Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]

Governance, Risk and Compliance

• Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)

• Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• How threat intelligence data maximizes business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• More than half of organisations fall victim to cyber attacks (betanews.com)

• Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight | Business Wire

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Shareholders win when businesses do better at cyber | Computer Weekly

• Getting Security Remediation on the Boardroom Agenda (darkreading.com)

• New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)

• The cyber security skills shortage: A CISO perspective | CSO Online

• Cyber security essentials during M&A surge - Help Net Security

• Companies told cyber security has to be cross business concern (emergingrisks.co.uk)

• It's Time to Stop Measuring Security in Absolutes (darkreading.com)

• True Cost of a Cyber Security Breach for Your Business - Converge

• 35 cyber security statistics to lose sleep over in 2024 (techtarget.com)

• Changing role of CISO | Professional Security

• 3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)

• Cyber security plans should centre on resilience | MIT Sloan

• Debunking compliance myths in the digital era - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog

• 78% of organisations plan to increase ransomware protection | Security Magazine

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Building Resiliency in the Face of Ransomware  - Security Boulevard

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

• US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)

• Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay

• Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay

• Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay

Ransomware Victims

• Hackers threaten to publish huge cache of NHS Scotland data - BBC News

• Alleged sale of Communication Workers Union’s users data (marcoramilli.com)

• Scullion LAW becomes victim of cyber attack | Scottish Legal News

• Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)

• Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)

• Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru

• Western Isles council tax bills delayed due to cyber attack - BBC News

• Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)

Phishing & Email Based Attacks

• 'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

Artificial Intelligence

• Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Scammers exploit tax season anxiety with AI tools - Help Net Security

• Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)

• AI Regulation at a Crossroads - Security Boulevard

• Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru

• Beware of rogue chatbot hacking incidents (securityintelligence.com)

• The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)

• AI weaponisation becomes a hot topic on underground forums - Help Net Security

• AI bots hallucinate software packages and devs download them • The Register

• Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)

• Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)

2FA/MFA

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)

Malware

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• 39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek

• ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Hunter-killer malware: How to prevent it from undermining security controls | SC Media (scmagazine.com)

• Python devs are being targeted by this massive infostealing malware campaign | TechRadar

• TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)

• Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar

• New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

• DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

• AI bots hallucinate software packages and devs download them • The Register

Mobile

• In-app browsers still a privacy, security, and choice issue • The Register

• Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica

• Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)

Internet of Things – IoT

• Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Data Breaches/Leaks

• AT&T won’t say how its customers’ data spilled online | TechCrunch

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

Organised Crime & Criminal Actors

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

Insider Risk and Insider Threats

• The missing link: How criminals teamed up with bank employees to orchestrate cyber frauds. - The Economic Times (indiatimes.com)

Insurance

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Supply Chain and Third Parties

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (thehackernews.com)

• Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach (darkreading.com)

Cloud/SaaS

• Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

Identity and Access Management

• Tackling DORA Compliance With a Focus on PAM - IT Security Guru

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple With Identity Pain Points | Decipher (duo.com)

Encryption

• Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Apple users targeted by annoying 'Reset Password' attack | Mashable

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

• What is Managing Secrets? - Security Boulevard

Social Media

• If you watched certain YouTube videos, investigators demanded your data from Google | Mashable

Malvertising

• Study claims more than half of Americans use ad blockers • The Register

Training, Education and Awareness

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Regulations, Fines and Legislation

• Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)

• techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK

• AI Regulation at a Crossroads - Security Boulevard

• Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

Models, Frameworks and Standards

• Debunking compliance myths in the digital era - Help Net Security

Backup and Recovery

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

Careers, Working in Cyber and Information Security

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Almost half of IT teams are burnt out as a result of war rooms, as ‘blame game’ culture becomes the norm for most organisations | TechRadar

• The cyber security skills shortage: A CISO perspective | CSO Online

Law Enforcement Action and Take Downs

• UK Law Enforcers Arrest 400 in Major Fraud Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Security Threats In International Relations: Are We Prepared For A Digital Pearl Harbor? – OpEd – Eurasia Review

Nation State Actors

China

• China cyber attacks a reminder Beijing poses 'constant and sophisticated' threat to western cyber security | Science & Tech News | Sky News

• US and UK accuse China of cyber operations targeting domestic politics | CyberScoop

• UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)

• China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)

• New Zealand follows UK in accusing China of hacking its parliament | The Independent

• Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)

• China linked to UK cyber-attacks on voter data, Dowden to say - BBC News

• Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

• SNP MP claims Scottish universities 'overdependent' on Chinese money | The National

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)

• The Chinese government is phasing out Intel and AMD CPUs and Microsoft's Windows OS because they don't fit its new 'safe and reliable' guidelines | PC Gamer

• Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes

• China cyber-attacks explained: who is behind the hacking operation against the US and UK? | Hacking | The Guardian

• What to make of China’s massive cyber-espionage campaign (economist.com)

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• PM says UK approach to China 'more robust' than allies, as senior Chinese diplomat summoned | ITV News

• UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)

• Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)

• Chinese hackers target family members to surveil hard targets | CyberScoop

Russia

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

Iran

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

North Korea

• Asian cuisine used to launder money for North Korea • The Register

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

Vulnerability Management

• Spyware vendors behind 75% of zero-days targeting Google | TechTarget

• Zero Days Surged by Over 50% Annually, Says Google - Infosecurity Magazine (infosecurity-magazine.com)

• On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)

• NVD slowdown leaves thousands of vulns without analysis data • The Register

• Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?  - Security Boulevard

Vulnerabilities

• Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)

• SQL injection vulnerability in Fortinet software under attack | TechTarget

• GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)

• Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (thehackernews.com)

• MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET

• Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)

• Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena

• A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

• Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Double trouble for DNSSEC though the devil is in the details • The Register

• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns - Help Net Security

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

Tools and Controls

• How threat intelligence data maximises business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• 78% of organisations plan to increase ransomware protection | Security Magazine

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• 10 Essential Measures to Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple with Identity Pain Points | Decipher (duo.com)

• Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)

• Cyber security plans should center on resilience | MIT Sloan

• Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Reports Published in the Last Week

• ThreatLabz 2023 Phishing Report | ITPro

Other News

• Why the World Needs a New Cyber Treaty for Critical Infrastructure - Carnegie Europe - Carnegie Endowment for International Peace

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro

• 8 cyber security predictions shaping the future of cyber defence - Help Net Security

• Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)

• Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)

• Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon

• How to Prevent Your Company from Being Hacked in 2024 - DevX

• Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs

• US and Japan plan biggest upgrade to security pact in over 60 years

• US must establish independent military cyber service to fix 'alarming' problems — report | DefenseScoop

• FTSE 100 Retailers showing signs of cyber security apathy, despite growing risks | Retail Bulletin (theretailbulletin.com)

• Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)

• French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Gen Z, Millennials Really Don’t Care About Workplace Cyber Security

When it comes to cyber security in the workplace, younger employees don’t really seem to care that much, which is putting their organisations in serious harm’s way, new research has claimed.

Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cyber security than their Boomer counterparts in adhering to their employer's safety policies.

This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.

When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.

Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.

Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it. Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cyber criminals looking to exploit any hole in security. 

If an organisation's cyber security practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.

https://www.techradar.com/news/younger-workers-dont-care-about-workplace-cybersecurity

• Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind

The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.

“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software, so having an understanding of their origins is critical to vulnerability response. Many organisations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”

Log4Shell is a critical vulnerability discovered in November 2021 in Log4j, a widely popular open-source Java library used for logging and bundled in millions of enterprise applications and software products, often as an indirect dependency. According to Sonatype’s monitoring, as of August 2022, the adoption rate for fixed versions of Log4j sits at around 65%. Moreover, this doesn’t even account for the fact that the Log4Shell vulnerability originated in a Java class called JndiManager that is part of Log4j-core, but which has also been borrowed by 783 other projects and is now found in over 19,000 software components.

Log4Shell served as a watershed moment, highlighting the inherent risks that exist in the open-source software ecosystem – which sits at the core of modern software development – and the need to manage them properly. It also led to several initiatives to secure the software supply chain by private organisations, software repository managers, the Linux Foundation, and government bodies. Yet, most organisations are far from where they need to be in terms of open-source supply chain management.

https://www.csoonline.com/article/3677228/supply-chain-attacks-increased-over-600-this-year-and-companies-are-falling-behind.html#tk.rss_news

• Cyber-Enabled Crimes Are Biggest Police Concerns

Cyber-related crimes such as money laundering, ransomware and phishing pose the biggest threat to society, according to the first ever Interpol Global Crime Trend report.

