thehackernews.com)
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)
Thousands of Australian Businesses Targeted With RAT (darkreading.com)
Mobile
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW
Location tracking and the battle for digital privacy - Help Net Security
How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution
UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times
Data Breaches/Leaks
Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)
Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)
Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop
Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)
Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week
Nearly 1M medical records feared stolen from City of Hope • The Register
SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)
Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR
PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)
OWASP discloses breach due to a Wiki web server misconfig • The Register
US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)
Organised Crime & Criminal Actors
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Rise of non-tech hackers: new era of cyber threats - VnExpress International
India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters
Cyber criminal adoption of browser fingerprinting - Help Net Security
With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Insider Risk and Insider Threats
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Insurance
Can cyber insurance help secure business? | Mint (livemint.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Supply Chain and Third Parties
Cloud/SaaS
How much does cloud-based identity expand your attack surface? - Help Net Security
Who owns your data? SaaS contract security, privacy red flags | CSO Online
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Identity and Access Management
Linux and Open Source
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)
Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)
A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)
What we know about the xz Utils backdoor that almost infected the world | Ars Technica
Malicious xz backdoor reveals fragility of open source • The Register
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
German state switches to LibreOffice, promises Windows move • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)
Social Media
WhatsApp was down in Meta’s second big outage this year | TechCrunch
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
Malvertising
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)
Training, Education and Awareness
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Regulations, Fines and Legislation
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)
6 business benefits of data protection and GDPR compliance | TechTarget
Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Models, Frameworks and Standards
Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra
NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)
Are businesses prepared for the CSF 2.0 challenge? - Digital Journal
Backup and Recovery
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Data protection vs. data backup: How are they different? | TechTarget
Data Protection
6 business benefits of data protection and GDPR compliance | TechTarget
How to conduct a data privacy audit, step by step | TechTarget
Data protection vs. data backup: How are they different? | TechTarget
Careers, Working in Cyber and Information Security
The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Are you okay? Understanding the world of a CISO | CSO Online
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update
UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)
Nation State Actors
China
UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO
Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)
MPs challenge government claims China cyber attack was unsuccessful (ft.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
UK, Czech ministers among China’s hacking targets – POLITICO
Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)
Russia
Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News
STA: Russian hackers take responsibility for cyber attack on Slovenia
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics
Russian network that 'paid European politicians' busted, authorities claim - BBC News
Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)
Iran
Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)
Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor
North Korea
Vulnerability Management
CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Vulnerabilities
Are You Affected by the Backdoor in XZ Utils? (darkreading.com)
Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)
Apple GoFetch was caused by an obsession with speed • The Register
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Splunk Patches Vulnerabilities in Enterprise Product - Security Week
JetBrains fixes 26 'security problems,' offering no details • The Register
Tools and Controls
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
How much does cloud-based identity expand your attack surface? - Help Net Security
How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)
Building a cyber security risk assessment template - Security Boulevard
Microsoft unveils safety and security tools for generative AI | InfoWorld
The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Can cyber insurance help secure business? | Mint (livemint.com)
71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard
Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)
Cyber Risk Management: A Beginner's Guide - Security Boulevard
Microsoft Entra Recommendations adds several more for better user security - Neowin
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Why a Cloud Security Platform Approach is Critical | Trend Micro (US)
The Importance Of Physical Cyber Security Testing (forbes.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Human risk is the top cyber threat for IT teams - Help Net Security
Data protection vs. data backup: How are they different? | TechTarget
SIEM Implementation: Strategies and Best Practices | MSSP Alert
Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)
Other News
Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)
Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)
Microsoft slammed for lax infosec that led to Exchange crack • The Register
Infosec professionals praise CSRB report on Microsoft breach | TechTarget
76% of consumers don't see themselves as cyber crime targets - Help Net Security
Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)
Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law
Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)
Australia Doubles Down On Cyber Security After Attacks (darkreading.com)
Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)
Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)
Healthcare's cyber resilience under siege as attacks multiply - Help Net Security
Rise of non-tech hackers: new era of cyber threats - VnExpress International
Why Cultural Institutions Are Rich Targets for Cyber Attackers (informationweek.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 February 2023
Black Arrow Cyber Threat Briefing 03 February 2023:
-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
-The Corporate World is Losing its Grip on Cyber Risk
-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside
-98% of Organisations Have a Supply Chain Relationship That Has Been Breached
-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
-Financial Services Targeted in 28% of UK Cyber Attacks Last Year
-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For
-City of London on High Alert After Ransomware Attack
-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC). Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.
Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject. When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.
"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.
BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.
The Corporate World is Losing its Grip on Cyber Risk
Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.
But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.
But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”
The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.
https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906
Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.
Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.
Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.
Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.
Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.
Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk. The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.
Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year.
In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.
The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside
A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training.
98% of Organisations Have a Supply Chain Relationship That Has Been Breached
A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.
In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.
Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.
The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable. It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.
Financial Services Targeted in 28% of UK Cyber Attacks Last Year
Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.
https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/
Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For
Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.
The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.
City of London on High Alert After Ransomware Attack
A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/
JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.
JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.
https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79
Threats
Ransomware, Extortion and Destructive Attacks
City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)
New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Copycat Criminals mimicking Lockbit gang in northern Europe security affairs
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg
Regulators weigh in on ION attack as LockBit takes credit • The Register
New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)
Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)
Schools don't pay, but ransomware attacks still increasing | TechTarget
Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Nevada Ransomware Has Released Upgraded Locker security affairs
LockBit Green ransomware variant borrows code from Conti one security affairs
Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)
Ransomware attacks on public sector persist in January | TechTarget
Ransomware attack on data firm ION could take days to fix -sources | Reuters
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Phishing & Email Based Attacks
Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)
Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)
PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Malvertising attacks are distributing .NET malware loaders • The Register
Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)
Mobile
Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)
Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Botnets
Denial of Service/DoS/DDOS
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)
Internet of Things – IoT
IoT, connected devices biggest contributors to expanding application attack surface | CSO Online
European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)
Anker finally comes clean about its Eufy security cameras - The Verge
Data Breaches/Leaks
JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)
Organised Crime & Criminal Actors
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
6 Examples of the Evolution of a Scam Site (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Insider Risk and Insider Threats
Insider attacks becoming more frequent, more difficult to detect - Help Net Security
Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)
The next cyber threat may come from within - Help Net Security
Insider threats: The cyber risks lurking in the dark (betanews.com)
Former Ubiquiti dev pleads guilty to data theft, extortion • The Register
Fraud, Scams & Financial Crime
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek
6 Examples of the Evolution of a Scam Site (darkreading.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire
Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Dark Web
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
Supply Chain and Third Parties
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek
Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online
CISA to Open Supply Chain Risk Management Office (darkreading.com)
Cloud/SaaS
Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online
Hybrid cloud storage security challenges - Help Net Security
Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security
Containers
Encryption
Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)
Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek
API
The emergence of trinity attacks on APIs - Help Net Security
API management (APIM): What It Is and Where It’s Going security affairs
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News
KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)
Social Media
Inside TikTok’s proposal to address US national security concerns | CyberScoop
Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Regulators weigh in on ION attack as LockBit takes credit • The Register
New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online
Governance, Risk and Compliance
Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security
Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)
The corporate world is losing its grip on cyber risk | Financial Times (ft.com)
Careers, Working in Cyber and Information Security
The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek
Economic headwinds could deepen the cyber security skills shortage | CSO Online
Law Enforcement Action and Take Downs
7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Hacker accused of having stolen personal data of all Austrians security affairs
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Privacy, Surveillance and Mass Monitoring
On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)
Hacker accused of having stolen personal data of all Austrians security affairs
Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)
Artificial Intelligence
Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online
OpenAI releases tool to detect AI-written text (bleepingcomputer.com)
Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Nation State Actors
Nation State Actors – Russia
Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)
Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Nation State Actors – China
Google deletes 50,000 pro-China fake-news vids and blogs • The Register
TikTok CEO to testify before US. Congress over security concerns | Reuters
Nation State Actors – North Korea
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
The future of vulnerability management and patch compliance - Help Net Security
What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)
Vulnerabilities
Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)
Patch management is crucial to protect Exchange servers, Microsoft warns security affairs
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)
Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)
Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)
Why you might not be done with your January Microsoft security patches | CSO Online
HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)
High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs
Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)
Threat activity increasing around Fortinet VPN vulnerability | TechTarget
Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online
Tools and Controls
Other News
We can't rely on goodwill to protect our critical infrastructure - Help Net Security
Playing Military Sim War Thunder May Get You Classed as a National Security Risk
Cyber attacks in space: How safe are our satellites? | Metro News
Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 06 January 2023
Black Arrow Cyber Threat Briefing 06 January 2023:
-Cyber War in Ukraine, Ransomware Fears Drive Surge in Demand for Threat Intelligence Tools
-Cyber Premiums Holding Firms to Ransom
-Ransomware Ecosystem Becoming More Diverse For 2023
-Attackers Evolve Strategies to Outmanoeuvre Security Teams
-Building a Security-First Culture: The Key to Cyber Success
-Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue
-First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)
-Data of 235 Million Twitter Users Leaked Online
-16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, Infrastructure
-Ransomware Gang Apologizes, Gives SickKids Hospital Free Decryptor
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber War in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools
Amid the heightened fear of ransomware in 2022, threat intelligence emerged as a core requirement of doing business in a world gone mad.
