Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 September 2023
Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:
-Ransomware Groups Are Shifting Their Focus Away From Larger Targets
-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
-Attacks on SME’s Surged in The First Half of 2023
-The CISO Carousel and Its Effect on Enterprise Cyber Security
-Bermuda Struggles to Recover from Ransomware Attack
-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations
-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
-Boards Still Lack Cyber Security Expertise
-4 Legal Surprises You May Encounter After a Cyber Security Incident
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Groups Are Shifting Their Focus Away from Larger Targets
Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.
Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.
Sources: [Techcentral] [Helpnet Security]
Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.
The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.
Sources: [Computer Weekly] [InfoSecurity Magazine]
Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.
Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.
Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]
Attacks on SME’s Surged in The First Half of 2023
According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.
An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices. Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.
Sources: [Inquirer] [HelpNet Security] [Insurance Times]
The CISO Carousel and Its Effect on Enterprise Cyber Security
The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.
In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.
Source: [Security Week]
Bermuda Struggles to Recover from Ransomware Attack
The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.
The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.
Sources: [Duo] [GovInfo Security] [Bleeping Computer]
Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.
Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.
Source: [Reinsurance News]
Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations
According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.
Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]
Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.
With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.
Sources: [BleepingComputer] [Inforsecurity Magazine]
Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.
AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.
Source: [Management Issues]
Boards Still Lack Cyber Security Expertise
A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]
4 Legal Surprises You May Encounter After a Cyber Security Incident
In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.
Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Dark Reading]
Governance, Risk and Compliance
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times
Business leaders most anxious about ransomware attacks (techinformed.com)
Cyber security incident response: Your company's ICU (channelweb.co.uk)
Cover-ups still the norm in the wake of a cyber incident | Computer Weekly
Many firms aren't reporting breaches to the proper authorities | TechRadar
Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)
CISOs are struggling to get cyber security budgets: Report | CSO Online
CISOs are spending more on cyber security - but it might not be enough | TechRadar
Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week
Financial crime compliance costs exceed $206 billion - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware soars as enterprises struggle to respond - Verdict
Ransomware groups are shifting their focus away from larger targets - Help Net Security
Business leaders most anxious about ransomware attacks (techinformed.com)
Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert
ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
Youth hacking ring at the center of cyber crime spree | CyberScoop
Current ransomware defencs efforts are not working - Help Net Security
VMware users anxious about costs and ransomware threats - Help Net Security
MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)
Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)
Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times
Ransomware Victims
Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)
Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Youth hacking ring at the center of cyber crime spree | CyberScoop
MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com
UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)
Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)
Phishing & Email Based Attacks
This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar
New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)
BEC – Business Email Compromise
Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)
BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Google is working to keep Bard chats out of Search • The Register
New working group to probe AI risks and applications | CyberScoop
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
How should organisations navigate the risks and opportunities of AI? - Help Net Security
Malware
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
A powerful new malware backdoor is targeting governments across the world | TechRadar
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Mobile
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Botnets
Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Denial of Service/DoS/DDOS
Internet of Things – IoT
If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Data Breaches/Leaks
UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine
Reported cyber security breaches increase threefold for financial services firms (cityam.com)
British charities warn supporters their personal data has been breached • Graham Cluley
Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)
National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)
BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)
Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online
Organised Crime & Criminal Actors
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)
Insider Risk and Insider Threats
75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
Fraud, Scams & Financial Crime
Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)
Beware: fraud and smishing scams targeting students | Bournemouth University
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Fraud prevention forces scammers to up their game - Help Net Security
Why young people are more prone to online scams than boomers are (news5cleveland.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher warns of chilling effect after feds search phone at airport | TechCrunch
AML/CFT/Sanctions
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Financial crime compliance costs exceed $206 billion - Help Net Security
Insurance
Dark Web
Supply Chain and Third Parties
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
3 phases of the third-party risk management lifecycle | TechTarget
Cloud/SaaS
Containers
Encryption
The UK just passed an online safety law that could make people less safe (theconversation.com)
Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt
Open Source
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)
Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)
Biometrics
Social Media
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
X scraps tool to report electoral fake news - researchers - BBC News
Malvertising
Training, Education and Awareness
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
The UK just passed an online safety law that could make people less safe (theconversation.com)
Are we about to lose the last pillar of our digital security? | Euronews
New working group to probe AI risks and applications | CyberScoop
Why California's Delete Act matters for the whole country - Help Net Security
Financial crime compliance costs exceed $206 billion - Help Net Security
Models, Frameworks and Standards
Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)
Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week
Careers, Working in Cyber and Information Security
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Demand for cyber security staff trebled since 2019 | Business Post
Cyber security and staffing issues key risks for companies | Accountancy Daily
Cyber security skills employers are desperate to find in 2023 - Help Net Security
Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)
Russian hacking operations target Ukrainian law enforcement | CyberScoop
Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)
Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)
Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News
Examining the Activities of the Turla APT Group (trendmicro.com)
Scottish Tory MSP has website hacked by 'hostile Russian group' | The National
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times
China
Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week
China’s national security minister lists top digital threats • The Register
Misc Nation State/Cyber Warfare
Vulnerability Management
Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)
Vulnerabilities
Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)
Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week
Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica
Firefox 118 Patches High-Severity Vulnerabilities - Security Week
Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Tools and Controls
Cyber security incident response: Your company's ICU (channelweb.co.uk)
CISOs are spending more on cyber security - but it might not be enough | TechRadar
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld
What Is a Network Security Assessment and Why You Need It | MSSP Alert
Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)
The pitfalls of neglecting security ownership at the design stage - Help Net Security
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek
Cyber security budgets show moderate growth - Help Net Security
Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra
Other News
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET
Why aviation needs to prioritise cyber security – Airport World (airport-world.com)
Are Fire Departments Prepared for a Cyber Attack? | HackerNoon
Fintechs must brace for rising cyber security challenges | Mint (livemint.com)
Space Force chief says commercial satellites may need defending | Ars Technica
UK Cyber Security Council CEO reflects on a year of progress | CSO Online
Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)
Cyber Hygiene: A First Line of Against Evolving Cyber Attacks (darkreading.com)
Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)
KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)
US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 June 2023
Black Arrow Cyber Threat Briefing 02 June 2023:
-How to Keep Cyber Attacks from Tanking Your Balance Sheet
-Company Size Doesn’t Matter When It Comes to Cyber Attacks
-‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief
-How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs
-Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection
-Don't be Polite When you Get a Text from a Wrong Number
-Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches
-Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
-Organisations Spend 100 Hours Battling Post-Delivery Email Threats
-Ransomware Gangs Adopting Business-like Practices to Boost Profits
-The Sobering Truth About Ransomware—For The 80% Who Paid Up
-The Great CISO Resignation: Why Security Leaders are Quitting in Droves
-When is it Time for a Cyber Hygiene Audit?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How to Keep Cyber Attacks from Tanking Your Balance Sheet
According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.