The inaugural study was compiled from data received from the policing organisation’s 195 member countries, as well as information and analysis from external sources.

Money laundering was ranked the number one threat, with 67% of respondents claiming it to be a “high” or “very high” risk. Ransomware came second (66%) but was the crime type that most (72%) expected to increase in the next 3–5 years.

Of the nine top crime trends identified in the report, six are directly cyber-enabled, including money laundering, ransomware, phishing, financial fraud, computer intrusion and child sexual exploitation.

Interpol warned that the pandemic had fomented new underground offerings like “financial crime-as-a-service,” including digital money laundering tools which help to lower the barrier to entry for criminal gangs. It also claimed that demand for online child sexual exploitation and abuse (OCSEA) content surged during the pandemic. Some 62% of respondents expect it to increase or significantly increase in the coming years.

The findings represent something of a turnaround from pre-pandemic times, when drug trafficking regularly topped the list of police concerns. Thanks to a surge in corporate digitalisation, home working and online shopping, there are now rich pickings to be had from targeting consumers and business users with cyber-scams and attacks, Interpol claimed.

https://www.infosecurity-magazine.com/news/cyberenabled-crimes-are-biggest/

• List of Common Passwords Accounts for Nearly All Cyber Attacks

Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.

Tens of millions of credential-based attacks targeting two common types of servers boiled down to a small fraction of the passwords that formed a list of leaked credentials, known as the RockYou2021 list.

Vulnerability management firm Rapid7, via its network of honeypots, recorded every attempt to compromise those servers over a 12-month period, finding that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords (99.997%) are included in a common password list — the RockYou2021 file, which has 8.4 billion entries — suggesting that attackers, or the subset of threat actors attacking Rapid7's honeypots, are sticking to a common playbook.

The overlap in all the attacks also suggest attackers are taking the easy road, said Rapid7. "We know now, in a provable and demonstrable way, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet," they said. "Therefore, it's very easy to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls."

Every year, security firms present research suggesting users are continuing to pick bad passwords. In 2019, an evaluation of passwords leaked to the Internet found that the top password was "123456," followed by "123456789" and "qwerty," and unfortunately things have not got much better since then.

https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks

• Shared Responsibility or Shared Fate? Decentralised IT Means We Are All Cyber Defenders

Does your organisation truly understand the shared responsibility model? Shared responsibility emerged from the early days of cloud computing as a way to delineate responsibilities between cloud providers and their customers, but often there's a gap between what shared responsibility means and how it is interpreted. With the decentralisation of IT, this gap is getting worse.

Applications, servers, and overall technology used to be under the purview and control of the IT department, yet with the shift to cloud, and specifically software-as-a-service (SaaS), this dynamic has changed. Whether it's the sales team bringing in a customer relationship management (CRM) system like Salesforce, or the HR department operating a human resources information system (HRIS) like Workday, there's a clear "expanding universe" of IT that no longer sits where it used to. Critical business workflows exist in separate business units far from IT and security and are managed as such. Our corporate IT footprints have become decentralised.

This is not some minor, temporary trend. With the ease and speed of adopting new SaaS applications and the desire to "lift and shift" code into cloud-based environments, this is the future. The future is decentralised.

The shift to business-owned and -operated applications puts security teams in a position where risk management is their responsibility; they are not even able to log into some of these critical systems. It's like asking your doctor to keep you healthy but not giving her access to your information or having regular check-ups. It doesn't work that way.

Beyond the challenging human skills gap, there's technical entropy and diversity everywhere, with different configuration settings, event logs, threat vectors, and data sensitivities. On the access side, there are different admins, users, integrations, and APIs. If you think managing security on Windows and Mac is a lot, try it across many huge applications.

With this reality, how can the security team be expected to combat a growing amount of decentralised business technology risk?

We must operate our technology with the understanding that shared responsibility is the vertical view between cloud provider and customer, but that enterprise-owned piece of shared responsibility is the burden of multiple teams horizontally across an organisation. Too often the mentality is us versus them, availability versus security, too busy to care about risk, too concerned with risk to understand "the business."

https://www.darkreading.com/vulnerabilities-threats/shared-responsibility-or-shared-fate-decentralized-it-means-we-are-all-cyber-defenders

• Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers

The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.

Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows. “The war is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” according to the firm. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.

The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs. Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals. The group is increasingly inviting resentment from competing threat groups and possibly former members.

Some cyber criminals’ servers went offline in September after what appeared to be an attack from competitors. In the world of cyber criminality, it is not uncommon for tensions to flare among rival groups.

Officials from GCHQ’s National Cyber Security Centre have said ransomware is one of the biggest cyber threats facing the UK. Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.

US-based cyber security company Palo Alto Networks, however, warned that the average ransom payment it saw in the early part of this year was $925,000 (£829,000).

https://www.telegraph.co.uk/business/2022/10/23/ukraine-war-cuts-ransomware-kremlin-co-opts-hackers/

• 96% Of Companies Report Insufficient Security for Sensitive Cloud Data

The vast majority of organisations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).

The CSA report surveyed 1,663 IT and security professionals from organisations of various sizes and in various locations. "Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organisations have insufficient security for at least some of their sensitive data," according to the report, which was sponsored by data intelligence firm BigID.

Apart from struggling with securing sensitive data, organisations are also having trouble tracking data in the cloud. Over a quarter of organisations polled aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, the report said.

“This suggests that organisations’ current methods of classifying data aren’t sufficient for their needs. However, if the tracking is this low, it could be a contributing factor to the issue of dark data. Organisations need to utilise data discovery and classification tools to properly understand the data they have and how to protect it,” the CSA study noted.

https://www.csoonline.com/article/3677491/96-of-companies-report-insufficient-security-for-sensitive-cloud-data.html#tk.rss_news

• Your Microsoft Exchange Server Is a Security Liability

With endless vulnerabilities, widespread hacking campaigns, slow and technically tough patching, it's time to say goodbye to on-premise Exchange.

Once, reasonable people who cared about security, privacy, and reliability ran their own email servers. Today, the vast majority host their personal email in the cloud, handing off that substantial burden to the capable security and engineering teams at companies like Google and Microsoft. Now, cyber security experts argue that a similar switch is due - or long overdue - for corporate and government networks. For enterprises that use on-premise Microsoft Exchange, still running their own email machine somewhere in a closet or data centre, the time has come to move to a cloud service, if only to avoid the years-long plague of bugs in Exchange servers that has made it nearly impossible to keep determined hackers out.

The latest reminder of that struggle arrived earlier this week, when Taiwanese security researcher Orange Tsai published a blog post laying out the details of a security vulnerability in Microsoft Exchange. Tsai warned Microsoft about this vulnerability as early as June of 2021, and while the company responded by releasing some partial fixes, it took Microsoft 14 months to fully resolve the underlying security problem. Tsai had earlier reported a related vulnerability in Exchange that was massively exploited by a group of Chinese state-sponsored hackers known as Hafnium, which last year penetrated more than 30,000 targets by some counts. Yet according to the timeline described in Tsai’s post this week, Microsoft repeatedly delayed fixing the newer variation of that same vulnerability, assuring Tsai no fewer than four times that it would patch the bug before pushing off a full patch for months longer. When Microsoft finally released a fix, Tsai wrote, it still required manual activation and lacked any documentation for four more months.

Meanwhile, another pair of actively exploited vulnerabilities in Exchange that were revealed last month still remain unpatched after researchers showed that Microsoft’s initial attempts to fix the flaws had failed. Those vulnerabilities were just the latest in a years-long pattern of security bugs in Exchange’s code. And even when Microsoft does release Exchange patches, they’re often not widely implemented, due to the time-consuming technical process of installing them.

The result of those compounding problems, for many who have watched the hacker-induced headaches of running an Exchange server pile up, is a clear message: An Exchange server is itself a security vulnerability, and the fix is to get rid of it.

