Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider

UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.

Sources: [LBC] [The Register] [Sky News]

Security Tools Fail to Translate Risks for Executives

Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.

The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.

Source: [Help Net Security]

Gang Accused of MGM Hack Shifts Attacks to Finance Sector

The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.

Sources: [Bloomberg Law] [Claims Journal]

Are SMEs Paving the Way for Cyber Attacks on Larger Companies?

A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.

Sources: [Insurance Times] [Dark Reading]

Misconfigurations Drive 80% of Security Exposure, Report Finds

A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.

Sources: [Security Magazine]

Only 45% of Organisations Employ MFA Protections

A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.

Source: [Help Net Security]

You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever

For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.

Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.

Sources: [Security Brief] [Help Net Security] [IT Security Guru]

The Rise and Stealth of The Socially Engineered Insider

Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.

Source: [Forbes]

Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.

Sources: [Help Net Security] [IT Security Guru]

Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security

Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.

Source: [JDSupra]

Ransomware Activity Thrives, Despite Law enforcement Efforts

Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.

Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]

NATO Warns of Russian Hybrid Warfare

NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”.  The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.

Sources: [EU Reporter] [Financial Times]

Governance, Risk and Compliance

• You cannot protect what you do not understand (securitybrief.co.nz)

• Why 2024 will be the year of the CISO | CSO Online

• Security tools fail to translate risks for executives - Help Net Security

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)

• Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)

• Why SMBs are facing significant security, business risks - Help Net Security

• Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

• The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)

• CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)

• 92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire

• What's the Future Path for CISOs? (darkreading.com)

• RSAC: How CISOs Should Protect Themselves Against Indictments - Infosecurity Magazine (infosecurity-magazine.com)

• Three strategies for winning the cyber security arms race | Fintech Nexus

• Why Cyber Security Is More Important Than Ever | Inc.com

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• CIOs and CFOs, two parts of the same whole - IT Security Guru

Threats

Ransomware, Extortion and Destructive Attacks

• Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)

• The State of Ransomware 2024 - InfoRiskToday

• Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)

• Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Ransomware evolves from extortion to 'psychological attacks' • The Register

• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)

• Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security

• An overwhelming majority of organisations paid ransomware last year - eCampus News

• Global ransomware crisis worsens - Help Net Security

• The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)

• Law enforcement seized Lockbit group's website again (securityaffairs.com)

• Consultant charged with $1.5M extortion of IT giant • The Register

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• Alleged Russian hacker unmasked as Bermuda joins sanctions effort - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

• Ransomware crooks SIM swap kids to pressure parents • The Register

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• CISA boss: Secure software needed to stop ransomware • The Register

• Shields Up: How to Minimize Ransomware Exposure - Security Week

• How financial services organisations can protect valuable data in the age of ransomware (finextra.com)

• Defenders assemble: Time to get in the game – Sophos News

Ransomware Victims

• UnitedHealth’s 'egregious negligence' led to that ransomware • The Register

• Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)

• London Drugs president tight-lipped over recent cyber attack | CBC News

• Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop

• Cyber attack disrupts operations at major US health care network | CNN Business

• City of Wichita Shuts Down Network Following Ransomware Attack - Security Week

• Patient appointments imperilled by cyber attack on French radiologist (therecord.media)

• Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Social Engineering

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• What is social engineering penetration testing? | Definition from TechTarget

Artificial Intelligence

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

• Organisations go ahead with AI despite security risks - Help Net Security

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

• Strategies for preventing AI misuse in cyber security - Help Net Security

• AI is changing the game when it comes to cyber security | ITPro

• Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET

• LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)

• Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)

• How to detect deepfakes manually and using AI | TechTarget

• Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks - Infosecurity Magazine (infosecurity-magazine.com)

• Criminal Use of AI Growing, But Lags Behind Defenders - Security Week

2FA/MFA

• Only 45% of organisations use MFA to protect against fraud - Help Net Security

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

Malware

• Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (thehackernews.com)

• ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Hackers are using fake apps to distribute this dangerous Mac malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

Mobile

• Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

• Ransomware crooks SIM swap kids to pressure parents • The Register

Denial of Service/DoS/DDOS

• 87% of DDoS Attacks Targeted Windows OS Devices in 2023 (darkreading.com)

Data Breaches/Leaks

• How does a data breach affect you and why should you care? | TechRadar

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Dell customer order database stolen, for sale on dark web • The Register

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• 10,000 Customers’ Data Exposed in UK Government Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED

• Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)

• Security breach affects 6,000 German military VC meetings (avinteractive.com)