The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.
When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.
https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet
Company Size Doesn’t Matter When It Comes to Cyber Attacks
65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).
Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.
https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/
‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief
The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.
Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.” Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.
How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs
Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.
Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.
Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.
https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/
Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection
According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.
In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.
https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/
Don't be Polite When you Get a Text from a Wrong Number
You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.
Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches
90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.
The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.
https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.
This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.
https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season
Organisations Spend 100 Hours Battling Post-Delivery Email Threats
Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.
While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.
Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.
https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/
Ransomware Gangs Adopting Business-like Practices to Boost Profits
Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.
The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.
https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/
The Sobering Truth about Ransomware—for the 80% Who Paid Up
Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.
Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.
Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.
The Great CISO Resignation: Why Security Leaders are Quitting in Droves
With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.
This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?
When is it Time for a Cyber Hygiene Audit?
Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.
Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.
An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.
https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html
Governance, Risk and Compliance
Company size doesn't matter when it comes to cyber attacks - Help Net Security
How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)
The great CISO resignation: Why security leaders are quitting in droves - SDxCentral
‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)
HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)
The strategic importance of digital trust for modern businesses - Help Net Security
Vendors: Threat actor taxonomies are confusing but essential | TechTarget
Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)
Breaking Enterprise Silos and Improving Protection – Security Week
Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)
Insider risk management: Where your program resides shapes its focus | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Attackers leave organisations with no recovery option - Help Net Security
The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)
Rogue IT security worker failed to cover his tracks | Tripwire
Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week
The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)
Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment
AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)
BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)
Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)
Fighting ransomware: Perspectives from cyber security professionals - Help Net Security
Ransomware Victims
New York county still dealing with ransomware 8 months later • The Register
ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)
SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)
Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week
MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)
Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability
Phishing & Email Based Attacks
Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security
Organisations spend 100 hours battling post-delivery email threats - Help Net Security
Phishing remained the top identity abuser in 2022: IDSA report | CSO Online
New phishing technique poses as a browser-based file archiver | CSO Online
Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)
North Korean phishing gang stole rocket tech info • The Register
Artificial Intelligence
AI: War crimes evidence erased by social media platforms - BBC News
Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)
ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)
What not to share with ChatGPT if you use it for work | Mashable
Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends
Generative AI: The new attack vector for trust and safety - Help Net Security
2FA/MFA
Malware
QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)
Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)
Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)
RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)
Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)
Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)
Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)
PyPI malware ramps up the threat to the code repository • The Register
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)
Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security
North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)
Mobile
Don't be polite when you get a text from a wrong number | kens5.com
Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)
Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)
Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)
Botnets
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)
Denial of Service/DoS/DDOS
SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
Internet of Things – IoT
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)
Solar panels vulnerable to hackers, concern for network security - DutchNews.nl
Data Breaches/Leaks
Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)
Dutch watchdog looking into alleged Tesla data breach | Reuters
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
The root causes of API incidents and data breaches - Help Net Security
Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)
Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)
Hacking forum hacked, user database leaked online • Graham Cluley
Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget
New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)
Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs
Organised Crime & Criminal Actors
US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop
What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online
New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)
Hacking forum hacked, user database leaked online • Graham Cluley
Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity
3 signs your kids may be hackers and what to do about it | Euronews
“I was a teenage hacker”: Two child hackers share their stories | Euronews
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)
Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)
Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)
Insider Risk and Insider Threats
Rogue IT security worker failed to cover his tracks | Tripwire
Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)
Insider risk management: Where your program resides shapes its focus | CSO Online
Fraud, Scams & Financial Crime
Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity
HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf
Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
One of Microsoft Azure's top tools has a serious security flaw | TechRadar
Top public cloud security concerns for the media and entertainment industry - Help Net Security
Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack
Why organisations should adopt a cloud cyber security framework - Help Net Security
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)
Swiss real estate agency Neho fails to put a password on its systems - Security Affairs
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)
Social Media
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
Twitter pulls out of voluntary EU disinformation code - BBC News
AI: War crimes evidence erased by social media platforms - BBC News
Malvertising
Training, Education and Awareness
Travel
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)
US court finds that border phone searches need a warrant • The Register
Parental Controls and Child Safety
3 signs your kids may be hackers and what to do about it | Euronews
“I was a teenage hacker”: Two child hackers share their stories | Euronews
Regulations, Fines and Legislation
OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)
Netflix warns it may remove content from UK catalogue over government media bill | The Independent
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)
Managing mental health in cyber security - Help Net Security
ISACA pledges to help grow cyber security workforce in Europe | CSO Online
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine war blurs lines between cyber crims and state hacks • The Register
Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
How giant pieces of spyware are shaping our views and our world | Evening Standard
Predator may have more spyware capabilities than we know • The Register
Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)
Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian
AI: War crimes evidence erased by social media platforms - BBC News
Nation State Actors
China hacking Guam: Can the US stop foreign cyber attacks? | The Week
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)
Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)
Investigation Launched After London City Airport Website Hacked (simpleflying.com)
Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times
North Korea says spy satellite launch crashed into sea - BBC News
Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)
The next Chinese tech threat is already here | The Spectator
North Korean phishing gang stole rocket tech info • The Register
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)
North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)
Vulnerability Management
Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)
Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)
Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)
Vulnerabilities
New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)
Zero-day vulnerability in MoveIt Transfer under attack | TechTarget
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)
WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)
Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
Barracuda Email Security Gateway under active attack • The Register
MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)
FTC accuses Amazon of nightmare IoT security fails • The Register
Critical Vulnerabilities Found in Faronics Education Software – Security Week
Tools and Controls
HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)
The strategic importance of digital trust for modern businesses - Help Net Security
Vendors: Threat actor taxonomies are confusing but essential | TechTarget
Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)
Digital nomads drive changes in identity verification - Help Net Security
Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)
The Top 10 endpoint security challenges and how to overcome them | VentureBeat
Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf
Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack
Disaster recovery challenges enterprise CISOs face - Help Net Security
Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)
Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 May 2023
Black Arrow Cyber Threat Briefing 26 May 2023:
-50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy
-Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
-SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
-IT Employee Piggybacked on Cyber Attack for Personal Gain
-Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
-Microsoft Reports Jump in Business Email Compromise (BEC) Activity
-Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
-Advanced Phishing Attacks Surge 356% in 2022
-Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
-Almost All Ransomware Attacks Target Backups, Says Veeam
-NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
-Half of all Companies were Impacted by Spearphishing in 2022
-Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy
Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).
Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.
https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/
Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.
The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.
Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.
https://www.itweb.co.za/content/mYZRX79g8gRqOgA8
SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.
Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.
SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.
IT Employee Piggybacked on Cyber Attack for Personal Gain
A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.
The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.
“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.
While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.
https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/
Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.
Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.
Microsoft Reports Jump in Business Email Compromise (BEC) Activity
Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.
Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.
Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.
Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.
Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.
Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.
Advanced Phishing Attacks Surge 356% in 2022
A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.
The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.
Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.
https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.
To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.
Almost All Ransomware Attacks Target Backups
Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.
According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.
Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.
With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.
NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.
The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.
https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/
Half of All Companies were Impacted by Spearphishing in 2022
Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.
The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.
The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.
https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.
There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.
https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool
Governance, Risk and Compliance
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)
Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times
Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)
5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)
Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek
The biggest threats are always those we fail to predict - Big Think
How continuous security monitoring is changing the compliance game - Help Net Security
Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)
Threats
Ransomware, Extortion and Destructive Attacks
3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)
12 vulnerabilities newly associated with ransomware - Help Net Security
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)
FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)
Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims
Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget
The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)
US saw 45% fewer ransomware victims posted on the dark web | Security Magazine
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)
Ransomware Victims
Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek
Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)
Iowa hospital discloses breach following Royal ransomware leak | TechTarget
Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)
Dish Network says February ransomware attack impacted +300K - Security Affairs
Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register
Dorchester school IT system held to ransom in cyber attack - BBC News
BlackByte lists city of Augusta after cyber 'incident' • The Register
Phishing & Email Based Attacks
Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)
Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)
Threat actors exploit new channels for advanced phishing attacks - Help Net Security
Malicious links and misaddressed emails slip past security controls - Help Net Security
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
BEC – Business Email Compromise
Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog
Microsoft reports jump in business email compromise activity | CSO Online
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Employees are banned from using ChatGPT at these companies | Fortune
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
6 ChatGPT risks for legal and compliance leaders - Help Net Security
5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)
Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
The Security Hole at the Heart of ChatGPT and Bing | WIRED UK
2FA/MFA
Malware
New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)
Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Threat actors leverage kernel drivers in new attacks | TechTarget
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
Malicious links and misaddressed emails slip past security controls - Help Net Security
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)
Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Botnets
How smart bots are infecting and exploiting the internet - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Denial of Service/DoS/DDOS
Internet of Things – IoT
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
Data Breaches/Leaks
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)
Hackers steal the SSN of nearly 6 million people (pandasecurity.com)
Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek
Organised Crime & Criminal Actors
IT employee piggybacked on cyber attack for personal gain - Help Net Security
Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Cyber criminals masquerading as MFA vendors - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
Insider Risk and Insider Threats
How to prevent against the 5 main types of insider threats - IT Security Guru
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)
Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert
Online scams target bargain-hunting holiday travelers - Help Net Security
Ads for lucrative jobs in Asia may be tech slavery scams • The Register
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Supply Chain and Third Parties
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
UK councils caught in Capita unsecured AWS bucket data leak • The Register
New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC
Software Supply Chain
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)
Cloud/SaaS
UK councils caught in Capita unsecured AWS bucket data leak • The Register
CISO-level tips for securing corporate data in the cloud - Help Net Security
Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)
Attack Surface Management
Identity and Access Management
7 access management challenges during M&A - Help Net Security
Think security first when switching from traditional Active Directory to Azure AD | CSO Online
Encryption
API
API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)
The fragmented nature of API security ownership - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Inactive accounts pose significant account takeover security risks | CSO Online
What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)
Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)
Biometrics
Social Media
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)
Training, Education and Awareness
Travel
Online scams target bargain-hunting holiday travelers - Help Net Security
Four ways your devices can be hacked in hotels and how to stay safe | This is Money
Tips to Protect Against Holiday and Airline Scams - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
Models, Frameworks and Standards
NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)
New security model launched to eliminate 95% of cyber breaches - IT Security Guru
Backup and Recovery
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Privacy, Surveillance and Mass Monitoring
UK police to 'embed' facial recog but oversight is at risk • The Register
Abuse of government spying powers: What's to worry about? • The Register
Reflections on Ten Years Past The Snowden Revelations (ietf.org)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Nation State Actors
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Five Eyes and Microsoft accuse China US infrastructure raids • The Register
Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security
Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)
'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)
Vulnerability Management
12 vulnerabilities newly associated with ransomware - Help Net Security
Fresh perspectives needed to manage growing vulnerabilities - Help Net Security
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
How to check for new exploits in real time? VulnCheck has an answer | CSO Online
Vulnerabilities
12 vulnerabilities newly associated with ransomware - Help Net Security
Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)
Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)
Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)
Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)
GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)
83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)
CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security
Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Tools and Controls
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
Malicious links and misaddressed emails slip past security controls - Help Net Security
Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
How continuous security monitoring is changing the compliance game - Help Net Security
Blacklist untrustworthy apps that peek behind your firewall - Help Net Security
How generative AI is reshaping the identity verification landscape - Help Net Security
The fragmented nature of API security ownership - Help Net Security
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)
Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek
CISO-level tips for securing corporate data in the cloud - Help Net Security
6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Attributes of a mature cyber-threat intelligence program | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 May 2022
Black Arrow Cyber Threat Briefing 20 May 2022
-Fifth of Businesses Say Cyber Attack Nearly Broke Them
-Weak Security Controls and Practices Routinely Exploited for Initial Access
-How Do Ransomware Attacks Impact Victim Organisations’ Stock?
-Prioritise Patching Vulnerabilities Associated with Ransomware
-Researchers Warn of Advanced Persistent Threats/Nation State Actors (APTs), Data Leaks as Serious Threats Against UK Financial Sector
-Remote Work Hazards: Attackers Exploit Weak WiFi, Endpoints, and the Cloud
-Small Businesses Under Fire from Password Stealers
-Email Is the Riskiest Channel for Data Security
-Phishing Attacks for Initial Access Surged 54% in Q1
-State of Internet Crime in Q1 2022: Bot Traffic on The Rise, And More
-Fears Grow for Smaller Nations After Ransomware Attack on Costa Rica Escalates
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Fifth of Businesses Say Cyber Attack Nearly Broke Them
A fifth of US and European businesses have warned that a serious cyber attack nearly rendered them insolvent, with most (87%) viewing compromise as a bigger threat than an economic downturn, according to Hiscox.