“You need to move off of on-premise Exchange forever. That’s the bottom line,” says Dustin Childs, the head of threat awareness at security firm Trend Micro’s Zero Day Initiative (ZDI), which pays researchers for finding and reporting vulnerabilities in commonly used software and runs the Pwn2Own hacking competition. “You’re not getting the support, as far as security fixes, that you would expect from a really mission-critical component of your infrastructure.”

https://www.wired.com/story/microsoft-exchange-server-vulnerabilities/

• Are Cyber Security Vendors Pushing Snake Oil?

Survey: 96 percent of cyber security decision makers confused by vendor marketing.

The availability of new security products increases, the amount of budget spent on cyber security grows, and the number of security breaches seems to outpace both. This basic lack of correlation between increasing cyber security spend and any clear increase in cyber security effectiveness is the subject of a new analytical survey from Egress.

With 52 million data breaches in Q2 2022 alone (Statista), Egress questioned 800 cyber security and IT leaders on why vendor claims and reality aren’t aligned. The headline response in the survey is that 91% of decision makers have difficulty in selecting cyber security vendors due to unclear marketing about their specific offerings.

The financial investment cycle doesn’t help in this. For many investors, the strength of the management team is more important than the product. The argument is not whether this product is a cyber security silver bullet, but whether this management can take the company to a point where it can exit with serious profits.

If investment is achieved, much of it will go into marketing. That marketing must compete against existing, established vendors – so it tends to be louder, more aggressive, and replete with hyperbole. Marketing noise can lead to increased valuation, which can lead to a successful and profitable exit by the investors.

Of course, this is an oversimplification and doesn’t always happen. The point, however, is that it does happen and has no relevance to the real effectiveness of the product in question. Without any doubt, there are many products that have been over-hyped by marketing funds provided by profit-driven investors.

https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil

• Ransomware Preparedness: What Are You Doing Wrong?

Axio released its 2022 State of Ransomware Preparedness research report, revealing that although notable improvements have been made since Axio’s 2021 report, organisational ransomware preparedness continues to be insufficient to keep pace with new attack vectors.

The report reveals that the lack of fundamental cyber security practices and controls, including critical vulnerability patching and employee cyber security training, continues to undermine organisational attempts to improve ransomware defences.

“Ransomware continues to wreak havoc on global organisations, regardless of size or industry,” remarked the report’s co-author David White, President of Axio. “As the number of attacks will most likely continue on an exponential trajectory, it’s more important than ever for companies to re-evaluate their cyber security practices and make the needed improvements to help combat these attacks.”

The report identifies several emerging patterns that yield insights into why organisations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organisations were deficient in implementing and sustaining basic cyber security practices were identified, and these patterns dominated the 2022 study results as well:

• Managing privileged access

• Improving basic cyber hygiene

• Reducing exposure to supply chain and third-party risk

• Monitoring and defending networks

• Managing ransomware incidents

• Identifying and addressing vulnerabilities in a timely manner

• Improving cyber security training and awareness

Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:

• The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.

• Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.

• Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.

• Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.

• Critical vulnerability patching within 24 hours was reported by only 24% of organisations.

• A ransomware-specific playbook for incident management is in place for only 30% of organisations.

• Active phishing training has improved but is still not practiced by 40% of organisations.

https://www.helpnetsecurity.com/2022/10/20/insufficient-ransomware-preparedness/

• NSA Cybersecurity Director's Six Takeaways from the War in Ukraine

From the warning banner ‘Be afraid and expect the worst’ that was shown on several Ukrainian government websites on January 13, 2022, after a cyber-attack took them down, the US National Security Agency’s (NSA) cybersecurity director, Rob Joyce, knew that something was going to be different, and very aggressive, between Ukraine and Russia, and that it would be happening in the cyber space as well.

Ten months on, he was invited to speak at one of Mandiant Worldwide Information Security Exchange's (mWISE) opening keynotes on October 18, 2022. Joyce shared six takeaways from the Russia-Ukraine cyber-conflict in terms of what we learned from it and its impact on how nations should protect their organisations.

1. Both espionage and destructive attacks will occur in conflict

2. The cyber security industry has unique insight into these conflicts

3. Sensitive intelligence can make a decisive difference

4. You can develop resiliency skills

5. Don’t try to go it alone

6. You have not planned enough yet for the contingencies

Toward the end of the keynote, Joyce suggested the audience simulate a scenario based on what happened in Ukraine with the China-Taiwan conflict escalating and see what they should put in place to better prepare for such an event.

https://www.infosecurity-magazine.com/news/nsa-6-takeaways-war-ukraine/

• Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.

Microsoft also emphasised that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."

The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cyber security company SOCRadar, which termed the leak BlueBleed. Microsoft said it's in the process of directly notifying impacted customers.

The Windows maker did not reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

https://thehackernews.com/2022/10/microsoft-confirms-server.html

Threats

Ransomware and Extortion

• Сryptocurrency and Ransomware — The Ultimate Friendship (thehackernews.com)

• Venus Ransomware targets publicly exposed Remote Desktop services (bleepingcomputer.com)

• Pendragon being held to $60m ransom by dark web hackers – Car Dealer Magazine

• Magniber Ransomware Is Targeting Home PC (informationsecuritybuzz.com)

• Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)

• Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert

• TommyLeaks and SchoolBoys: Two sides of the same ransomware gang (bleepingcomputer.com)

• With Conti gone, LockBit takes lead of the ransomware threat landscape | CSO Online

• Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware (darkreading.com)

• Wholesale giant METRO hit by IT outage after cyber attack (bleepingcomputer.com)

• The link between Ransom Cartel and REvil ransomware gangs - Security Affairs

• Deadbolt Ransomware Targets NAS Devices - IT Security Guru

• Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4 (thehackernews.com)

• How Vice Society Got Away With a Global Ransomware Spree | WIRED

• Microsoft warns over unusual ransomware attacks | ZDNET

• Defenders beware: A case for post-ransomware investigations - Microsoft Security Blog

• Ransomware crews regrouping as LockBit rise continues (computerweekly.com)

• Singapore Creates Counter Ransomware Task Force to Tackle Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Ransom Cartel linked to notorious REvil ransomware operation (bleepingcomputer.com)

• Hackney Council Ransomware Attack £12m+ Recovery - IT Security Guru

• Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert

• Prestige ransomware hits victims of HermeticWiper • The Register

• New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)

• Japanese tech firm Oomiya hit by LockBit 3.0 - Security Affairs

• Ransomware attack halts circulation of some German newspapers (bleepingcomputer.com)

• Ransomware Insurance Security Requirement Strategies (trendmicro.com)

• Australian insurance firm Medibank confirms ransomware attack (bleepingcomputer.com)

• Ransomware attack impacted some CommonSpirit sites, but few details released | SC Media (scmagazine.com)

• BlackByte ransomware uses new data theft tool for double-extortion (bleepingcomputer.com)

Phishing & Email Based Attacks

• Phishing works so well crims won't use deepfakes: Sophos • The Register

• Phishing Mitigation Can Cost Businesses More Than $1M Annually (darkreading.com)

• Securing your organisation against phishing can cost up to $85 per email | CSO Online

• How phishing campaigns abuse Google Ad click tracking redirects - Help Net Security

• Attackers switch to self-extracting password-protected archives to distribute email malware | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Amazon customers warned about text message scam that is trying to steal personal details | The Northern Echo

Malware

• VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica

• Microsoft’s out-of-date driver list left Windows PCs open to malware attacks for years - The Verge

• Ursnif malware switches from bank account theft to initial access (bleepingcomputer.com)

• Experts spotted a new undetectable PowerShell Backdoor - Security Affairs

• Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware (thehackernews.com)

• Typosquat campaign mimics 27 brands to push Windows, Android malware (bleepingcomputer.com)

• Thousands of GitHub repositories deliver fake PoC exploits with malware (bleepingcomputer.com)

• Hackers use new stealthy PowerShell backdoor to target 60+ victims (bleepingcomputer.com)

• Hijacking of Popular Minecraft Launcher by Rogue Developer Raises Malware Fears - IGN

• URSNIF (aka Gozi) banking trojan morphs into backdoor • The Register

• What is a RAT (Remote Access Trojan)? | Definition from TechTarget

Mobile

• QR codes could unlock phone to hackers, security expert warns (nypost.com)

• These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times (thehackernews.com)

Internet of Things – IoT

• Riskiest IoT Devices - Cameras, VoIP And Video Conferencing (informationsecuritybuzz.com)