A sizable amount of interest in the historically tech-centric discipline was fuelled in part by fear of cyber attacks tied to the war between Russia and Ukraine. In one example, the Ukrainian government warned the world that the Russian military was planning for multi-pronged attacks targeting the energy sector. Other nation-state cyber attack operations also contributed to the demand, including one June 2022 incident were Iran’s Cobalt Mirage exploited PowerShell vulnerabilities to launch ransomware attacks.
And of course, headlines of data breaches tied to vulnerabilities that organisations did not even know existed within their networks caught the attention not just of security teams, but the C-Suite and corporate board. A misconfigured Microsoft server, for example, wound up exposing years of sensitive data for tens of thousands of its customers, including personally identifiable information, user data, product and project details and intellectual property.
Indeed, according to 183 security pros surveyed by CyberRisk Alliance Business Intelligence in June 2022, threat intelligence has become critical in arming their security operations centres (SOCs) and incident response teams with operational data to help them make timely, informed decisions to prevent system downtime, thwart the theft of confidential data, and protect intellectual property.
Threat intelligence has emerged as a useful tool for educating executives. Many also credited threat intelligence for helping them protect their company and customer data — and potentially saving their organisation's reputation.
Cyber Premiums Holding Firms to Ransom
Soaring premiums for cyber security insurance are leaving businesses struggling to pay other bills, a key industry player has warned.
Mactavish, which buys insurance policies on behalf of companies, said that more than half of big businesses that had bought cyber security insurance had been forced to make cuts elsewhere to pay for it.
In a survey of 200 companies with a turnover above £10 million, Mactavish found that businesses were reducing office costs and staff bonuses and were cutting other types of insurance to meet the higher payments.
Last month Marsh, an insurance broker, revealed that costs for cyber insurance had increased by an average of 66 per cent in the third quarter compared with last year.
Meanwhile, the risk to businesses from hackers continues to rise. A government report on digital threats, published this month, showed the proportion of businesses experiencing cyber security incidents at least monthly had increased from 53 per cent to 60 per cent in the past year. Uber, Cisco and InterContinental Hotels Group were among high-profile targets this year.
https://www.thetimes.co.uk/article/cyber-safety-premiums-hold-firms-to-ransom-tnrsz3vs2
Ransomware Ecosystem Becoming More Diverse for 2023
The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratisation of ransomware is bad news for organisations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms.
Since 2019 the ransomware landscape has been dominated by big and professionalised ransomware operations that constantly made the news headlines and even looked for media attention to gain legitimacy with potential victims. We've seen ransomware groups with spokespeople who offered interviews to journalists or issued "press releases" on Twitter and their data leak websites in response to big breaches.
The DarkSide attack against Colonial Pipeline that led to a major fuel supply disruption along the US East Coast in 2021 highlighted the risk that ransomware attacks can have against critical infrastructure and led to increased efforts to combat this threat at the highest levels of government. This heightened attention from law enforcement made the owners of underground cyber crime forums reconsider their relationship with ransomware groups, with some forums banning the advertising of such threats. DarkSide ceased operations soon thereafter and was followed later in the year by REvil, also known as Sodinokibi, whose creators were indicted and one was even arrested. REvil was one of the most successful ransomware groups since 2019.
Russia's invasion of Ukraine in February 2022 quickly put a strain on the relationship between many ransomware groups who had members and affiliates in both Russia and Ukraine, or other former USSR countries. Some groups, such as Conti, rushed to take sides in the war, threatening to attack Western infrastructure in support of Russia. This was a departure from the usual business-like apolitical approach in which ransomware gangs had run their operations and drew criticism from other competing groups.