The insurer polled over 5000 businesses in the US, UK, Ireland, France, Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox Cyber Readiness Report.
It revealed the potentially catastrophic financial damage that a serious cyber-attack can wreak. The number claiming to have nearly been brought down by a breach increased 24% compared to the previous year.
Nearly half (48%) of respondents said they suffered an attack over the past 12 months, a 12% increase from the previous report’s findings. Perhaps unsurprisingly, businesses in seven out of eight countries see cyber as their biggest threat.
Yet perception appears to vary greatly depending on whether an organisation has suffered a serious compromise or not. While over half (55%) of total respondents said they view cyber as a high-risk area, the figure among companies that have not yet suffered an attack is just 36%.
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/
Weak Security Controls and Practices Routinely Exploited for Initial Access
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. A joint Cybersecurity Advisory by the cyber security authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom identifies commonly exploited controls and practices and includes best practices to mitigate the issues.
Malicious cyber actors often exploit the following common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.
Multifactor authentication (MFA) is not enforced
Incorrectly applied privileges or permissions and errors within access control lists
Software is not up to date
Use of vendor-supplied default configurations or default login usernames and passwords
Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorised access
Strong password policies are not implemented
Cloud services are unprotected
Open ports and misconfigured services are exposed to the internet
Failure to detect or block phishing attempts
Poor endpoint detection and response.
https://www.cisa.gov/uscert/ncas/alerts/aa22-137a
How Do Ransomware Attacks Impact Victim Organisations’ Stock?
Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organisations to pay the ransom demand under the assumption it will return business operations to normal - ultimately encouraging more attacks - and we have a big problem with no easy remedies.
Back in 2021, Cybereason published a report titled Ransomware Attacks and the True Cost to Business that revealed the various costs that organisations face after falling victim to a ransomware attack. Here are some of the most significant findings that stood out:
Two-thirds of ransomware victims said that they endured a significant loss of revenue following the attack
More than half (53%) of organisations suffered damage to their brand and reputation after a ransomware infection
A third of those who fell to ransomware lost C-level talent in the attack’s aftermath
Three in 10 organisations had no choice but to lay off employees due to the financial pressures resulting from a ransomware incident
A quarter of ransomware victims said that they needed to suspend operations.
Prioritise Patching Vulnerabilities Associated with Ransomware
In the last quarter, ransomware attacks have made mainstream headlines on a near-daily basis, with groups like Lapsus$ and Conti’s names splashed across the page. Major organisations like Okta, Globant and Kitchenware maker Meyer Corporation have all fallen victim, and they are very much not alone. The data indicates that increasing vulnerabilities, new advanced persistent threat (APT) groups and new ransomware families are contributing to ransomware’s continued prevalence and profitability.
The top stats include:
22 new vulnerabilities and nine new weaknesses have been associated with ransomware since January 2022; of the 22, a whopping 21 are considered of critical or high risk severity
19 (out of 22) of the newly-added vulnerabilities are associated with the Conti ransomware gang
Three new APT groups (Exotic Lily, APT 35, DEV-0401) and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) are deploying ransomware to attack their targets
141 of CISA’s Known Exploited Vulnerabilities (KEVs) are being used by ransomware operators – including 18 newly identified this quarter
11 vulnerabilities tied to ransomware remain undetected by popular scanners
624 unique vulnerabilities were found within the 846 healthcare products analysed.
https://www.helpnetsecurity.com/2022/05/19/increase-ransomware-vulnerabilities/
Researchers Warn of Advanced Persistent Threats (APTs), Data Leaks as Serious Threats Against UK Financial Sector
Researchers say that geopolitical tension, ransomware, and cyber attacks using stolen credentials threaten the UK's financial sector.
KELA's security team published a report examining the cyber security issues and attacks that surfaced in 2021 and early 2022, specifically focused on the United Kingdom's banks and other financial services.
The UK was one of the first countries to stand with Ukraine after the invasion by Russia. This could make UK organisations a tempting target for threat actors siding with Russia - whether by state-sponsored advanced persistent threat (APT) groups or hacktivists. The National Cyber Security Centre (NCSC) previously warned businesses to shore up their cyber security following Russia's assault.
APTs are often responsible for attacking the financial sector: account credentials, card numbers, and the personally identifiable information (PII) of customers are useful not only in social engineering and identity theft but also to make fraudulent purchases or for card cloning.
APTs target organisations worldwide, and those located in the UK are no exception. Over the past few years, APTs, including the Chinese APT40 and APT31, have utilised vulnerabilities, including ProxyLogon, to compromise UK businesses.
"In general, APTs may target the financial sector to commit fraud, burglarise ATMs, execute transactions, and penetrate organisations' internal financial systems," KELA says. "Although specific threats to the UK financial sector have not been identified, there is no doubt that the UK has occasionally been a target of APT groups during 2021."
Exposed corporate information and leaked credentials are also of note. After browsing Dark Web forums, the researchers found that UK data is "in demand" by cyber criminals who are seeking PII, access credentials, and internal data.
Remote Work Hazards: Attackers Exploit Weak WiFi, Endpoints, and the Cloud
Infoblox unveils a global report examining the state of security concerns, costs, and remedies. As the pandemic and uneven shutdowns stretch into a third year, organisations are accelerating digital transformation projects to support remote work. Meanwhile, attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams.
1,100 respondents in IT and cyber security roles in 11 countries – United States, Mexico, Brazil, United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, Australia, and Singapore – participated in the survey.
The surge in remote work has changed the corporate landscape significantly – and permanently. 52% of respondents accelerated digital transformation projects, 42% increased customer portal support for remote engagement, 30% moved apps to third party cloud providers, and 26% shuttered physical offices for good. These changes led to the additions of VPNs and firewalls, a mix of corporate and employee owned devices as well as cloud and on-premises DDI servers to manage data traffic across the expanded network.
The hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks through remote access tools and cloud services. Respondents indicate concerns about their abilities to counter increasingly sophisticated cyber attacks with limited control over employees, work-from-home technologies, and vulnerable supply chain partners. The sophistication of state-sponsored malware also is a source of worry for many.
Organisations have good reason to worry: 53% of respondents experienced up to five security incidents that led to at least one breach.
https://www.helpnetsecurity.com/2022/05/17/state-of-security/
Small Businesses Under Fire from Password Stealers
Password-stealing malware and other cyber attacks have increased significantly against small businesses over the past year, according to Kaspersky researchers.