• NCSC CEO Calls for International Standards on IoT Security - Infosecurity Magazine (infosecurity-magazine.com)

• Securing IoT devices against attacks that target critical infrastructure - Microsoft Security Blog

• 74% say connected cars and EV chargers need cyber security ratings | Ars Technica

Data Breaches/Leaks

• The companies most likely to lose your data - Help Net Security

• Fines are not enough! Data breach victims want better security - Help Net Security

• Medibank hack turned into a data breach: The attackers are demanding money - Help Net Security

• Mormon Church Hit By Cyber attack, Personal Data Exposed (informationsecuritybuzz.com)

• Keystone Health Data Breach Impacts 235,000 Patients | SecurityWeek.Com

• Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)

• Client Data Exfiltrated In Advanced NHS cyber Attack (informationsecuritybuzz.com)

• Optus tells customers affected by data breach they can no longer use passports as online ID | Optus | The Guardian

• Australian Wine Dealer Suffers Data Breach, 500,000 Customers May Be (informationsecuritybuzz.com)

• Advocate Aurora Health in potential 3 million patient leak • The Register

Organised Crime & Criminal Actors

• Cyber criminals jailed for cryptocurrency theft, death threats (bleepingcomputer.com)

• Israeli cyber intel firm shines bright light on new, shadowy cyber crime collective | The Times of Israel

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Why Crypto Winter is No Excuse to Let Your Cyber Defences Falter (thehackernews.com)

• North Korea’s Lazarus Group Attacks Japanese Crypto Firms - Decrypt

• Coinbase users scammed out of $21M in crypto sue company for negligence | Ars Technica

• SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency | SecurityWeek.Com

Fraud, Scams & Financial Crime

• Financial losses to synthetic identity-based fraud to double by 2024 | CSO Online

• AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group | SecurityWeek.Com

• Cops Arrest Suspected Multimillion-Dollar Fraud Mastermind - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Deepfakes: What they are and how to spot them - Help Net Security

• Phishing works so well crims won't use deepfakes: Sophos • The Register

Insurance

• Ransomware Insurance Security Requirement Strategies (trendmicro.com)

Supply Chain and Third Parties

• How supply chain threats will evolve in 2023 - Help Net Security

Software Supply Chain

• Software Supply Chain Attacks Soar 742% In Three Years (informationsecuritybuzz.com)

• SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain (darkreading.com)

Denial of Service DoS/DDoS

• Pro-Russia Hackers DDoS Bulgarian Government - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration (darkreading.com)

• 3 cloud security posture questions CISOs should answer (techtarget.com)

• 10 Steps to Securing the Cloud - MSSP Alert

Attack Surface Management

• Attack Surface Management 2022 Midyear Review Part 1 (trendmicro.com)

Identity and Access Management

• What Is the Difference Between Identity Verification and Authentication? (darkreading.com)

Encryption

• The quantum computing threat is real. Now we need to act. - CyberScoop

API

• Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity - Infosecurity Magazine (infosecurity-magazine.com)

• Open banking API security: Best practices to ensure a safe journey - Help Net Security

Open Source

• New security concerns for the open-source software supply chain - Help Net Security

• Python vulnerability highlights open source security woes (techtarget.com)

• Researchers find 633% increase in cyber-attacks aimed at open source repositories | The Daily Swig (portswigger.net)

• 3 Ways to Help Customers Defend Against Linux-Based Cyber attacks - MSSP Alert

• OldGremlin hackers use Linux ransomware to attack Russian orgs (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Most People Still Reuse Their Passwords Despite Years Of Hacking (informationsecuritybuzz.com)

• Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH | SecurityWeek.Com

• Eight RTX 4090s Can Break Passwords in Under an Hour | Tom's Hardware (tomshardware.com)

Training, Education and Awareness

• Security Awareness Urged to Grow Beyond Compliance (darkreading.com)

• Raising cyber security awareness is good for everyone - but it needs to be done better | ZDNET

• Millennials, Gen Z blamed for poor company security • The Register

Privacy, Surveillance and Mass Monitoring

• Amazon and the Rise of ‘Luxury Surveillance’ - The Atlantic

• Google sued over biometric data collection without consent (bleepingcomputer.com)

Regulations, Fines and Legislation

• Fines are not enough! Data breach victims want better security - Help Net Security

• Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)

• New York fines EyeMed $4.5 million for 2020 email hack, data breach | SC Media (scmagazine.com)

• Health insurer pays out $4.5m over bungled data security • The Register

Law Enforcement Action and Take Downs

• INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organisation (thehackernews.com)

• Law enforcement arrested 31 suspects for stealing cars by hacking key fobs - Security Affairs

• Cops Arrest Suspected Multimillion-Dollar Fraud Mastermind - Infosecurity Magazine (infosecurity-magazine.com)

• Interpol is setting up its own metaverse to learn how to police the virtual world | Euronews

• Brazilian Police Nab Suspected Member of Lapsus$ Group (darkreading.com)

• Interpol Report: "Financial Crime-as-a-Service" an Emerging Threat - MSSP Alert

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert

• US, China, Russia, more meet at Singapore infosec event • The Register

• NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry - CyberScoop

• China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs (darkreading.com)

• Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert

• Hackers target Asian casinos in lengthy cyber espionage campaign (bleepingcomputer.com)

• Prestige ransomware hits victims of HermeticWiper • The Register

• Pro-Russia Hackers DDoS Bulgarian Government - Infosecurity Magazine (infosecurity-magazine.com)

• OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme (thehackernews.com)

Nation State Actors

Nation State Actors – Russia

• Ukraine war: Life appears normal in Moscow... but a sinister undercurrent exists as Putin's conflict drags on | World News | Sky News

• Ukraine's cyber chief calls for global anti-fake news fight • The Register

• German Cyber security Boss Sacked Over Kremlin Connection (darkreading.com)

• Killing Starlink! Russian Media Says Over 4000 Missiles Required To Destroy Starlink Service; Experts Say 'Mission Impossible' (eurasiantimes.com)

• New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)

• Bulgaria hit by a cyber attack originating from Russia - Security Affairs

Nation State Actors – China

• As China-Taiwan tensions mount, how's your cyber defence? • The Register

• Chinese 'Spyder Loader' Malware Spotted Targeting Organisations in Hong Kong (thehackernews.com)

• Hackers compromised Hong Kong govt agency network for a year (bleepingcomputer.com)

• WIP19 Threat Group Cyber attacks Target IT Service Providers, Telcos - MSSP Alert

Nation State Actors – North Korea

• North Korea’s Lazarus Group Attacks Japanese Crypto Firms - Decrypt

Nation State Actors – Iran

• FBI Warns of Iranian Cyber Firm's Hack-and-Leak Operations | SecurityWeek.Com

• 'FurBall' Spyware Being Used Against Iranian Citizens (darkreading.com)

Vulnerability Management

• Compare vulnerability assessment vs. vulnerability management (techtarget.com)

Vulnerabilities

• 45,654 VMware ESXi servers reached End of Life on Oct. 15 - Security Affairs

• VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica

• Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability (thehackernews.com)

• Text message verification flaws in your Windows Active Directory (bleepingcomputer.com)

• Apache Commons Vulnerability: Patch but Don't Panic (darkreading.com)

• Zoom for Mac patches sneaky “spy-on-me” bug – update now! – Naked Security (sophos.com)

• ProxyLogon researcher details new Exchange Server flaws (techtarget.com)

• Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684 - Security Affairs

• Exploited Windows zero-day lets JavaScript files bypass security warnings (bleepingcomputer.com)

• Dozen High-Severity Vulnerabilities Patched in F5 Products | SecurityWeek.Com

• Oracle Releases 370 New Security Patches With October 2022 CPU | SecurityWeek.Com

• Palo Alto Networks fixed a high-severity flaw in PAN-OS - Security Affairs

• Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)

• Zimbra Patches Under-Attack Code Execution Bug | SecurityWeek.Com

• WordPress Security Update 6.0.3 Patches 16 Vulnerabilities | SecurityWeek.Com

• Python vulnerability highlights open source security woes (techtarget.com)

• Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network (thehackernews.com)

• Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 (securityintelligence.com)

Reports Published in the Last Week

• Financial and cyber crimes top global police concerns, says new INTERPOL report