This was also followed by a leak of internal communications that exposed many of Conti's operational secrets and caused uneasiness with its affiliates. Following a major attack against the Costa Rican government the US State Department put up a reward of $10 million for information related to the identity or location of Conti's leaders, which likely contributed to the group's decision to shut down operations in May.
Conti's disappearance led to a drop in ransomware activity for a couple of months, but it didn't last long as the void was quickly filled by other groups, some of them newly set up and suspected to be the creation of former members of Conti, REvil and other groups that ceased operations over the past two years.
Attackers Evolve Strategies to Outmanoeuvre Security Teams
Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyber attacks in 2023, favoured over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to cyber security solution provider Titaniam.
The fast pace of change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers. To compete in the digital marketplace, large companies are adopting more cloud services, aggregating data, pushing code into production faster, and connecting applications and systems via APIs.
As a result, misconfigured services, unprotected databases, little-tested applications, and unknown and unsecured APIs abound, all of which can be exploited by attackers.
The top four threats in 2022 were malware (30%), ransomware and extortion (27%), insider threats (26%), and phishing (17%).
The study found that enterprises expected malware (40%) to be their biggest challenge in 2023, followed by insider threats (26%), ransomware and related extortion (21%), and phishing (16%).
Malware, however, has more enterprises worried for 2023 than it did for 2022. It is important to note that these threats can overlap, where insiders can have a hand in ransomware attacks, phishing can be a source of malware, etc.
Attackers are evolving their strategies to surprise and outmanoeuvre security teams, which have hardened ransomware defences and improved phishing detection. They’re using new malware, such as loaders, infostealers, and wipers to accelerate attacks, steal sensitive data and create mayhem.
They’re also buying and stealing employee credentials to walk in through the front door of corporate networks.
https://www.helpnetsecurity.com/2023/01/04/attackers-evolve-strategies-outmaneuver-security-teams/
Building a Security-First Culture: The Key to Cyber Success
Everyone has heard a car alarm go off in the middle of the night, but how often does that notification actually lead to action? Most people will hear the alarm, glance in its direction and then hope the owner will quickly remedy the situation.
Cars alarms often fail because they go off too often, leading to apathy and annoyance instead of being a cause for emergency. For many, cyber security has also become this way. While we see an increase in the noise surrounding the need for organisations to improve the security skillset and knowledge base of employees, there continues to be little proactive action on this front. Most organisations only provide employees with elementary-grade security training, often during their initial onboarding process or as part of a standard training requirement.
At the same time, many organisations also make the grave mistake of leaving all of their security responsibilities and obligations in the hands of IT and security teams. Time and time again, this approach has proven to be highly ineffective, especially as cyber criminals refine their social engineering tactics and target user accounts to execute their attacks.
Alarmingly, recent research found that 30% of employees do not think that they play a role in maintaining their company’s cyber security posture. The same report also revealed that only 39% of employees say they are likely to report a security incident.
As traditional boundaries of access disintegrate and more employees obtain permissions to sensitive company data and systems to carry out their tasks, business leaders must change the mindset of their employees when it comes to the role they play in keeping the organisation safe from cyber crime. The key is developing an integrated cyber security strategy that incorporates all aspects—including all stakeholders—of the organisation. This should be a strategy that breaks down departmental barriers and creates a culture of security responsibility where every team member plays a part.
Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue
Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalogue to help federal agencies and critical infrastructure organisations identify and remediate vulnerabilities that are actively being exploited. CISA added 548 new vulnerabilities to the catalogue across 58 updates from January to end of November 2022, according to cyber security solution provider Grey Noise in its first-ever "GreyNoise Mass Exploits Report."
Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalogue's existence.
Actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalogue in 2022, Grey Noise found. Seventy-seven percent of the updates to the KEV catalogue were older vulnerabilities dating back to before 2022. Many of these vulnerabilities have been around for two decades.
Several of the vulnerabilities in the KEV catalogue are from products that have already entered end-of-life (EOL) and end-of-service-life (EOSL), according to an analysis by a team from cyber security solution provider Cyber Security Works. Even though Windows Server 2008 and Windows 7 are EOSL products, the KEV catalogue lists 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.
Even though the catalogue was originally intended for critical infrastructure and public-sector organisations, it has become the authoritative source on which vulnerabilities are – or have been – exploited by attackers. This is key because the National Vulnerability Database (NVD) assigned Common Vulnerabilities and Exposures (CVE) identifiers for over 12,000 vulnerabilities in 2022, and it would be unwieldy for enterprise defenders to assess every single one to identify the ones relevant to their environments. Enterprise teams can use the catalogue's curated list of CVEs under active attack to create their priority lists.
