Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 25 November 2022
Black Arrow Cyber Threat Briefing 25 November 2022:
-Hackers Hit One Third of Organisations Worldwide Multiple Times
-Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
-90% of Organisations have Microsoft 365 Security Gaps
-Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
-“Password” Continues to Be the Most Common Password in 2022
-Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
-European Parliament Declares Russia to be a State Sponsor of Terrorism – then Gets Attacked
-The Changing Nature of Nation-State Cyber Warfare
-Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers Hit One Third of Organisations Worldwide Multiple Times
Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.
The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.
Overall, respondents rated the following as the top cyber threats in 1H 2022:
Business Email Compromise (BEC)
Clickjacking
Fileless attacks
Ransomware
Login attacks (Credential Theft)
Here are some key findings from the study:
The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.
The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.
The number now expected to be compromised over the coming year has also increased from 76% to 85%.
From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0
By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.
You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.
Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.
Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.
According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.
The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.
These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.
Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.
Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.
The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.
In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.
Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.
https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/
90% of Organisations have Microsoft 365 Security Gaps
A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?
Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:
90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins
87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)
Only 17% of companies had strong password requirements that were being consistently followed.
Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.
In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:
The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.
17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.
Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.
https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.
The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.
“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.
“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.
As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.
The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.
https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.
In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.
A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.
Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.
"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.
Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.
A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.
Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.
https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html
“Password” Continues to Be the Most Common Password in 2022
You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.
But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.
As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.
“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.
“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”
Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.
“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.
The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).
Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.
It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.
At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.
https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked
On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.
As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.
In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.
Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.
The Changing Nature of Nation-State Cyber Warfare
Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.
The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.
Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.
The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.
https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/
Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.
Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.
Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.
With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.
But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.
Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.
Threats
Ransomware and Extortion
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Fake subscription invoices lead to corporate data theft and extortion - Help Net Security
Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)
New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)
Donut extortion group also targets victims with ransomware (bleepingcomputer.com)
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)
Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)
An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs
Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
Cybereason warns of fast-moving Black Basta campaign (techtarget.com)
Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)
Montreal-area city hit by ransomware: Report | IT World Canada News
Phishing & Email Based Attacks
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)
World Cup phishing emails spike in Middle Eastern countries • The Register
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
SocGholish finds success through novel email techniques | SC Media (scmagazine.com)
BEC – Business Email Compromise
Malware
Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online
A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot
Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs
All You Need to Know About Emotet in 2022 (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)
This new malware is able to bypass all of Microsoft's security warnings | TechRadar
Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)
Mobile
'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)
Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)
Your iPhone may be collecting more personal data than you think | Digital Trends
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WhatsApp data leak: 500 million user records for sale | Cybernews
Internet of Things – IoT
Data Breaches/Leaks
WhatsApp data leak: 500 million user records for sale - Security Affairs
California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com
Organised Crime & Criminal Actors
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)
DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News
Hackers are locking out Mars Stealer operators from their own servers | TechCrunch
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)
Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)
Fraud, Scams & Financial Crime
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Beware - Black Friday online shopping scams are here now | TechRadar
Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online
Pig butchering domains seized and slaughtered by the Feds • The Register
Insurance
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Hybrid/Remote Working
Identity and Access Management
Encryption
API
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Three security design principles for public REST APIs - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
Guess the most common password. Hint: We just told you • The Register
World Cup Players Among Most Breached Passwords - IT Security Guru
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)
Social Media
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)
Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)
Musk to abused Twitter users: Your tormentors will return • The Register
Facebook sued for collecting personal data to sell adverts | News | The Times
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop
Law Enforcement Action and Take Downs
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
iPhones are not as privacy-focused as Apple claims, researchers point out - India Today
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine shows how space is now central to warfare | Financial Times (ft.com)
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
EU Parliament Putin things back together after cyber attack • The Register
Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post
Scotland's broadband builder linked to Israeli spyware | HeraldScotland
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)
Nation State Actors
Nation State Actors – Russia
Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors – China
Vulnerability Management
Vulnerabilities
73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
AWS fixes 'confused deputy' vulnerability in AppSync • The Register
How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)
Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)
Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)
Security experts are laying Mastodon's flaws bare | TechRadar
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Reports Published in the Last Week
Other News
Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online
Security Culture Matters when IT is Decentralized (trendmicro.com)
Legacy IT system modernization largely driven by security concerns - Help Net Security
Been Doing It The Same Way For Years? Think Again. (thehackernews.com)
Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)
How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)
Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews
Deloitte reveals 10 strategic cyber security predictions for 2023 | VentureBeat
The Biden administration has racked up a host of cyber security accomplishments | CSO Online
US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 November 2022
Black Arrow Cyber Threat Briefing 11 November 2022:
-Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats
-Some 98% of Global Firms Suffer Supply Chain Breach in 2021
-Only 30% of Cyber Insurance Holders Say Ransomware is Covered
-Companies Hit by Ransomware Often Targeted Again, Research Says
-Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz
-How Geopolitical Turmoil Changed the Cyber Security Threat Landscape
-Swiss Re Wants Government Bail Out academias Cyber Crime Insurance Costs Spike
-Extortion Economics: Ransomware's New Business Model
-Confidence in Data Recovery Tools Low
-Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus
-Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
-Why a Clear Cyber Policy is Critical for Companies
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats
In research conducted in the summer of 2022 by BlackBerry, the findings describe the situation facing organisations regardless of size or vertical.
The survey of 405 senior IT, networking, and security decision-makers in the US, Canada, and the UK revealed 83% of organisations agreed building cyber security programs is expensive due to required tools, licenses, and personnel, and 80% agreed it’s challenging to fill specialised security roles. Most organisations (78%) have an incident management process, but about half (49%) agree they lack the teams and tools to be effective 24x7x365. Evolving security threats (53%) and the task of integrating new technology (53%) are cited as top challenges in maintaining security posture.
While it’s likely these findings surprise no one, they do reveal the challenges facing organisations who are caught between limited resources and increased risk. The urgency increases if we look at the critical infrastructure that keeps things running–like utilities, banks, transportation, key suppliers, industrial controls, and more.
Some 98% of Global Firms Suffer Supply Chain Breach in 2021
Just 2% of global organisations didn’t suffer a supply chain breach last year, with visibility into cyber risk getting harder as these ecosystems expand, according to BlueVoyant.
The security firm polled 2100 C-level execs with responsibility for supply chain and cyber risk management from companies with 1000+ employees to compile its study, The State of Supply Chain Defense: Annual Global Insights Report 2022.
It found the top challenges listed by respondents were:
Awareness internally that third-party suppliers are part of their cyber security posture
Meeting regulatory requirements and ensuring third-party cyber security compliance
Working with third-party suppliers to improve their posture.
Supply chains are growing: the number of firms with over 1000 suppliers increased from 38% in 2021’s report to 50%. Although 53% of organisations audited or reported on supplier security more than twice annually, 40% still rely on suppliers to ensure security levels are sufficient. That means they have no way of knowing if an issue arises with a supplier.
Worse, 42% admitted that if they do discover an issue in their supply chain and inform their supplier, they cannot verify that the issue was resolved. Just 3% monitor their supply chain daily, although the number of respondents using security ratings services to enhance visibility and reduce cyber risk increased from 36% last year to 39% in this year’s report.
With the escalating threat landscape and number of high-profile incidents being reported, firms should focus more strategically on addressing supply chain cyber security risk. In the current volatile economic climate, the last thing any business needs is any further disruption to their operations, any unexpected costs, or negative impact on their brand.
https://www.infosecurity-magazine.com/news/98-global-firms-supply-chain/
Only 30% of Cyber Insurance Holders Say Ransomware is Covered
Cyber insurance providers appear to be limiting policy coverage due to surging costs from claimants, according to a new study from Delinea.
The security vendor polled 300 US-based IT decision makers to compile its latest report, Cyber insurance: if you get it be ready to use it.