• Post-Quantum Cryptography: Anticipating Threats and Preparing the Future — ENISA (europa.eu)

• Attack Surface Management 2022 Midyear Review Part 1 (trendmicro.com)

Other News

• Zero trust is misused in security, say Cloudflare, Zscaler - Protocol

• How to manage and reduce secret sprawl (techtarget.com)

• Cyber professional shortfall hits 3.4 million (computerweekly.com)

• Infosec still (mostly) a boys club • The Register

• Cyber security Workforce Gap Grows by 26% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• VPN use prevails despite interest in VPN alternatives (techtarget.com)

• JP Morgan Bans Staff From Working Remotely In Hotels and Coffee Shops-But Not Airbnbs | Inc.com

• Experts discovered millions of .git folders exposed to public - Security Affairs

• Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives | TechSpot

• Internet connectivity worldwide impacted by severed fiber cables in France (bleepingcomputer.com)

• UK's Remote Shetland Mysteriously Lose Phone, Internet After Cable Cut (businessinsider.com)

• CISOs, rejoice! Security spending is increasing - Help Net Security

• Equifax surveilled 1,000 remote workers, fired 24 found juggling two jobs | Ars Technica

• Do You Think Businesses Must Do More To Boost Cyber Defences, Says Nadhim (informationsecuritybuzz.com)

• NATO Just Deployed Its First Killer Ground Robot (futurism.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving

Ransomware is the biggest cyber security threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.

"Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they're increasingly offered by gangs as a service, lowering the bar for entry into cyber crime," said Lindy Cameron, CEO of the NCSC in a speech at Tel Aviv Cyber Week.

She added that the NCSC has dealt with "nationally significant incidents" along with hundreds of general cyber incidents that "affect the UK more widely every year".

While she didn't detail any specific instances of responding to ransomware incidents, Cameron warned that "these complex attacks have the potential to affect our societies and economies significantly", and implied that if it weren't for the work of NCSC incident responders, alongside their counterparts in the industry and international counterparts, the attacks could have had a major impact.

https://www.zdnet.com/article/ransomware-attacks-are-the-biggest-global-cyber-threat-and-still-evolving-warns-cybersecurity-chief/

• Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion

Titaniam, Inc., the data security platform, announced the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organisations have an existing set of prevention, detection, and backup solutions, nearly 40% of organisations have been hit with ransomware attacks in the last year, and more than 70% have experienced one in the previous five years, proving existing solutions to be woefully inadequate in managing the risks and impacts from these attacks.

Data exfiltration during ransomware attacks is up 106% relative to where it was five years ago. We are seeing the emergence of a new trend where cyber criminals are no longer limiting themselves to just encrypting entire systems—they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim. The survey found that 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60% say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59% of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.

Data is being exposed for theft and extortion in other ways too. Nearly half (47%) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78%), prevention & detection (75%), and backup and recovery (73%) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks.

https://www.darkreading.com/attacks-breaches/study-reveals-traditional-data-security-tools-have-a-60-failure-rate-against-ransomware-and-extortion

• Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Attacks against companies spiked in Q1 2022 with patchable and preventable external vulnerabilities responsible for the bulk of attacks.

Eighty-two percent of attacks on organisations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.

The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyber attacks against United States organisations between January and March 2022.

The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credentials are still major factors in attacks against organisations.

https://threatpost.com/lead-causes-of-q1-attacks/180096/

• Three in Four Vulnerability Management Programs Ineffective

How at risk are organisations to unsecured vulnerabilities in their networks? NopSec, a threat and exposure management provider, gives us the answers in a new study of some 430 cyber security professionals.

Are security teams finding successful approaches to their vulnerability management, or are “open doors around their attack surface” leaving them susceptible to disaster in their organisation? The answer, as it turns out, is that some organisations are better at detection, response and remediation of their vulnerabilities.

Perhaps more importantly, others are not as locked down as they believe, according to the report. Keeping track of known vulnerabilities and responding quickly is one thing, but locating flaws they did not previously know existed is quite another.

Seventy percent of respondent say their vulnerability management program (VMP) is only somewhat effective or worse, blind spots and shadow IT remain top challenges, and vulnerabilities take too long to patch.

https://www.msspalert.com/cybersecurity-research/three-in-four-vulnerability-management-programs-ineffective-study-finds/

• EMEA Continues to Be a Hotspot for Malware Threats

Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.

Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.

The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.

https://www.helpnetsecurity.com/2022/06/30/emea-malware-threats/

• A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.

So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive, and remain undetected, is the hallmark of a highly sophisticated threat actor.

"While compromising small office/home office (SOHO) routers as a vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organisation."

The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.

https://www.wired.com/story/zuorat-trojan-malware-hacking-routers/

• What Are Shadow IDs, and How Are They Crucial in 2022?

Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)

Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems that new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT.

"Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services, are often created using a simple email-and-password-based registration. Cloud access security broker (CASB) and corporate single-sign-on (SSO) solutions are limited to a few sanctioned applications, and are not widely adopted on most websites and services either. This means, that a large part of an organisation's external surface - as well as its user identities - may be completely invisible.

https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html

• Zero-Days Aren't Going Away Anytime Soon, and What Leaders Need to Know

Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just recently, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. And because the internal security teams have no time to prepare or patch their systems to defend against these software vulnerabilities, crafty threat actors can take advantage, taking their time after they've accessed an organisation's environment to observe and exfiltrate data while remaining completely unseen.

And though sophisticated threat actors and nations have exploited zero-days for nearly two decades, last year saw a historic rise in the number of vulnerabilities detected. Both Google and Mandiant tracked a record number of zero-days last year, with the caveat that more zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal, though. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there's some basic cyber hygiene strategies that can keep your organisation sufficiently prepared to mitigate zero-day exploits.

https://www.darkreading.com/attacks-breaches/zero-days-aren-t-going-away-anytime-soon-and-what-leaders-need-to-know

• Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities

Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.

According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organisations applied more comprehensive patching.

“On top of that, four of the 2022 zero-days are variants of 2021 in-the-wild zero-days. Just 12 months from the original in-the-wild zero-day being patched, attackers came back with a variant of the original bug,” Stone says.

The most recent of these issues is the Follina vulnerability in the Windows platform. Tracked as CVE-2022-30190, it is a variant of an MSHTML zero-day tracked as CVE-2021-40444.

CVE-2022-21882 is another Windows vulnerability that is a variant of an in-the-wild zero-day that was improperly resolved last year, namely CVE-2021-1732.

An iOS IOMobileFrameBuffer bug (CVE-2022-22587) and a type confusion flaw in Chrome’s V8 engine (CVE-2022-1096) are two other zero-days that are variants of exploited security flaws found last year – CVE-2021-30983 and CVE-2021-30551, respectively.

Other 2022 zero-days that are variants of improperly addressed security defects are CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence), and CVE-2022-26925 (Windows flaw called PetitPotam).

https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities

• Human Error Remains the Top Security Issue

Human error remains the most effective vector for conducting network infiltrations and data breaches.

The SANS Institute security centre issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also tracked the maturity level of respondents' security awareness programs and their effectiveness in reducing human risk.

"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it," the cyber security training and education organisation said.

"These larger teams are more effective at working with the security team to identify, track, and prioritise their top human risks, and at engaging, motivating, and training their workforce to manage those risks."

The SANS Institute study ranked maturity by five levels, from lowest to highest: nonexistent, compliance-focused, promoting awareness and behaviour change, long-term sustainment and culture change, and metrics framework. The report found that while approximately 400 respondents said their programs promote awareness and behaviour change - the highest such response for any maturity level - the number represented a 10% decrease from the previous year's report.

https://www.techtarget.com/searchsecurity/news/252522226/SANS-Institute-Human-error-remains-the-top-security-issue

• Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks

Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyber attacks.

A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based business revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

Back in 2019, the security operations team spotted an internal email account sending spam to other addresses. It turned out miscreants had hijacked 124 employee Microsoft Office 365 email accounts, and were using them to send phishing emails to harvest more credentials. This, we're told, gave the intruders access to personal data on 180,000 Carnival employees and customers. It's likely the miscreants first broke in using phishing mails or brute-forcing passwords; either way, there was no multi-factor authentication.

Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.

https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/

• Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules

A federal judge on Tuesday said a former Uber Technologies Inc. security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.