• Security company exposes 1.2M guard and suspect records • The Register

• Children's mental health records published after cyber attack - BBC News

• Georgia education agency's MOVEit data theft impacted 800K • The Register

• Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru

• Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week

• UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)

• 'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News

• Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years (bitdefender.com)

• Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)

• Dating apps kiss'n'tell all sorts of sensitive user info • The Register

Organised Crime & Criminal Actors

• Hackers of all kinds are attacking routers across the world | TechRadar

• Cyber crime stats you can't ignore - Help Net Security

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

• Threat Actors Weaponize Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Insider Risk and Insider Threats

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

Supply Chain and Third Parties

• UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)

• Details of UK military personnel exposed in huge payroll data breach | AP News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• The complexities of third-party risk management - Help Net Security

Cloud/SaaS

• What is Cloud Security in Banking? | HackerNoon

• Does cloud security have a bad reputation? | InfoWorld

Encryption

• Cop complaints won't stop E2EE, says encryption advocate • The Register

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

Linux and Open Source

• Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)

• Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)

• A Guide to Open Source Software Security - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News

• Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

• Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)

• What is credential stuffing? | Kaspersky official blog

• How secure is the “Password Protection” on your files and drives? - Help Net Security

Social Media

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

Training, Education and Awareness

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

Regulations, Fines and Legislation

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• EU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warn | TechCrunch

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

Models, Frameworks and Standards

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

Data Protection

• Privacy requests increased 246% in two years - Help Net Security

Careers, Working in Cyber and Information Security

• How workforce reductions affect cyber security postures - Help Net Security

• One in Four Tech CISOs Unhappy with Compensation - Security Boulevard

Law Enforcement Action and Take Downs

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Law Enforcement Takedowns Force Ransomware Affiliates to Diversify - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)

• LockBit leader unmasked and sanctioned - National Crime Agency

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• German police bust Europe's 'largest' scam call centre – DW – 05/02/2024

• Consultant charged with $1.5M extortion of IT giant • The Register

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs

• 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)

Nation State Actors

China

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• Geopolitical tensions rise with China. (thecyberwire.com)

• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)

Russia

• Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter

• Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)

• How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)

• EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)

• Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK

• Foreign Ministry:  Czech institutions targeted by GRU cyber attacks | Radio Prague International

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Russia slammed for cyber attacks (emergingrisks.co.uk)

• Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)

• UK joins partners in condemnation of malicious cyber activity by Russian Intelligence Services: UK government statement - GOV.UK (www.gov.uk)

• Russian cyber attacks on Germany spur intensified cyber recruitment and training   - Freelance Informer

• Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED

• Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters

• Highlights of international and Ukrainian cyber security news in April 2024 - National Security and Defence Council of Ukraine (rnbo.gov.ua)

• Poland says it too was targeted by Russian hackers – POLITICO

• Kaspersky denies claims it helped Russia with drones • The Register

Iran

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

North Korea

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Far-right websites hacked and defaced  | CyberScoop

• Threat Actors Weaponise Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Amnesty International Cites Indonesia as a Spyware Hub (darkreading.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know | WIRED

Vulnerability Management

• Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Patch management vs. vulnerability management: Key differences | TechTarget

• How remote work is changing patch management | TechTarget

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• CISA’s KEV list improving private and public-sector patching • The Register

• CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week

Vulnerabilities

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)

• Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)

• Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security

• LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)

• New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (thehackernews.com)

• New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)

• Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

• Apple just fixed an iTunes security flaw for Windows users, but they probably have bigger issues to worry about anyway | iMore

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually (securityaffairs.com)

Tools and Controls

• Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)

• Security tools fail to translate risks for executives - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• A Guide to Cyber Threat Intelligence (greydynamics.com)

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica

• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Strategies for preventing AI misuse in cyber security - Help Net Security

• Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)

• How to detect deepfakes manually and using AI | TechTarget

• What is social engineering penetration testing? | Definition from TechTarget

• How workforce reductions affect cyber security postures - Help Net Security

• What is biometrics? 10 physical and behavioural identifiers that can be used for authentication | CSO Online

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• Top 10 physical security considerations for CISOs | CSO Online

• Three Battle-Tested Tips for Surviving a Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• A SaaS Security Challenge: Getting Permissions All in One Place  (thehackernews.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Tips for Controlling the Costs of Security Tools - The New Stack

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)

Reports Published in the Last Week

• The State of Ransomware 2024 - Sophos

Other News

• Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge

• Microsoft will base part of senior exec comp on security, add deputy CISOs to product groups – GeekWire

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• Complexity leads to trade-off between risk and innovation (betanews.com)

• When has the UK faced cyber attacks in the past? | The Independent

• Man-in-the-middle attack: The new cyber security threat | YourStory

• Paris 2024 gearing up to face unprecedented cyber security threat | Reuters

• From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats - Security Week

• 38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)

• Why undersea cables need high-priority protection • The Register

• GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)

• Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar

• Fujitsu sets aside £200m as calls mount for Post Office scandal payout

• eGates across UK airports go down (thelondoneconomic.com)

• FE News | Why the education sector needs to do the homework on cyber security as attacks soar

• Caught with our pants down - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape

The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.