An assessment released this week detailed the number of Trojan Password Stealing Ware (PSW) detections, internet attacks and attacks on Remote Desktop Protocol (RDP) between January and April 2022, compared with the same time frame from 2021. Kaspersky's research showed a jump in the detection of password stealers within small business environments, as well as increases in other types of cyber attacks.
According to Kaspersky, the biggest increase in threats against small businesses was password stealers, specifically Trojan PSWs. There were nearly 1 million more detected Trojan PSWs targeting small and medium-sized businesses in the first trimester of 2022 than the first of 2021, increasing from 3,029,903 to 4,003,323.
Email Is the Riskiest Channel for Data Security
Research from Tessian and the Ponemon Institute reveals that nearly 60% of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Email was revealed as the riskiest channel for data loss in organisations, as stated by 65% of IT security practitioners. This was closely followed by cloud file-sharing services (62%) and instant messaging platforms (57%).
The research surveyed 614 IT security practitioners across the globe to also reveal that:
Employee negligence, because of not following policies, is the leading cause of data loss incidents (40%)
27% of data loss incidents are caused by malicious insiders
It takes up to three days for security and risk management teams to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email
23% of organisations experience up to 30 security incidents involving employees’ use of email every month (for example, email was sent to an unintended recipient).
The most common types of confidential and sensitive information lost or intentionally stolen include: customer information (61%); intellectual property (56%); and consumer information (47%). User-created data (sensitive email content, text files, M&A documents), regulated data (credit card data, Social Security numbers, national ID numbers, employee data), and intellectual property were identified as the three types of data that are most difficult to protect from data loss.
The top two consequences for data loss incidents were revealed as non-compliance with data protection regulations (57%) and damage to an organisation’s reputation (52%). Furthermore, a previous study from Tessian found that 29% of businesses lost a client or customer because of an employee sending an email to the wrong person.
https://www.helpnetsecurity.com/2022/05/20/data-loss-email/
Phishing Attacks for Initial Access Surged 54% in Q1
Threat actors doubled down on their use of phishing emails as an initial attack vector during the first quarter of 2022 — and in many cases then used that access to drop ransomware or to extort organisations in other ways.
Researchers from Kroll recently analysed data gathered from security incidents they responded to in the first three months of this year. The analysis showed a 54% increase in incidents of phishing for initial access compared with the same period last year.
For the first time since Microsoft disclosed the so-called ProxyLogon set of vulnerabilities in Exchange Server in the first quarter of 2021, incidents tied to email compromises surpassed those related to ransomware. Kroll described the sharp increase in phishing activity as likely the result of a surge in activity tied to Emotet and IceID malware — threat actors have been using both to drop other malware.
https://www.darkreading.com/risk/phishing-attacks-for-initial-access-surged-q1
Fears Grow for Smaller Nations After Ransomware Attack on Costa Rica Escalates
Conti demanded $20M in ransom — and the overthrow of the government.
It’s been a rough start for the newly elected Costa Rica president Rodrigo Chaves, who less than a week into office declared his country “at war” with the Conti ransomware gang.
“We’re at war and this is not an exaggeration,” Chaves told local media. “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.”
Conti’s assault on the Costa Rican government began in April. The country’s Finance Ministry was the first hit by the Russia-linked hacking group, and in a statement on May 16, Chaves said the number of institutions impacted had since grown to 27. This, he admitted, means civil servants wouldn’t be paid on time and will impact the country’s foreign trade.
In a message posted to its dark web leaks blog, Conti urged the citizens of Costa Rica to pressure their government to pay the ransom, which the group doubled from an initial $10 million to $20 million. In a separate statement, the group warned: “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power.”
Conti is among the most prolific hacking groups. The FBI warned earlier this year that the gang was among “the three top variants” that targeted businesses in the United States, and it has been blamed for ransomware attacks targeting dozens of businesses, including Fat Face, Shutterfly and the Irish healthcare service.
But Conti has picked up its pace in recent months: In January and February it published 31 victims on its leaks blog. In March and April, it posted 133 victims.
https://techcrunch.com/2022/05/20/costa-rica-ransomware-attack/
Threats
Ransomware
Ransomware Gangs Rely More on Weaponizing Vulnerabilities (bleepingcomputer.com)
Ransomware Gang Extorted 725 BTC in One Attack, On-Chain Sleuths Find (coindesk.com)
5 Critical Questions to Test Your Ransomware Preparedness - Help Net Security
“Alarming” Surge in Conti Group Activity This Year - Infosecurity Magazine
Why AI-Powered Ransomware Cyber Attacks Could Be Coming Soon - Protocol
Nikkei Says Customer Data Likely Impacted in Ransomware Attack | SecurityWeek.Com
Wizard Spider Hackers Hire Cold Callers to Scare Ransomware Victims Into Paying Up | ZDNet
Greenland Hit by Cyber Attack, Finds Its Health Service Crippled (bitdefender.com)
Conti Ransomware Shuts Down Operation, Rebrands into Smaller Units (bleepingcomputer.com)
No One Is Slowing Down BlackByte Ransomware Gang • The Register
President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News
Engineering Firm Parker Discloses Data Breach After Ransomware Attack (bleepingcomputer.com)
US links Thanos and Jigsaw ransomware to 55-year-old doctor (bleepingcomputer.com)
Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government (thehackernews.com)
Phishing & Email Based Attacks
This Phishing Attack Delivers Three Forms of Malware. And They All Want to Steal Your Data | ZDNet
HTML Attachments Remain Popular Among Phishing Actors In 2022 (bleepingcomputer.com)
Chatbot Army Deployed in Latest DHL Shipping Phish (darkreading.com)
Phishing Gang That Stole Over 400,000 Euros Busted in Spain (tripwire.com)
Long Lost @ Symbol Gets New Life Obscuring Malicious URLs | Malwarebytes Labs
Spanish Police Dismantle Phishing Gang That Emptied Bank Accounts (bleepingcomputer.com)
Malware
Microsoft Identifies Botnet Variant Targeting Windows and Linux Systems - Infosecurity Magazine
Activity of the Linux XorDdos bot increased by 254% over the last 6 monthsSecurity Affairs