The US Department of Justice had in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the US Federal Trade Commission.

https://www.reuters.com/business/uber-ex-security-chief-accused-hacking-coverup-must-face-fraud-charges-judge-2022-06-28/

Threats

Ransomware

• Ransomware market evolution results in fewer variants, but rise in off-the-shelf cyber crime kits continues | The Daily Swig (portswigger.net)

• Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts - MSSP Alert

• Cyber Security Experts Warn of Emerging Threat of "Black Basta" Ransomware (thehackernews.com)

• 5 years after NotPetya: Lessons learned | CSO Online

• AstraLocker 2.0 infects users directly from Word attachments (bleepingcomputer.com)

• Mitel VoIP Bug Exploited in Ransomware Attacks | Threatpost

• Black Basta Ransomware Gang Attacks 50 Companies, Cybereason Reports - MSSP Alert

• How Dangerous Is BlackBasta Ransomware? (informationsecuritybuzz.com)

• LockBit 3.0 Debuts With Ransomware Bug Bounty Program (darkreading.com)

• Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit (trendmicro.com)

• Son of Conti: Ransomware tries its hand at politics - The Record by Recorded Future

• Kaseya Ransomware - Cyber Leader’s Thoughts & Learnings One Year Later (informationsecuritybuzz.com)

• Are Protection Payments the Future of Ransomware? (tripwire.com)

• Conti vs. LockBit: A Comparative Analysis of Ransomware Groups (trendmicro.com)

• This new malware is at the heart of the ransomware ecosystem | ZDNet

• Macmillan Publishing shuts down systems after likely ransomware attack (bleepingcomputer.com)

• Walmart denies being hit by Yanluowang ransomware attack (bleepingcomputer.com)

• Fake copyright infringement emails install LockBit ransomware (bleepingcomputer.com)

• Cisco Talos techniques uncover ransomware sites on dark web (techtarget.com)

• RansomHouse gang claims to have some stolen AMD data • The Register

• 'Prolific' NetWalker extortionist pleads guilty • The Register

Phishing & Email Based Attacks

• Google Warns About Hacker-for-Hire Services Trying to Phish Users (pcmag.com)

• Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)

• Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)

• How phishing attacks are becoming more sophisticated - Help Net Security

• How Evilnum Cyber Attacks Target Microsoft Office Files - MSSP Alert

• New Matanbuchus Campaign drops Cobalt Strike beacons - Security Affairs

• Kaspersky Reveals Phishing Emails That Employees Find Most Confusing (darkreading.com)

• Ukraine arrests cyber crime gang operating over 400 phishing sites (bleepingcomputer.com)

Malware

• Microsoft finds Raspberry Robin worm in hundreds of Windows networks (bleepingcomputer.com)

• Microsoft Exchange servers worldwide backdoored with new malware (bleepingcomputer.com)

• Microsoft warning: This malware that targets Linux just got a big update | ZDNet

• ZuoRAT Hijacks SOHO Routers From Cisco, Netgear (darkreading.com)

• XFiles info-stealing malware adds support for Follina delivery (bleepingcomputer.com)

• Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)

• Minors Use Discord Servers To Earn Extra Pocket Money Through Spreading Malware (informationsecuritybuzz.com)

• PyPi python packages caught sending stolen AWS keys to unsecured sites (bleepingcomputer.com)

Mobile

• Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine

• Google warns Hermit spyware is infecting phones. What is it and how do you protect yourself from it? | Mashable

• Phone Hackers: 9 Ways To Tell If You Have Fallen Victim (informationsecuritybuzz.com)

• Apple revokes certificates for Hermit spyware app - 9to5Mac

• Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru

Internet of Things – IoT

• Swarm of malfunctioning driverless taxis brings traffic to a halt for hours (telegraph.co.uk)

Data Breaches/Leaks

• Millions of free VPN user records leaked | TechRadar

• Leaky Access Tokens Exposed Amazon Photos of Users | Threatpost

• California gun dashboards expose 10 years of personal data • The Register

Organised Crime & Criminal Actors

• The strange business of cyber crime | CSO Online

• Russia-China cyber criminal collaboration could “destabilize” international order | CSO Online

• Canadian admits to hacking spree with Russian cyber-gang - BBC News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pentagon finds concerning vulnerabilities on blockchain | TechRepublic

• Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0daySecurity Affairs

• Hackers steal $100m from another breached crypto bridge | TechRadar

• Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine

• Dozens of cryptography libraries vulnerable to private key theft | The Daily Swig (portswigger.net)

• Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted - BBC News

• Singapore warns of ‘brutal, unrelentingly hard’ crypto regs • The Register

Insider Risk and Insider Threats

• Rogue HackerOne employee steals bug reports to sell on the side (bleepingcomputer.com)

• Japanese worker loses city's personal data in USB fail • The Register

• How you handle independent contractors may determine your insider threat risk | CSO Online

Fraud, Scams & Financial Crime

• Threat actors increasingly use third parties to run their scams - Help Net Security

• Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine

• Evolving online habits have paved the way for fraud. What can we do about it? - Help Net Security

Insurance

• Cyber Insurance: The Good, the Bad, and the Ugly - IT Security Guru

Software Supply Chain

• It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? (darkreading.com)

• Over a Decade in Software Security: What Have We learned? - IT Security Guru

Denial of Service DoS/DDoS

• Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)

Attack Surface Management

• Digital Shadows Weaken Your Attack Surface (securityintelligence.com)

Shadow IT

• Shadow IT Spurs 1 in 3 Cyber Attacks (darkreading.com)

• What is Shadow IT and why is it so risky? (thehackernews.com)

Open Source

• CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• RansomHouse Hackers Claim to Breach AMD With Bad Passwords (gizmodo.com)

• Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (bleepingcomputer.com)

• Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)

Social Media

• Verified Twitter accounts hacked to send fake suspension notices (bleepingcomputer.com)

• Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign (darkreading.com)

• New YTStealer malware steals accounts from YouTube Creators (bleepingcomputer.com)

• Facebook 2FA phish arrives just 28 minutes after scam domain created – Naked Security (sophos.com)

Training, Education and Awareness

• Time Constraints Hamper Security Awareness Programs (darkreading.com)

Privacy

• ‘Supercookies’ Have Privacy Experts Sounding the Alarm | WIRED

• UK should immediately ban use of live facial recognition, warns report | Financial Times (ft.com)

• Snoopers’ Charter Ruled Partially Unlawful - Infosecurity Magazine

• We must stop sleepwalking towards a surveillance state | Financial Times (ft.com)

Parental Controls and Child Safety

• How parents can talk about online safety and personal info protection with their kids - Help Net Security

Regulations, Fines and Legislation

• Manx government department fined over data breach - BBC News

• Clearview fine: The unacceptable face of modern surveillance - Help Net Security

• UK security services must seek approval to access telecoms data, judges rule | UK security and counter-terrorism | The Guardian

Law Enforcement Action and Take Downs

• Global Police Crack Down on Online Sexual Exploitation - Infosecurity Magazine

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Lethal drinking water, runs on banks and panic buying: What a real Undeclared War cyber attack could mean (inews.co.uk)

• Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation | CSO Online

• Clear Rules Needed to Prevent Conflict and Struggle in Cyber Space, Says NCSC Chief - Infosecurity Magazine

• NATO to create cyber rapid response force, increase cyber defence aid to Ukraine - CyberScoop

• Could the Russian cyber attack on Lithuania draw a military response from NATO? | World News | Sky News

• Evilnum hackers return in new operation targeting migration orgs (bleepingcomputer.com)

• Commercial cyber products must be used responsibly, says NCSC CEO (computerweekly.com)

• G7 to tackle cyber threats and disinformation from Russia: communique | Reuters

• Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru

• Apple revokes certificates for Hermit spyware app - 9to5Mac

• China lured graduate jobseekers into digital espionage | Ars Technica

• FCC commissioner calls TikTok Chinese spyware and wants it pulled from mobile app stores (androidpolice.com)

• Google warns Hermit spyware is infecting phones. What is it and how do you protect yourself from it? | Mashable

Nation State Actors

Nation State Actors – Russia

• Ukraine targeted by almost 800 cyber attacks since the war started (bleepingcomputer.com)

• Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas - Security Affairs

• Russian Hacker Group Says Cyber Attacks Continue On Lithuania (informationsecuritybuzz.com)

• Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)