Although 93% were approved for specialised cyber insurance cover by their provider, just 30% said their policy covered “critical risks” including ransomware, ransom negotiations and payments. Around half (48%) said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines and third-party damages.
That may be because many organisations are regularly being breached and look to their providers for pay-outs, driving up costs for carriers. Some 80% of those surveyed said they’ve had to call on their insurance, and half of these have submitted claims multiple times, the study noted.
As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they’re allowed to sign up.
Half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA) and data backups.
However, high-level checks may not be enough to protect insurers from surging losses, as they can’t guarantee customers are properly deploying security controls.
Cyber insurance providers need to start advancing beyond simple checklists for security controls. They must require their customers to validate that their security controls work as designed and expected. They need their customers to simulate their adversaries to ensure that when they are attacked, the attack will not result in a breach. In fact, we're already starting to see government regulations and guidance that includes adversary simulation as part of their proactive response to threats.
https://www.infosecurity-magazine.com/news/cyberinsurance-ransomware-cover/
Companies Hit by Ransomware Often Targeted Again, Research Says
It has been reported that more than a third of companies who paid a ransom to cyber criminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report.
The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data.
The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data.
The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems while 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.
Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz
According to an Allianz Global Corporate & Specialty cyber report, ransomware remains a top cyber risk for organisations globally, while the threat of state-sponsored cyber attacks grows.
There were a record 623 million attacks in 2021, which was double that of 2020, says Allianz.
It also notes that despite the frequency reducing 23% globally during H1 of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period. Allianz suggests that ransomware is forecast to cause $30bn in damages to organisations globally by 2023.
It adds that from an Allianz perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.
The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.
Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.
Many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.
Allianz observes that geopolitical tensions, such as the war in Ukraine, are a major factor reshaping the cyber threat landscape as the risks of espionage, sabotage, and destructive cyber-attacks against companies with ties to Russia and Ukraine increase, as well as allies and those in neighbouring countries.
How Geopolitical Turmoil Changed the Cyber Security Threat Landscape
ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.
With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.
However, the geopolitical situations particularly the Russian invasion of Ukraine have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase of the number of threats, we also see a wider range of vectors emerge such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cyber security threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”
State sponsored, cyber crime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.
ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.
Ransomware: 60% of affected organisations may have paid ransom demands
Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
Threats against data: Increasing in proportionally to the total of data produced
Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Threats against availability:
Largest denial of service (DDoS) attack ever was launched in Europe in July 2022
Internet: destruction of infrastructure, outages and rerouting of internet traffic.
https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/
Swiss Re Wants Government Bail Out as Cyber Crime Insurance Costs Spike
As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap.
Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates. In a study published this week, the insurance giant forecasted 20 percent annual growth to 2025, with premiums rising to $23 billion over the next few years.
Meanwhile, annual cyber attack-related losses total about $945 billion globally, and about 90% of that risk remains uninsured, according to insurance researchers at the Geneva Association.
While Forrester estimates a typical data breach costs an average $2.4 million for investigation and recovery, only 55 percent of companies currently have cyber insurance policies. Additionally, less than 20 percent have coverage limits in excess of $600,000, which the analyst firm cites as the median ransomware demand in 2021.
https://www.theregister.com/2022/11/08/government_cyber_insurance/
Extortion Economics: Ransomware's New Business Model
Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialised roles in service of ill-gotten gains.
Did you know that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cyber criminals have become emboldened by the underground ransomware economy.
And yet many threat actors work within a relatively small and interconnected ecosystem of players. This pool of cyber criminals has created specialised roles and consolidated the cyber crime economy, fuelling ransomware-as-a-service (RaaS) to become the dominant business model. In doing so, they've enabled a wider range of criminals to deploy ransomware regardless of their technical expertise and forced all of us to become cyber security defenders in the process.
Ransomware takes advantage of existing security compromises to gain access to internal networks. In the same way businesses hire gig workers to cut costs, cyber criminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.
This flourishing RaaS economy allows cyber criminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. What we think of as ransomware gangs are actually RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and payloads.
RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs can have 50 or more "affiliates," as they refer to their users, with varying tools, tradecraft, and objectives. Anyone with a laptop and credit card who is willing to search the Dark Web for penetration-testing tools or out-of-the-box malware can join this maximum efficiency economy.
https://www.darkreading.com/microsoft/extortion-economics-ransomware-s-new-business-model
Confidence in Data Recovery Tools Low
A recent IDC and Druva survey asked 505 respondents across 10 industries about their ransomware experiences and found that many organisations struggle to recover after an attack. In the survey, 85% of the respondents said their organisations had a ransomware recovery plan. The challenge seems to lie in effectively executing that plan.
"A majority of organisations suffered significant consequences from ransomware attacks including long recoveries and unrecoverable data despite paying a ransom," states the "You Think Ransomware Is Your Only Problem? Think Again" report.
Data resiliency is such an important element of cyber security that 96% of respondents considered it a top priority for their organisations, with a full 77% placing it in the top 3. What's striking about the survey results is that only 14% of respondents said they were "extremely confident" in their tools, even though 92% called their data resiliency tools "efficient" or "highly efficient."
When data is spread across hybrid, cloud, and edge environments, data resiliency becomes much more complicated. A plan might seem to cover everything, but then you realise that you lost your backup or can't find the latest restore point.
The ability to recover from an attack is vital, since the growth in ransomware makes it likely that your organisation will get hit. This is why agencies like NIST recommend preparing for when an attacker pierces your defences rather than trying to keep out every intruder. That mindset also shifts the priority to preparation and planning; you need to create a disaster recovery plan that includes policy on restore points and recovery tools — and you need to practice implementing that plan before disaster strikes.
The report lists three key performance indicators that reveal the success of an organisation's recovery from a cyber attack:
The ability to fully recover encrypted or deleted data without paying a ransom.
Zero data loss in the process of recovering the data.
Rapid recovery as defined by applicable service-level requirements.
When a recovery fails to meet these criteria, then the organisation may suffer financial loss, loss of reputation, permanently lost customers, and reduced employee productivity.
https://www.darkreading.com/tech-trends/confidence-in-data-recovery-tools-low
Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus
Russia-based ransomware gangs are some of the most prolific and aggressive, in part thanks to an apparent safe harbour the Russian government extends to them. The Kremlin doesn't cooperate with international ransomware investigations and typically declines to prosecute cyber criminals operating in the country so long as they don't attack domestic targets. A long-standing question, though, is whether these financially motivated hackers ever receive directives from the Russian government and to what extent the gangs are connected to the Kremlin's offensive hacking. The answer is starting to become clearer.
New research presented at the Cyberwarcon security conference in Arlington, Virginia, this week looked at the frequency and targeting of ransomware attacks against organisations based in the United States, Canada, the United Kingdom, Germany, Italy, and France in the lead-up to these countries' national elections. The findings suggest a loose but visible alignment between Russian government priorities and activities and ransomware attacks leading up to elections in the six countries.
The project analysed a data set of over 4,000 ransomware attacks perpetrated against victims in 102 countries between May 2019 and May 2022. The analysis showed a statistically significant increase in ransomware attacks from Russia-based gangs against organisations in the six victim countries ahead of their national elections. These nations suffered the most total ransomware attacks per year in the data set, about three-quarters of all the attacks.
The data was used to compare the timing of attacks for groups believed to be based out of Russia and groups based everywhere else. They looked at the number of attacks on any given day, and what they found was an interesting relationship where for these Russia-based groups, there was an increase in the number of attacks starting four months before an election and moving three, two, one month in, up to the event.
The findings showed broadly that non-Russian ransomware gangs didn't have a statistically significant increase in attacks in the lead-up to elections. Whereas two months out from a national election, for example, the researchers found that organisations in the six top victim countries were at a 41 percent greater chance of having a ransomware attack from a Russia-based gang on a given day, compared to the baseline.
https://www.wired.com/story/russia-ransomware-gang-connections/
Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
Twelve percent of all employees take sensitive intellectual property (IP) with them when they leave an organisation.