Fake Domains Offer Windows 11 Installers - But Deliver Malware Instead | ZDNet
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware (trendmicro.com)
Malicious PyPI Pymafka Package Opens Backdoors On Windows, Linux, and Macs (bleepingcomputer.com)
April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell | Threatpost
Mobile
6 Scary Tactics Used in Mobile App Attacks (darkreading.com)
Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF (thehackernews.com)
Google TAG: Cytrox's Predator Spyware Used to Target Android Users | WIRED
IoT
Data Breaches/Leaks
Organised Crime & Criminal Actors
Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers (thehackernews.com)
US Recovers a Record $15m from the 3ve Ad-Fraud Crew • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
How Cryptocurrencies Enable Attackers and Defenders (techtarget.com)
Monero-Mining Sysrv Botnet Targets Windows, Linux Web Servers • The Register
US Brings First-Of-Its-Kind Bitcoin Sanctions-Busting Case • The Register
Fake Pixelmon NFT Site Infects You with Password-Stealing Malware (bleepingcomputer.com)
Hackers Compromise a String of NFT Discord Channels (vice.com)
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
MITRE Creates Framework for Supply Chain Security (darkreading.com)
The Four Horsemen of Software Supply Chain Attacks - MSSP Alert
Cloud/SaaS
7 Key Findings from the 2022 SaaS Security Survey Report (thehackernews.com)
New Research Identifies Poor IAM Policies as The Greatest Cloud Vulnerability - CyberScoop
Are You Investing in Securing Your Data in the Cloud? (thehackernews.com)
380K Kubernetes API Servers Exposed to Public Internet | Threatpost
Open Source
Privacy
How To Ensure That the Smart Home Doesn’t Jeopardize Data Privacy? - Help Net Security
Privacy. Ad Bidders Haven't Heard of It, Report Reveals • The Register
Third-Party Web Trackers Log What You Type Before Submitting (bleepingcomputer.com)
Passwords & Credential Stuffing
The Most Insecure and Easily Hackable Passwords - Help Net Security
Half of IT Leaders Store Passwords in Shared Docs - Infosecurity Magazine
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Europe Moves Closer to Stricter Cyber Security Standards • The Register
EU's NIS 2 Directive to Strengthen Cyber Security Requirements For Companies - Help Net Security
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Google TAG: Cytrox's Predator Spyware Used to Target Android Users | WIRED
How Mobile Networks Have Become a Front in the Battle for Ukraine (darkreading.com)
China-linked Twisted Panda Caught Spying on Russian R&D Orgs • The Register
Pro-Russian Hackers Spread Hoaxes to Divide Ukraine, Allies | SecurityWeek.Com
A custom PowerShell RAT Targets Germany Using Crisis in Ukraine as Bait - Security Affairs
Nation State Actors
Nation State Actors – Russia
Putin Promises to Bolster Russia's IT Security in Face of Cyber Attacks | Reuters
Russian Hackers Declare War On 10 Countries After Failed Eurovision DDoS attack | IT PRO
Pro-Russian Information Operations Escalate in Ukraine War (darkreading.com)
Russian Undersea Cable Threat Shifts Tech Business to UK (telegraph.co.uk)
Russians Allegedly Storm Ukrainian ISP, Blackmail It to Switch To Russian Networks - CyberScoop
Russia-linked Sandworm Continues to Conduct Attacks Against Ukraine - Security Affairs
Russian Cyber Attack on Eurovision Foiled By Italian Authorities (bitdefender.com)
This Russian Botnet Does Far More Than DDoS Attacks - And on A Massive Scale | ZDNet
Nation State Actors – China
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerabilities
QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks (thehackernews.com)
Cisco Fixes an IOS XR Flaw Actively Exploited in The Wild - Security Affairs
2 Vulnerabilities With 9.8 Severity Ratings Are Under Exploit. A 3rd Looms | Ars Technica
Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication (darkreading.com)
Microsoft Fixes New PetitPotam Windows NTLM Relay Attack Vector (bleepingcomputer.com)
Apple Patches Zero-Day Kernel Hole and Much More – Update Now! – Naked Security (sophos.com)
High-Severity Bug Reported in Google's OAuth Client Library for Java (thehackernews.com)
Over 20,000 Zyxel Firewalls Still Exposed to Critical Bug - Infosecurity Magazine
Apple Fixes the Sixth Zero-Day Since The Beginning of 2022 - Security Affairs
Mozilla Patches Wednesday’s Pwn2Own Double-Exploit… on Friday! – Naked Security (sophos.com)
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover | Threatpost
Critical Jupiter WordPress Plugin Flaws Let Hackers Take Over Sites (bleepingcomputer.com)
Apple Finally Patches Exploited Vulnerabilities in macOS Big Sur, Catalina | SecurityWeek.Com
NVIDIA Fixes Ten Vulnerabilities in Windows GPU Display Drivers (bleepingcomputer.com)
New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper | SecurityWeek.Com
Sector Specific
Retail/eCommerce
How Crooks Backdoor Sites and Scrape Credit Card Info • The Register
Digital Skimming is Now the Preserve of Non-Magecart Groups - Infosecurity Magazine
Energy & Utilities
Water Companies Are Increasingly Uninsurable Due To Ransomware, Industry Execs Say - CyberScoop
UK Announces Nuclear Cyber Security Strategy - IT Security Guru
Education and Academia
Ransomware Attack Exposes Data of 500,000 Chicago Students (bleepingcomputer.com)
Higher Education Institutions Being Targeted for Ransomware Attacks | TechRepublic
“Incompetent” Council Leaks Details of Students With Special Educational Needs • Graham Cluley
Researchers Find Backdoor in School Management Plugin for WordPress (thehackernews.com)
Other News
UK Government: Lack of Skills the Number One Issue in Cyber Security - Infosecurity Magazine
Malicious Hackers Are Finding It Too Easy to Achieve Their Initial Access (tripwire.com)
How Threat Actors Are a Click Away From Becoming Quasi-APTs (darkreading.com)
Cyber Security: Global Food Supply Chain at Risk From Malicious Hackers - BBC News
Cyber Security Agencies Reveal Top Initial Access Attack Vectors (bleepingcomputer.com)
50% of Orgs Rely on Email to Manage Security (darkreading.com)
Black Arrow Cyber Threat Briefing 17 December 2021
Black Arrow Cyber Threat Briefing 17 December 2021:
-Employees Think They’re Safe From Cyber Threats On Company Devices
-Internet Is Scrambling To Fix Log4shell, The Worst Hack In History
-Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry
-60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
-Ransomware in 2022: We're All Screwed
-Attacks on UK Firms Increase Five-Fold During Pandemic
-The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals
-Why Cloud Storage Isn't Immune to Ransomware
-400 Banks’ Customers Targeted with Anubis Trojan
-Sites Hacked With Credit Card Stealers Undetected For Months
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Think They’re Safe From Cyber Threats On Company Devices
A research launched by Menlo Security reveals increased cyber security risks posed to employees and organisations during the 2021 holiday shopping season.