The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.

Sources: [ITPro] [The Debrief]

Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge

The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.

However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.

Sources: [ITPro] [Law Society] [Security Brief] [Financial Times]  [Infosecurity Magazine]

Researcher Uncovers One of The Biggest Password Dumps in Recent History

Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.

Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.

Source: [Ars Technica]

Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.

Source: [Infosecurity Magazine]

75% of Organisations Hit by Ransomware in 2023

A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.

Source: [Infosecurity Magazine]

The Dangers of Quadruple Blow Ransomware Attacks

With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.

This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.

Source: [TechRadar]

Human Error and Insiders Expose Millions in UK Law Firm Data Breaches

UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.

Source: [Infosecurity Magazine]

It’s a New Year and a Good Time for a Cyber Security Checkup

2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.

Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.

Source: [JDSupra]

Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster

Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.

In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.

Source: [The Hacker News]

Cyber Threats Top Global Business Risk Concern for 2024

Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.

Source: [Insurance Journal]

Generative AI has CEOs Worried About Cyber Security, PwC Survey Says

A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company.  When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.

Source: [Quartz]

With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too

As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.

Source: [Dark Reading]

Digital Resilience: a Step Up from Cyber Security

In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [CSO Online] [Financial Times]

Governance, Risk and Compliance

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• JPMorgan suffers 45bn cyber attacks a day (ft.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• How to Recover After Failing a Cyber Security Audit - Security Boulevard

• Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

• Security considerations during layoffs: Advice from an MSSP - Help Net Security

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• How to improve cyber resilience across your workforce (ft.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• UK finance firms faced a torrent of ransomware attacks in 2023 as threat actors ramped up activities | ITPro

• Veeam Data Protection Trends Report 2024 Finds Cyber Attacks the #1 Cause of Business Outages | Business Wire

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)

• The Top 10 Ransomware Groups of 2023 - Security Boulevard

• 3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)

• Ransomware causes mental, physical trauma to security pros • The Register

• The dangers of quadruple blow ransomware attacks | TechRadar

• Ransomware: how financial institutions can prepare to react quickly through regulatory compliance (finextra.com)

• Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security

• Outsmarting Ransomware’s New Playbook - SecurityWeek

• TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)

• Ransomware negotiation: When cyber security meets crisis management - Help Net Security

Ransomware Victims

• Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• British Library to share learning from cyber attack - Museums Association

• British Library starts restoring services online after hack - BBC News

• British cosmetics firm Lush confirms cyber attack (therecord.media)

• Delay to Manx Care dental services after cyber attack - BBC News

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)

• A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar

• Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard

Artificial Intelligence

• AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)

• Adversaries exploit trends, target popular GenAI apps - Help Net Security

• The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)

• The power of AI in cyber security - Help Net Security

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• AI Could Make Cyber Threats Harder to Detect (newswise.com)

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

2FA/MFA

• Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

Malware

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)

• Data-theft malware exploits Windows Defender SmartScreen • The Register

• Windows PCs targeted by dangerous new threat that even gets around Defender - and even though there's a fix, you could still be at risk | TechRadar

• MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)

• Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar

• JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard

• $80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Mobile

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Your washing machine could be sending 3.7 GB of data a day — LG washing machine owner disconnected his device from Wi-Fi after noticing excessive outgoing daily data traffic | Tom's Hardware (tomshardware.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Modernising print security for today’s working world | TechRadar

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Data Breaches/Leaks

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Insufficient cyber security caused PSNI data breach  (iapp.org)

• Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

Organised Crime & Criminal Actors

• Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard

• Illegal online casinos spread crypto-crime across Asia • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Illegal online casinos spread crypto-crime across Asia • The Register

Insider Risk and Insider Threats

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Preventing insider access from leaking to malicious actors - Help Net Security

Insurance

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)

• Fighting ransomware: A guide to getting the right cyber security insurance | SC Media (scmagazine.com)