The data comes from workforce cyber intelligence and security company Dtex, which published a report about top insider risk trends for 2022. “Customer data, employee data, health records, sales contacts, and the list goes on,” reads the document. “More and more applications are providing new features that make data exfiltration easier. For example, many now provide the ability to maintain clipboard history and sync across multiple devices.”
Case in point, the report also suggests a 55% increase in unsanctioned application usage, including those making data exfiltration easier by allowing users to maintain clipboard history and sync IP across multiple devices. “Bring Your Own Applications (BYOA) or Shadow IT can be a source of intelligence for business innovation,” Dtex wrote. “Still, they pose a major risk if the security team has not tested these tools thoroughly.”
Further, the new data highlight a 20% increase in resignation letter research and creation from employees taking advantage of the tight labour market to switch positions for higher wages.
“In most cases, an individual planning to leave the business is not pleased with the company’s product, co-workers, work environment, or compensation,” reads the report. “Disgruntled employees are usually jaded by a business that has not shown any steps to alleviate concerns, even after communication attempts.”
Finally, the Dtex report says the industry has witnessed a 200% increase in unsanctioned third-party work on corporate devices from a high prevalence of employees engaged in side gigs.
https://www.infosecurity-magazine.com/news/12-of-employees-take-ip-when/
Why a Clear Cyber Policy is Critical for Companies
In October, Joe Sullivan, Uber’s former head of security, was convicted of covering up a 2016 data breach at the ride hailing giant by hiding details from US regulators and then paying off the hackers.
It was a trial followed nervously by cyber security professionals around the world — coming eight years after an incident that had compromised the personal information of more than 57mn people.
“Any news about another company dealing with a data security incident can strike a bit of fear across industries,” notes Mary Pothos, chief privacy officer at digital travel company Booking.com. She adds that incidents like these cause “many companies to pause, rethink or revisit their internal processes to make sure that they are operating effectively”.
These incidents, and threats, are growing at lightning speed, too. War in Ukraine is now being played out as much in cyber space as on the battlefield. The Covid pandemic has forced businesses to rethink where their employees work, and handle or access data. At the same time, the sheer number of web-connected devices is multiplying.
“We need to be people who can predict what is coming along the line, predict the future, almost” said Victor Shadare, head of cyber security at media company Condé Nast, at a recent FT event on cyber security.
Palo Alto Networks, a specialist security company, found that cyber extortion grew rapidly in 2021. Some 35 new ransomware gangs emerged, the average ransom demand increasing 144 per cent that year to $2.2mn, and the average payment rose by 78 per cent to $541,010.
Meanwhile, cyber security personnel have found themselves hemmed in by increasingly onerous regulations. These include threats of legal action if the right people are not informed about breaches, or if products come to market that are not safe enough. On September 15, for example, the European Commission presented a proposal for a new Cyber Resilience Act to protect consumers from products with inadequate security features.
“New domains of security have sprung up over the past years, so it’s not just an information technology problem any more, it’s really a full company risk issue,” says Kevin Tierney, vice-president of global cyber security at automotive group General Motors. He warns that automated and connected vehicles have thrown up additional threats to be addressed.
“You have to start out with the right governance structure and the right policies and procedures — that’s step one of really getting the company to understand what it needs to do,” he says. These include clear rules on how to disable access to tech equipment, on data protection and storage, on transferring and disposing of data, on using corporate networks, and on reporting any data breaches.