The research – which surveyed 2,000 employed people in the United States and the United Kingdom – found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.
There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents (56% US; 53% UK) reported performing non-work-related tasks – such as online shopping – on company devices.
Furthermore, the survey found that 65% of people in the US (63% UK) are doing more online holiday shopping in 2021 compared to previous years, and nearly half of respondents (48% US; 45% UK), reported shopping for gifts this holiday season on a work-issued device such as a laptop or mobile phone.
Workers are also noticing a rise in cyber threats this holiday season, with 58% of respondents in the US (48% UK) observing an increase in scams and fraudulent messages, exemplifying that threats are rampant worldwide. This is worrying many people, as the vast majority of respondents (80% US & UK) report being somewhat to very concerned about their personal data being stolen while online shopping.
However, despite workers’ recognition and concern of cyber threats, 60% of people (65% UK) still believe they’re secure from cyberthreats if they’re using a company device.
https://www.helpnetsecurity.com/2021/12/14/employees-cybersecurity-risks/
Internet Is Scrambling To Fix Log4shell, The Worst Hack In History
Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.
Malicious individuals are already exploiting the Log4Shell attack, which allows them to get into computer systems and servers without a password. Security experts have seen Log4Shell in action in Minecraft, the popular game that Microsoft owns. A few lines of text passed around in a chat might be enough to penetrate the defences of a target computer. The same ease of access would allow hackers to go after any computer out there using the Log4J open-sourced java-based logging utility.
https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/
Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry
Organisations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
The discovery of a critical flaw in the Apache Log4j software is nothing short of a Fukushima moment for the cybersecurity industry.
Ten years ago, an earthquake and subsequent tidal wave triggered the meltdown of the Fukushima nuclear power plant that continues to plague the region today. Similarly, the early exploitation of Log4j, during which attackers will go after the low-hanging fruit exposed by the vulnerability, will evolve over time to take the form of more complex attacks on more sensitive systems that have less exposure to the internet. And, just as Fukushima brought to light significant issues with longstanding processes in place at the plant, so too does the Log4j vulnerability, known as Log4Shell, highlight two crucial practices of concern:
· How organisations capture and protect their massive troves of log data; and
· The use of open-source code libraries as the building blocks for major enterprise applications.
The paradox of Log4j: the more you log, the worse it gets
We’re discovering new apps every minute which use Log4j in one way or another. It affects not only the code you build, but also the third-party systems you have in place. Everything from the new printer you’ve bought for the office to the ticketing system you’ve just deployed is potentially affected by this flaw. Some affected systems may be on premises, others may be hosted in the cloud but no matter where they are, the flaw is likely to have an impact.
https://www.theregister.com/2021/12/17/vmware_criticial_uem_flaw/
60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
There is a “dangerous” lack of awareness among UK workers towards cybersecurity, leaving businesses at risk of attacks, according to a new study by Armis. This is despite 60% of workers admitting they have fallen victim to a cyber-attack.
The nationwide survey of 2000 UK employees found that only around a quarter (27%) are aware of the associated cyber risks, while one in 10 (11%) don’t worry about them at all.
Even more worryingly, just one in five people said they paid for online security, putting businesses at high risk of attacks amid the shift to remote working during COVID-19.
The most prevalent types of attacks experienced by workers or their organisations were phishing (27%), data breaches (23%) and malware (20%).
The study also revealed growing concerns about the scale of the cyber-threats facing the UK. A large-scale cyber-attack was ranked as the fourth biggest future concern (21%) among the respondents, equal to the UK going to war. Two-fifths (40%) said they would like to see a minister for cyber security installed to ensure the issue is focused on more at a government level.
Russian-backed cyber-criminals were considered the biggest threat to the UK’s cybersecurity (20%) by the respondents, followed by financially motivated cyber-criminals (17%) and Chinese-backed cyber-criminals (16%).
https://www.infosecurity-magazine.com/news/uk-workers-victim-cyber-attack/
Ransomware in 2022: We're All Screwed
Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.
Kronos. Colonial Pipeline. JBS. Kaseya. These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.
According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and preferred access purchases include domain admin rights, as well as entry into Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services.
Over the past few years, we've seen ransomware operators evolve from disorganised splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains.
Ransomware infection is no longer an end goal of a cyberattack. Instead, malware families in this arena -- including WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker -- can be one component of attacks designed to elicit a blackmail payment from a victim organisation.
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Attacks on UK Firms Increase Five-Fold During Pandemic
Attacks on UK firms surged five-fold during the pandemic and now cost way more than the global average, according to Accenture.
The global consultancy polled 500 UK executives to compile its State of Cybersecurity Resilience 2021 study.
It found that large organisations experienced 885 attempted cyber-attacks in 2020 – up from 156 the previous year and more than triple the global average of 270.
They’re also more expensive than elsewhere. Accenture calculated that incidents and breaches cost over £1.3m a year – £350,000 more than the global average.
Over 80% of respondents said the cost of staying ahead of cyber-criminals is unsustainable, a fifth more than the previous year, and a quarter said they’ve been forced to increase cybersecurity budgets by 10% or more.
Worryingly, supply chain attacks accounted for 64% of breaches in the UK last year, up by a quarter (26%) from the previous year.
https://www.infosecurity-magazine.com/news/attacks-on-uk-firms-increase/
The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals
Researchers have just identified a security flaw in a software program called Log4J, widely used by a host of private, commercial and government entities to record details ranging from usernames and passwords to credit card transactions. Since the glitch was found last weekend, the cybersecurity community has been scrambling to protect applications, services, infrastructure and even Internet of Things devices from criminals—who are already taking advantage of the vulnerability.
“For cybercriminals this is Christmas come early, because the sky’s the limit,” says Theresa Payton, a former White House chief information officer and the CEO of Fortalice Solutions, a cybersecurity consulting company. “They’re really only limited by their imagination, their technical know-how and their own ability to exploit this flaw.” Payton spoke with Scientific American about what Log4J does, how criminals can use its newly discovered weakness, and what it will take to repair the problem.
Why Cloud Storage Isn't Immune to Ransomware
Ransomware is the flavour of the month for cybercriminals. The FBI reports that ransomware attacks rose 20% and losses almost tripled in 2020. And our increased use of the cloud may have played a part in that spike. A survey of CISOs conducted by IDC earlier this year found that 98% of their companies suffered at least one cloud data breach in the previous 18 months as opposed to 79% last year, and numbers got worse the more exposure they had to the cloud.