• Russia's Killnet hacker group says it attacked Lithuania | Reuters

Nation State Actors – China

• Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia | SecurityWeek.Com

• Chinese Hackers Target Building Management Systems | SecurityWeek.Com

• China lured graduate jobseekers into digital espionage | Ars Technica

Nation State Actors – North Korea

• Experts blame North Korea-linked Lazarus APT for Harmony hack - Security Affairs

Vulnerability Management

• 18 Zero-Days Exploited So Far in 2022 (darkreading.com)

• Why more zero-day vulnerabilities are being found in the wild | CSO Online

• Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)

• Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree (thehackernews.com)

• Microsoft's quiet mishandling of vulnerabilities is becoming a public mess - OnMSFT.com

Vulnerabilities

• MITRE shares this year's list of most dangerous software bugs (bleepingcomputer.com)

• Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (darkreading.com)

• How and why threat actors target Microsoft Active Directory | CSO Online

• Atlassian Confluence Exploits Peak at 100K Daily (darkreading.com)

• Patch Now: Linux Container-Escape Flaw in Azure Service Fabric (darkreading.com)

• Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (bleepingcomputer.com)

• OpenSSL 3.0.5 awaits release to fix potential security flaw • The Register

• CISA: Adopt Modern Auth now for Exchange Online • The Register

• CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)

• CISA orders agencies to patch Windows LSA bug exploited in the wild (bleepingcomputer.com)

• Mitel VoIP Bug Exploited in Ransomware Attacks | Threatpost

• Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware (trendmicro.com)

• Jenkins discloses dozens of zero-day bugs in multiple plugins (bleepingcomputer.com)

• New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)

Sector Specific

Critical National Infrastructure (CNI)

• Stress and Burnout Could Lead to Exodus of CNI Cyber Security Leaders - Infosecurity Magazine

Financial Services Sector

• Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine

FinTech

• A Fintech Horror Story: How One Company Prioritizes Cyber Security (darkreading.com)

• Security and compliance concerns limit ‘open finance’ expansion, say executives (scmagazine.com)

Telecoms

• Why the next-gen telecom ecosystem needs better regulations (techtarget.com)

OT, ICS, IIoT, SCADA and Cyber-Physical Systems

• APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (thehackernews.com)

• Cyber-Physical Security: Benchmarking to Advance Your Journey | SecurityWeek.Com

• Critical Security Flaws Identified in CODESYS ICS Automation Software (thehackernews.com)

• Microsoft Exchange bug abused to hack building automation systems (bleepingcomputer.com)

• 5 Cyber Security Tips for Smart Buildings - IT Security Guru

• Chinese Hackers Target Building Management Systems | SecurityWeek.Com

• OT security: Helping under-resourced critical infrastructure organisations - Help Net Security

Energy & Utilities

Oil, Gas and Mining

Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia | SecurityWeek.Com

Food and Agriculture

• Wiltshire Farm Foods Cyberattack (informationsecuritybuzz.com)

Education and Academia

• Threat Actor Claims Responsibility For IBM and Stanford University Hack - Infosecurity Magazine (infosecurity-magazine.com)

Web3

• Securing the Metaverse and Web3 | SecurityWeek.Com

• Cyber security and the metaverse: Identifying the weak spots | VentureBeat

Reports Published in the Last Week

• State of Email Security | Mimecast

• Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf

• State of Data Exfiltration and Extortion 2022 - Titaniam

• SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organisation’s Cyber Security | SANS Institute

• Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues

Other News

• Cyber Attacks Gain Steam in Early '22: Tetra Defense Report - MSSP Alert

• FBI warns crooks are using deepfake videos in job interviews • The Register

• Destructive firmware attacks pose a significant threat to businesses - Help Net Security

• 48% of security practitioners seeing 3x increase in alerts per day - Help Net Security

• Adversarial machine learning explained: How attackers disrupt AI and ML systems | CSO Online

• Companies are desperate for cyber security workers—more than 700K positions need to be filled | Fortune

• 82% Cyber Breaches In Verizon’s Report Preventable, Says MyCena (informationsecuritybuzz.com)

• SolarWinds hack explained: Everything you need to know (techtarget.com)

• Properly securing APIs is becoming increasingly urgent - Help Net Security

• 97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors - Infosecurity Magazine

• LGBTQ+ folks warned of dating app extortion scams • The Register

• What is Zero Trust and why would you want it? • The Register

• Tencent admits to poisoned QR code attack on QQ accounts • The Register

• Exploring the insecurity of readily available Wi-Fi networks - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Beware Of Ransomware Attacks Between Christmas And New Year’s!

Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.

The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.

https://www.helpnetsecurity.com/2021/12/09/ransomware-attacks-holiday/

Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.

So how can you take precautions to protect your organisation during these times?

Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.

https://thehackernews.com/2021/12/why-holidays-put-your-company-at-risk.html

Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool

Security experts are sounding the equivalent of a five-alarm fire on a critical new zero-day vulnerability in Log4j, a logging framework that is ubiquitously present in Java software.

The flaw (CVE-2021-44228) could allow remote attackers to run arbitrary code on any application that uses Log4j and is already being actively exploited. Some vendors have observed mass scanning activity — presumably by threat actors — for vulnerable applications, and there are some reports of exploit activity against organisations. Attacks against the flaw take little skill to execute and are being fueled by proof-of-concept code in the wild.

https://www.darkreading.com/vulnerabilities-threats/security-experts-sound-alarm-on-zero-day-in-widely-used-log4j-tool

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.

https://threatpost.com/solarwinds-attackers-new-tactics-malware/176818/

Cyber Crime Supply Chain: Fuelling The Rise In Ransomware

Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.

https://www.helpnetsecurity.com/2021/12/06/cybercrime-supply-chain/

Weak Passwords Caused 30% Of Security Breaches

A recent survey assessed the risk factors associated with password management and how to safeguard them from attacks or breaches. The results revealed that 30% of respondents reported password leaks and security breaches as a result of poor password practices. Respondees admitted to making poor password choices, such as sharing them with colleagues, family members or friends; writing them on sticky notes, papers, planners; re-using passwords across multiple sites and only changing them when prompted.

Consequently, researchers revealed some of the best password practices to create unhackable passwords. These practices include using secure VPNs, two-factor authentication, using a password management software and creating unique passwords that aren’t easily deduced .

https://www.itsecurityguru.org/2021/12/10/weak-passwords-caused-30-of-security-breaches/

Work-from-Anywhere Requires "Work-from-Anywhere Security"

Securing today's expanding networks often includes adding additional technologies to an already overburdened security environment. With organisations already struggling to manage an average of 45 security tools, with each incident requiring coordination across 19 different devices, adding new technologies to the mix may be the straw that breaks the camel's back.

The most recent example of the rapid expansion of the network's attack surface has been remote work. The COVID-19 pandemic accelerated the need for a work-from-anywhere (WFA) strategy. And now, as workers begin to return to the office, a hybrid approach to work has become the new status quo. According to Accenture, 83% of workers prefer a hybrid work model that allows them to work remotely between 25% and 75% of the time. And businesses are listening. 63% of high-revenue growth companies have already enabled productivity anywhere workforce models.

One of the biggest security challenges of a hybrid workforce is that employees need to move seamlessly between the corporate office, their home network, and other remote locations. Applications, whether deployed in the data centre, SaaS, or cloud, not only need to be available from anywhere, but user experience—and security—needs to be consistent from any location as well.

https://www.securityweek.com/work-anywhere-requires-work-anywhere-security

Just 3% of UK Firms Escaped a Supply Chain Breach in 2021

Some 97% of UK organisations suffered a supply chain breach over the past year, up from 82% in 2020 and the second highest figure globally, according to BlueVoyant.

The security firm polled 1200 C-level executives with responsibility for managing risk in supply chains, across the UK, US, Singapore, Canada, Germany and the Netherlands.

UK firms also experienced a higher-than-average percentage of breaches: 59% suffered between two and five supply chain incidents compared to an overall average of 49%. The average number of breaches in the country grew from 2.64 in 2020 to 3.57 in 2021.

Perhaps unsurprisingly given these figures, only a quarter (27%) of UK respondents said they consider third-party cyber risk a key priority versus a 42% global average.

https://www.infosecurity-magazine.com/news/just-3-uk-firms-escaped-supply/

Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild

News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.