Security experts also tend to agree that there need to be robust systems of governance and accountability, to prevent the sort of trouble that befell Sullivan at Uber. Perhaps most crucially, staff across the organisation, from C-suite to assistants, need to know how to spot and manage a threat.
https://www.ft.com/content/0bb6df09-7d77-4605-aac3-89443ed65a18
Threats
Ransomware and Extortion
Medibank: Hackers release abortion data after stealing Australian medical records - BBC News
Medical data hacked from 10m Australians begins to appear on dark web | World news | The Guardian
How ransomware gangs and malware campaigns are changing - Help Net Security
Thales confirms hackers have released its data on the dark web | Reuters
Most SMBs Fear Ransomware Attack Amid Heightened Geopolitical Tensions - MSSP Alert
Australia to consider banning paying of ransoms to cyber criminals | Reuters
LockBit gang claims to have stolen data from Kearney & Company - Security Affairs
Azov Ransomware is a wiper, destroying data 666 bytes at a time (bleepingcomputer.com)
Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million | SecurityWeek.Com
Canadian food retail giant Sobeys hit by Black Basta ransomware (bleepingcomputer.com)
LockBit affiliate uses Amadey Bot malware to deploy ransomware (bleepingcomputer.com)
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
US Health Dept warns of Venus ransomware targeting healthcare orgs (bleepingcomputer.com)
Ransomware attacks on hospitals take toll on patients (nbcnews.com)
Hackers post Hereford schoolchildren's data records on dark web | Hereford Times
CISA and Spain Partnership to Develop Tool to Help Countries Combat Ransomware - MSSP Alert
Phishing & Email Based Attacks
Phishing threats are increasingly convincing and evasive - Help Net Security
Robin Banks phishing-as-a-service platform continues to evolve - Security Affairs
Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)
Massive Phishing Campaigns Target India Banks’ Clients (trendmicro.com)
BEC – Business Email Compromise
Malware
Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)
Cloud9 Malware Offers a Paradise of Cyber attack Methods (darkreading.com)
More malware is being hidden in PNG images, so watch out | TechRadar
Attackers Using IPFS for Distributed, Bulletproof Malware Hosting | SecurityWeek.Com
Malicious extension lets attackers control Google Chrome remotely (bleepingcomputer.com)
New hacking group uses custom 'Symatic' Cobalt Strike loaders (bleepingcomputer.com)
New StrelaStealer malware steals your Outlook, Thunderbird accounts (bleepingcomputer.com)
Mobile
5 Common Smartphone Security Myths, Debunked (makeuseof.com)
Oh, look: More malware in the Google Play store • The Register
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan - Security Affairs
Malicious droppers on Google Play deliver banking malware to victims - Help Net Security
Samsung phones are being targeted by some seriously shady zero-days | TechRadar
New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)
Worok hackers hide new malware in PNGs using steganography (bleepingcomputer.com)
Internet of Things – IoT
Organised Crime & Criminal Actors
An initial access broker claims to have hacked Deutsche Bank - Security Affairs
Cyber crime costs to hit $10.5tn by 2025 hears Saudi forum - Arabian Business
Cyber crime Group OPERA1ER Stole $11M From 16 African Businesses (darkreading.com)
Instagram star gets 11 years for $300m BEC conspiracy • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX says it is probing ‘abnormal transactions’ after potential hack | Financial Times
Kraken's CSO Claims To Have Identified The $600 Million FTX Hacker (coingape.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Fifth Of 18 To 34-year-olds Have Fallen Victim To Financial Scams – Information Security Buzz
Ukrainian Cyber Cops Bust $200m Fraud Ring - Infosecurity Magazine (infosecurity-magazine.com)
Retail Sector Prepares for Annual Holiday Cyber crime Onslaught (darkreading.com)
US seized 18 web domains used for recruiting money mules (bleepingcomputer.com)
Insurance
Rising cost of cyber attacks sends insurance policy charges soaring | Financial Times (ft.com)
Just 25% of businesses are insured against cyber attacks. Here's why (theconversation.com)
Re-Focusing Cyber Insurance with Security Validation (thehackernews.com)
Swiss Re: Cyber-Insurance Industry Must Reform - Infosecurity Magazine (infosecurity-magazine.com)
Dark Web
DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs
Silk Road drugs market hacker pleads guilty, faces 20 years inside – Naked Security (sophos.com)
Supply Chain and Third Parties
Hybrid Working
Attack Surface Management