Organisations now use hundreds of cloud-based apps, which adds thousands of new identities logging in to their systems. This opens almost unlimited possibilities for hackers. Even if cloud vendors have their own identity and access management controls, vulnerabilities will emerge. In fact, recent research into cloud security found that over 70% of organisations had machines open to the public that were linked to identities whose permissions were vulnerable, under the right conditions, to being exploited to launch ransomware attacks.
A number of reasons could explain why security falls through the cracks of many cloud systems, and leaves them more vulnerable to ransomware attacks.
https://www.darkreading.com/attacks-breaches/why-cloud-storage-isn-t-immune-to-ransomware
400 Banks’ Customers Targeted with Anubis Trojan
Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A.
Researchers say this is just the beginning.
Once downloaded, the malware – a variant of banking trojan Anubis – steals the user’s personal data to rip them off, researchers at Lookout warned in a new report. And it’s not just customers of big banks at risk, the researchers added: Virtual payment platforms and crypto wallets are also being targeted.
“As a banking trojan malware, Anubis’ goal is to collect significant data about the victim from their mobile device for financial gain,” the Lookout report said. “This is done by intercepting SMSs, keylogging, file exfiltration, screen monitoring, GPS data collection and abuse of the device’s accessibility services.”
https://threatpost.com/400-banks-targeted-anubis-trojan/177038/
Sites Hacked With Credit Card Stealers Undetected For Months
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.
Magecart skimming is an attack that involves the injection of malicious JavaScript code on a target website, which runs when the visitor is at the checkout page.
The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.
Threat actors may then use this information for purchasing goods online or sold to other actors on underground forums and dark web marketplaces known as "carding" sites.
Threats
Ransomware
Why Ransomware Attacks Happen Out Of Hours Or During The Holidays • The Register
Conti Ransomware Gang Exploits Log4Shell Bug In Its Operations - Security Affairs
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware (thehackernews.com)
HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack | SecurityWeek.Com
Ransomware Affiliate Arrested In Romania - The Record By Recorded Future
Police Arrests Ransomware Affiliate Behind High-Profile Attacks (Bleepingcomputer.Com)
All Change at the Top as New Ransomware Groups Emerge - Infosecurity Magazine
Hive Ransomware Enters Big League With Hundreds Breached In Four Months (Bleepingcomputer.Com)
Ransomware Suspect Arrested Over Attacks On 'High-Profile' Organisations | Zdnet
BEC – Business Email Compromise
Phishing
How A Phishing Campaign Is Able To Exploit Microsoft Outlook - Techrepublic
Phishing Campaign Uses PowerPoint Macros To Drop Agent Tesla (Bleepingcomputer.Com)
New Microsoft Exchange Credential Stealing Malware Could Be Worse Than Phishing - TechRepublic
Other Social Engineering
Malware
Hackers Start Pushing Malware In Worldwide Log4shell Attacks (Bleepingcomputer.Com)
Hackers’ Log4Shell Malware Attacks Shuts Down Thousands of Government Websites | Tech Times
A Practical and Detailed Look at Cobalt Strike Threat Actors - MSSP Alert
New Fileless Malware Uses Windows Registry as Storage to Evade Detection (thehackernews.com)
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware | Threatpost
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (thehackernews.com)
Mobile
China: Man Lifts Sleeping Ex's Eyelids, Unlocks Phone, Steals $24k (insider.com)
Malicious Joker App Scores Half-Million Downloads on Google Play | Threatpost
Apple Patches 42 Security Flaws in Latest iOS Refresh | SecurityWeek.Com
IoT
Modern Cars: A Growing Bundle Of Security Vulnerabilities - Help Net Security
Are Your Home Security Cameras Vulnerable To Hacking? - cnet
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Log4j Attackers Switch To Injecting Monero Miners Via RMI (bleepingcomputer.com)
Hackers Are Using the Blockchain to Make Bulletproof Botnets (gizmodo.com)
Botnet Steals Half A Million Dollars In Cryptocurrency From Victims - Techrepublic
Hackers Steal $140 Million From Users of Crypto Gaming Company (vice.com)
Insider Risk and Insider Threats
Fraud & Financial Crime
“Sadistic” Online Extortionist Jailed for 32 Years - Infosecurity Magazine
Experts: Public Should Freeze Credit Post-Breach - Infosecurity Magazine
Nation State Actors
China, Iran Among Those Exploiting Apache Cyber Vulnerability, Researchers Say (Yahoo.Com)
Documents Link Huawei To Uyghur Surveillance Projects, Report Claims | Huawei | The Guardian
Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability | SecurityWeek.Com
Cloud
Privacy
Spyware and Espionage
Vulnerabilities
4 Ways To Properly Mitigate The Log4j Vulnerabilities (And 4 To Skip) | CSO Online
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges (thehackernews.com)
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability (thehackernews.com)
Patching Isn't Enough For December's Patch Tuesday | Computerworld
Windows 10 Patch Tuesday (Kb5008212) Is Out — Here's What's New And What's Broken - Neowin
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (thehackernews.com)
Adobe Addresses Over 60 Vulnerabilities In Multiple Products - Security Affairs
Hackers Launch More Than 1.2m Attacks Through Log4J Flaw | Financial Times (ft.com)
Google Pushes Emergency Chrome Update To Fix Zero-Day Used In Attacks (Bleepingcomputer.Com)
Over Log4j? VMware Has Another Critical Flaw For You To Fix - The Register
CISA Urges VMware Admins To Patch Critical Flaw In Workspace ONE UEM (bleepingcomputer.com)
Sector Specific
SMBs – Small and Medium Businesses
What the Log4Shell Bug Means for SMBs: Experts Weigh In | Threatpost
Security Priorities Are Geared Toward Ongoing Remote And Hybrid Work - Help Net Security
Transport and Aviation
Nation State Threat Group Targets Airline with Aclip Backdoor (securityintelligence.com)
Other News
Why Tech Companies Must Come Clean About The Latest Cyber Security Crisis | Fortune
“Worst-Case Scenario” Exploit Travels the Globe - Infosecurity Magazine
Log4j Hack Raises Serious Questions About Open-Source Software | Financial Times
Why Log4j Mitigation Is Fraught With Challenges (darkreading.com)
Security Flaws Found In A Popular Guest Wi-Fi System Used In Hundreds Of Hotels | TechCrunch
Experts: Log4j Bug Could Be Exploited for “Years” - Infosecurity Magazine
2022: Supply-Chain Chronic Pain & SaaS Security Meltdowns | Threatpost
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips (thehackernews.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.