Supply Chain and Third Parties

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

Cloud/SaaS

• Insurance website's buggy API leaked Office 365 password • The Register

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• 3 ways to combat rising OAuth SaaS attacks - Help Net Security

• FBI: Beware of cloud-credential thieves building botnets • The Register

• Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)

Identity and Access Management

• Digital nomads amplify identity fraud risks - Help Net Security

Encryption

• New Report Charts Roadmap To A Quantum-Secure Financial System – Eurasia Review

Passwords, Credential Stuffing & Brute Force Attacks

• Researcher uncovers one of the biggest password dumps in recent history | Ars Technica

• GitHub scrambles to rotate keys after credentials in production containers were potentially exposed | ITPro

• Insurance website's buggy API leaked Office 365 password • The Register

• FBI: Beware of cloud-credential thieves building botnets • The Register

Social Media

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Latest Adblock update causes massive YouTube performance hit (bleepingcomputer.com)

Training, Education and Awareness

• The right strategy for effective cyber security awareness - Help Net Security

• Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard

• How to improve cyber resilience across your workforce (ft.com)

Regulations, Fines and Legislation

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• IT consultant in Germany fined for exposing shoddy security • The Register

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

• Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard

• Home improvement marketers dial up trouble from regulator • The Register

Models, Frameworks and Standards

• 10 cyber security frameworks you need to know about - Help Net Security

• NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST

Backup and Recovery

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

Data Protection

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

Careers, Working in Cyber and Information Security

• Ransomware causes mental, physical trauma to security pros • The Register

• Protecting the protectors: combating stress in the cyber security industry | The Independent

• Best practices to mitigate alert fatigue - Help Net Security

• Universities not delivering the right skills for cyber security (betanews.com)

Law Enforcement Action and Take Downs

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

Misinformation, Disinformation and Propaganda

• Staying cyber secure in the age of misdirection | The Independent

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Election Security 2024: Biggest Cyber Threats and Practical Solutions - Infosecurity Magazine (infosecurity-magazine.com)

• OODA Loop - Elections Are Coming: Time to Sound Misinformation’s Clarion Call… Again

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• Cyberwar continues to underperform (reason.com)

Nation State Actors

China

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)

• China warns of AirDrop de-anonymisation flaw • The Register

Russia

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)

• Russia finds way around sanctions on battlefield tech: report – POLITICO

• Moscow imports a third of battlefield tech from western companies (ft.com)

• Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

Iran

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Threat-hunter says Iran is stepping up the sophistication of its cyber attacks (therecord.media)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why we must bring order to cyber vulnerability chaos | TechRadar

Vulnerabilities

• CISA: Critical SharePoint vuln is under active exploitation • The Register

• Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)

• Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability  - SecurityWeek

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)

• Two more Citrix NetScaler bugs exploited in the wild • The Register

• Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)

• Millions of GPUs from Apple, AMD and Qualcomm have a serious security flaw — and it could put literally all your data at risk if it isn't fixed | TechRadar

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Apple Magic Keyboards are at risk from security attacks – update now to protect your Mac or iPad | TechRadar

• Windows 10 security update requires some major changes - experts only need apply | TechRadar

• GitLab Patches Critical Password Reset Vulnerability - SecurityWeek

• Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek

• Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)

• New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica

• China warns of AirDrop de-anonymisation flaw • The Register

• Drupal Releases Security Advisory for Drupal Core | CISA

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)

Tools and Controls

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Key elements for a successful cyber risk management strategy - Help Net Security

• Preventing insider access from leaking to malicious actors - Help Net Security

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• Best practices to mitigate alert fatigue - Help Net Security

• Modernising print security for today’s working world | TechRadar

• APIs in peril: Wallarm's latest report exposes uptick in API attacks and highlights security predictions for 2024 | Business Wire

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Digital nomads amplify identity fraud risks - Help Net Security

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• The right strategy for effective cyber security awareness - Help Net Security

• SOC-as-a-Service: The Five Must-Have Features - Security Boulevard

Other News

• Post Office scandal latest: MPs 'shocked' by evidence from Fujitsu and Post Office boss - as victims Alan Bates and Jo Hamilton say they were 'gaslit' | UK News | Sky News

• Post Office syndrome: why we’re more vulnerable than ever to Horizon-like computer systems | The Independent

• What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)

• How news organisations became a prime target for cyber attacks (pressgazette.co.uk)

• UK doubles spending on overseas cyber security projects (ft.com)

• Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)

• NCSC Builds New “Cyber League” Threat Tracking Community - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.