Identity and Access Management
API
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft Password Hacking Increase – Information Security Buzz
False sense of safety undermines good password hygiene - Help Net Security
Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen | ZDNET
Social Media
Twitter blue check unavailable after impostor accounts erupt on platform | Twitter | The Guardian
Twitter chief information security officer Lea Kissner departs | TechCrunch
Privacy, Surveillance and Mass Monitoring
World Cup apps pose a data security and privacy nightmare • The Register
Surveillance 'Existential' Danger of Tech: Signal Boss | SecurityWeek.Com
Regulations, Fines and Legislation
Careers, Working in Cyber and Information Security
Three million empty seats: What can we do about the cyber skills shortage? (computerweekly.com)
Cyber security, cloud and coding: Why these three skills will lead demand in 2023 | ZDNET
Cyber security leaders want to quit. Here's what is pushing them to leave | ZDNET
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Red Cross seeks digital equivalent of its emblems • The Register
Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless | WIRED
EU calls for joint cyber defence in response to Russia • The Register
Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft | SecurityWeek.Com
What Ukraine’s cyber defence tactics can teach other nations | Financial Times (ft.com)
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
APT29 abused Windows Credential Roaming in attacks - Security Affairs
Dutch MEP says illegal spyware ‘a grave threat to democracy’ | European Commission | The Guardian
Greece Is Banning Spyware After Predator Phone-Tapping Scandal (gizmodo.com)
British embassy security guard David Smith admits spying for Russia - BBC News
Nation State Actors
Nation State Actors – Russia
EU calls for joint cyber defence in response to Russia • The Register
Ukraine war: Russians kept in the dark by internet search - BBC News
Microsoft links Russia’s military to cyber attacks in Poland and Ukraine | Ars Technica
Putin ally Yevgeny Prigozhin admits interfering in US elections | Russia | The Guardian
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
Nation State Actors – China
Nation State Actors – Misc
Vulnerability Management
Why CVE Management as a Primary Strategy Doesn't Work (darkreading.com)
Why it's time to review your Microsoft patch management options | CSO Online
Risk-Based Vulnerability Management: Understanding the RBVM Trend (darkreading.com)
How can CISOs catch up with the security demands of their ever-growing networks? - Help Net Security
Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)
Types of vulnerability scanning and when to use each (techtarget.com)
Vulnerabilities
Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws (bleepingcomputer.com)
VMware fixes three critical auth bypass bugs in remote access tool (bleepingcomputer.com)
Citrix ADC and Citrix Gateway are affected by a critical auth bypass - Security Affairs
Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products | SecurityWeek.Com
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery | SecurityWeek.Com
Apple out-of-band patches fix RCE bugs in iOS and macOS - Security Affairs
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (bleepingcomputer.com)
SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 | SecurityWeek.Com
Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica
Foxit Patches Several Code Execution Vulnerabilities in PDF Reader | SecurityWeek.Com
LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover | SecurityWeek.Com
Reports Published in the Last Week
Other News
What Is Threat Hunting? A Definition for MSPs and Channel Partners - MSSP Alert
Cyber security: These are the new things to worry about in 2023 | ZDNET
What We Really Mean When We Talk About ‘Cyber security’ (darkreading.com)
Personal cyber security is now a company problem - Help Net Security
History of Computer Viruses & Malware | What Was Their Impact? (esecurityplanet.com)
5 Reasons to Consolidate Your Tech Stack (thehackernews.com)
Cookies for MFA Bypass Gain Traction Among Cyber attackers (darkreading.com)
Common lateral movement techniques and how to prevent them (techtarget.com)
Beyond the Pen Test: How to Protect Against Sophisticated Cyber criminals (darkreading.com)
5 ways to overcome multifactor authentication vulnerabilities (techtarget.com)
15,000 sites hacked for massive Google SEO poisoning campaign (bleepingcomputer.com)
Unencrypted Traffic Still Undermining Wi-Fi Security (darkreading.com)
Researchers Devise Wi-Peep Drone That Can 'See Through Walls' (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.