First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)
In the past week, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.
The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.
The most concerning of the two new breaches is the one hitting CircleCI. The company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.
CircleCI says it’s used by more than 1 million developers in support of 30,000 organisations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.
It’s possible that some or all of these breaches are related. The Internet relies on a massive ecosystem of content delivery networks, authentication services, software development tool makers, and other companies. Threat actors frequently hack one company and use the data or access they obtain to breach that company's customers or partners. That was the case with the August breach of security provider Twilio. The same threat actor targeted 136 other companies. Something similar played out in the last days of 2020 when hackers compromised Solar Winds, gained control of its software build system, and used it to infect roughly 40 Solar Winds customers.
For now, people should brace themselves for additional disclosures from companies they rely on. Checking internal system logs for suspicious entries, turning on multifactor authentication, and patching network systems are always good ideas, but given the current events, those precautions should be expedited. It’s also worth checking logs for any contact with the IP address 54.145.167.181, which one security practitioner said was connected to the CircleCI breach.
Data of 235 Million Twitter Users Leaked Online
A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analysed it and confirmed the authenticity of many of the entries in the huge leaked archive.
In January 2022, a report claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data, and was present within the social media platforms application programming interface (API) from June 2021 until January 2022.
At the end of July 2022, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting the forementioned, now-fixed vulnerability in the popular social media platform. The scraped data was then put up for sale on various online cyber crime marketplaces. In August, Twitter confirmed that the data breach was caused by a now-patched zero-day flaw.
In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it. The seller claimed the database is private, and he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of special usernames.
https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html
16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, and Infrastructure
A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.
Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personally identifiable information (PII) belonging to customers and employees, and account takeover, among others. The hacks targeted telematic systems, automotive APIs, and infrastructure.
Impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. The vulnerabilities were identified over the course of 2022. Car manufacturers were informed about the security holes and they released patches.
According to the researchers, they were able to send commands to Acura, Genesis, Honda, Hyundai, Kia, Infiniti, Nissan, and Porsche vehicles.
Using only the VIN (vehicle identification number), which is typically visible on the windshield, the researchers were able to start/stop the engine, remotely lock/unlock the vehicle, flash headlights, honk vehicles, and retrieve the precise location of Acura, Honda, Kia, Infiniti, and Nissan cars.
They could also lock users out of remote vehicle management and could change car ownership.
https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure
Ransomware Gang Apologises, and Gives SickKids Hospital Free Decrypter
The LockBit ransomware gang has released a free decrypter for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organisation. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.
On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.
On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. Two days after SickKids' latest announcement, the LockBit ransomware gang apologised for the attack on the hospital and released a decrypter for free.
“We formally apologise for the attack on sikkids.ca and give back the decrypter for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate programme," stated the ransomware gang.
Threats
Ransomware, Extortion and Destructive Attacks
Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)
Rackspace: Customer email data accessed in ransomware attack (bleepingcomputer.com)
Ransomware gang cloned victim’s website to leak stolen data (bleepingcomputer.com)
Rackspace identifies hacking group responsible for early December ransomware attack | TPR
Ransomware ecosystem becoming more diverse for 2023 | CSO Online
Rackspace Sunsets Email Service Downed in Ransomware Attack (darkreading.com)
December ransomware disclosures reveal high-profile victims | TechTarget
The Guardian ransomware attack hits week two as staff WFH • The Register
Unraveling the techniques of Mac ransomware - Microsoft Security Blog
Bitdefender releases free MegaCortex ransomware decryptor (bleepingcomputer.com)
Ransomware Research: More than 200 US Infrastructure Organisations Attacked in 2022 - MSSP Alert
Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 (bleepingcomputer.com)
Guardian ransomware attack: Staff told work from home to 23 Jan (pressgazette.co.uk)
Rail giant Wabtec discloses data breach after Lockbit ransomware attack (bleepingcomputer.com)
Christmas Eve 'cyber attack' forced Arnold Clark's network down | STV News
Royal ransomware claims attack on Queensland University of Technology (bleepingcomputer.com)
LockBit: Sorry for SickKids, but not housing authority • The Register
Canadian mining firm shuts down mill after ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Data of 235 million Twitter users leaked online - Security Affairs
Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)
Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (thehackernews.com)
Hackers abuse Windows error reporting tool to deploy malware (bleepingcomputer.com)
New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)
Bluebottle hackers used signed Windows driver in attacks on banks (bleepingcomputer.com)
Dridex Returns, Targets MacOS Using New Entry Method (trendmicro.com)
New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)
PyTorch discloses malicious dependency chain compromise over holidays (bleepingcomputer.com)
WordPress Sites Under Attack from Newly Found Linux Trojan (darkreading.com)
Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)
Raspberry Robin Worm Hatches a Highly Complex Upgrade (darkreading.com)
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley
Five Guys Data Breach Puts HR Data Under a Heat Lamp (darkreading.com)
Analysis Of Top 10 Countries Mostly Targeted By Data Breaches (informationsecuritybuzz.com)
I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)
Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs
Toyota, Mercedes, BMW API flaws exposed owners’ personal info (bleepingcomputer.com)
Threat actors stole Slack private source code repositories - Security Affairs
Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley
Organised Crime & Criminal Actors
Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)
Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online
Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Software engineer busted after being inspired by Office Space scam | PC Gamer
Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)
Ex-GE engineer sentenced for stealing turbine tech for China • The Register
Fraud, Scams & Financial Crime
Avast: Expect Cyber crime "Scamdemic" to Continue in 2023 - MSSP Alert
Software engineer busted after being inspired by Office Space scam | PC Gamer
US regulators warn banks over cryptocurrency risks - BBC News
RedZei Chinese Scammers Targeting Chinese Students in the UK (thehackernews.com)
Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Cyber safety premiums holding firms to ransom | Business | The Times
How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Encryption
API
Car companies massively exposed to web vulnerabilities | The Daily Swig (portswigger.net)
16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure | SecurityWeek.Com
What Are Some Ways to Make APIs More Secure? (darkreading.com)
Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs
Open Source
New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)
New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)
Social Media
Data of 235 million Twitter users leaked online - Security Affairs
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)
Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)
Meta fined €390m over use of data for targeted ads - BBC News
More Political Storms for TikTok After US Government Ban | SecurityWeek.Com
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Cyber safety premiums holding firms to ransom | Business | The Times
Attackers never let a critical vulnerability go to waste - Help Net Security
Attackers evolve strategies to outmanoeuvre security teams - Help Net Security
How to start planning for disaster recovery - Help Net Security
Building A Security-First Culture: The Key To Cyber Success (forbes.com)
Data backup is no longer just about operational fallback - Help Net Security
Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)
How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security
Secure Disposal
Backup and Recovery
Data Protection
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
National security fears over police using Chinese tech | News | The Times
Meta fined €390m over use of data for targeted ads - BBC News
Artificial Intelligence
ChatGPT: An Easy Cyber crime Target For Cyber attacks (informationsecuritybuzz.com)
OpenAI's ChatGPT previews how AI can help hackers breach more networks (axios.com)
NATO tests AI’s ability to protect critical infrastructure against cyber attacks | CSO Online
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)
Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online
It's time to focus on information warfare's hard questions (cyberscoop.com)
National security fears over police using Chinese tech | News | The Times
Ex-GE engineer sentenced for stealing turbine tech for China • The Register
Pro-Russia cyber attacks aim at destabilizing Poland - Security Affairs
Poland warns of attacks by Russia-linked Ghostwriter hacking group (bleepingcomputer.com)
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
National security fears over police using Chinese tech | News | The Times
Ex-GE engineer sentenced for stealing turbine tech for China • The Register
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)
Attackers never let a critical vulnerability go to waste - Help Net Security
Vulnerabilities
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (bleepingcomputer.com)
Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)
Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)
Zoho urges admins to patch severe ManageEngine bug immediately (bleepingcomputer.com)
Android's First Security Updates for 2023 Patch 60 Vulnerabilities | SecurityWeek.Com
Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (thehackernews.com)
Qualcomm, Lenovo flag multiple high impact firmware vulnerabilities | SC Media (scmagazine.com)
Netgear Wi-Fi routers need to be patched immediately | TechRadar
Other News
The cyber security industry will undergo significant changes in 2023 - Help Net Security
SecurityAffairs Top 10 cybersecurity posts of 2022 - Security Affairs
BleepingComputer's most popular cybersecurity stories of 2022
WordPress Security: 22 Ways To Protect Your Website (informationsecuritybuzz.com)
Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.