News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.

https://www.csoonline.com/article/3643928/critical-flaw-in-manageengine-desktop-central-msp-tool-exploited-in-the-wild.html

New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security

Continuity™, the first dedicated storage and backup security provider, this week announced findings from its Security Intelligence Report: Analysis of Storage and Backup Security in the Financial Services & Banking Sector. This extensive study – the first of its kind – explores the security posture of storage and backup environments in the global financial services industry.

The survey of 200 financial services firms and banks from 45 countries revealed that most of these organisations have not yet reached a satisfactory level of storage and backup maturity. Notably, more than half (52%) of the respondents were not strongly confident about their storage and backup security, and a quarter (25%) noted they were significantly concerned (low or no confidence).

https://www.darkreading.com/attacks-breaches/new-financial-services-industry-report-reveals-major-gaps-in-storage-and-backup-security

UK’s Poor Cyber Risk Planning Could “Wreak Havoc”

The UK’s long-term risk planning is under-powered and could expose the nation if it is struck by a serious cyber-threat, a new House of Lords (HoL) report has found.

The study, Preparing for Extreme Risks: Building a Resilient Society, was produced by the upper chamber’s Select Committee on Risk Assessment and Risk Planning after interviews with 85 expert witnesses.

It claimed that the government spends too much of its time reacting to crises and emergencies, neglecting the kind of long-term planning which would have prepared the country better for the COVID-19 pandemic.

“The UK’s unpreparedness to manage the outbreak of the COVID-19 virus was and is clear. More broadly, our inquiry has analyzed the UK’s risk assessment process and found that our current system is deficient at assessing and addressing future threats and hazards,” it argued.

“However, pandemics are only one of a number of extreme risks facing the UK. Severe space weather events could render smart technologies on which much of society relies inoperable for weeks or longer; this would include GPS, the internet, communications systems and power supplies. A cyber or physical attack on our critical national infrastructure could wreak havoc.”

https://www.infosecurity-magazine.com/news/uks-poor-cyber-risk-planning-could/

Threats

Ransomware

• Ransomware Attacks Soar, Hackers Set To Become More Aggressive | Reuters

• Emotet’s Behaviour & Spread Are Omens of Ransomware Attacks | Threatpost

• Ireland Conti Ransomware Attack Vector Was Spam Email • The Register

• Crackdown On Crypto Firms Needed To ‘Wreck’ Ransomware, Says Ex-GCHQ Boss (telegraph.co.uk)

• Companies Linked to Russian Ransomware Hide in Plain Sight - The New York Times (nytimes.com)

• New 'Karakurt' Cyber Crime Gang Focuses On Data Theft And Extortion - Security Affairs

• More Than 300 Spar Shops In North Of England Hit By Cyber Attack | Hacking | The Guardian

• New Cerber Ransomware Targets Confluence And GitLab Servers (Bleepingcomputer.Com)

• Ransomware Attack Locks Hotel Guests Out Of Rooms - IT Security Guru

• BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (thehackernews.com)

• ALPHV BlackCat - This Year's Most Sophisticated Ransomware (Bleepingcomputer.Com)

Phishing

• Microsoft, Google OAuth Flaws Can Be Abused In Phishing Attacks (Bleepingcomputer.Com)

• Researchers Explore Microsoft Outlook Phishing Techniques (darkreading.com)

• Convincing Microsoft Phishing Uses Fake Office 365 Spam Alerts (Bleepingcomputer.Com)

• Study: Most Phishing Pages Are Abandoned Or Disappear In A Matter Of Days - Techrepublic

• Phishing Attacks Use QR Codes To Steal Banking Credentials (Bleepingcomputer.Com)

Malware

• Emotet Is Back and More Dangerous Than Before (darkreading.com)

• 140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead (thehackernews.com)

• Malicious Notepad++ Installers Push StrongPity Malware (bleepingcomputer.com)

Mobile

• Dangerous Android Scam Drains Your Bank Account With One Phone Call (Bgr.Com)

IOT

• IoT Under Attack: Security Is Still Not Good Enough On These Edge Devices | ZDNet

• Three-Quarters of Firms Admit to Sub-Optimal IoT Security - Infosecurity Magazine

Data Breaches/Leaks

• 2021 Will Be A Record-Breaking Year For Data Breaches, What About 2022? - Help Net Security

• Volvo Says Data Got Stolen In Cyber Attack (jalopnik.com)

Organised Crime & Criminal Actors

• Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers (thehackernews.com)

• Google Disrupts Massive Glupteba Botnet, Sues Russian Operators (Bleepingcomputer.Com)

• Cyber Criminals Are Using Fake Advertising To Distribute Malware | Techspot

Cryptocurrency/Cryptojacking

• Hackers Are Minting Their Own Crypto To Use In Elaborate Phishing Scams | Techradar

• Tor2Mine Cryptominer Is Warning Sign Of Network Exploitation • The Register

• QNAP Warns Users Of Bitcoin Miner Targeting Their NAS Devices (Bleepingcomputer.com)

Insider Risk and Insider Threats

• Burned Out Workers Are Less Likely To Follow Security Guidelines - Help Net Security

Fraud & Financial Crime

• Romance Fraudster Targeted 670 Women Online - Infosecurity Magazine

• Passport Forgeries At All Time High - IT Security Guru

Dark Web

• The Dark Web Has Its Own People's Court (darkreading.com)

OT, ICS, IIoT and SCADA

• NIST Cyber-Resiliency Framework Extended to Include Critical Infrastructure Controls (darkreading.com)

Nation State Actors

• UK Spy Chief Raises Fears Over China’s Digital Renminbi | Financial Times (FT.com)

• Collect Today, Decrypt Tomorrow: How Russia And China Are Preparing For Quantum Computing | CSO Online

• Russia Blocks Tor Privacy Service in Latest Censorship Move (thehackernews.com)

Cloud

• Top 10 Azure Cloud Configuration Mistakes (trendmicro.com)

Vulnerabilities

• Your Microsoft Network Is Only As Secure As Your Oldest Server | CSO Online

• With 18,378 Vulnerabilities Reported In 2021, NIST Records Fifth Straight Year Of Record Numbers | ZDNet

• Lack of Patching Leaves 300,000 Routers at Risk for Attack (darkreading.com)

• Vulnerability In Windows 10 URI Handler Leads To Remote Code Execution | Malwarebytes Labs

• Cisco Hit With Software And Physical Issues | Network World

• Dark Mirai Botnet Targeting RCE On Popular TP-Link Router (Bleepingcomputer.Com)

• Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites | Threatpost

Sector Specific

Financial Services Sector

• US Bank Regulator Urges Vigilance As Ransomware Attacks On The Rise | Reuters

• Israel Leads 10-Country Simulation Of Major Cyber Attack On World Markets | The Times Of Israel

Health/Medical/Pharma Sector

• Ireland Conti Ransomware Attack Vector Was Spam Email • The Register

Retail

• Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity | Threatpost

• Hackers Infect Random WordPress Plugins To Steal Credit Cards (Bleepingcomputer.Com)

Transport and Aviation

• German Logistics Giant Hellmann Reports Cyberattack | ZDNet

Other News

• Google, Microsoft: Internet Whac-a-Mole vs. Cyber Criminals - MSSP Alert

• From DDoS To Bots And Everything In Between: Preparing For The New And Improved Attacker Toolbox - Help Net Security

• Are You Guilty of These 8 Network-Security Bad Practices? | Threatpost

• 1.6 Million WordPress Sites Under Cyber Attack From Over 16,000 IP Addresses (thehackernews.com)

• Next-Gen Maldocs & How to Solve the Human Vulnerability | Threatpost

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double

Ransomware cyber attacks doubled in the past year, the chief of GCHQ has revealed - as he warned Britain must “pay attention” to attacks from China.

Sir Jeremy Fleming, director of the cyber spy agency, called for more action to "sort out" ransomware attacks across the UK, adding it was not "rocket science".

He said such attacks have doubled in the last year, with hackers using software to lock files on computers and stop victims from accessing their own data.

This essentially holds them hostage until the hackers receive payment and then give a decryption key to the victim, so they can regain access.

‘Criminals are making very good money from it’

Sir Jeremy said ransomware "just pays" and added that "criminals are making very good money from it and are often feeling that that's largely uncontested".

While cautious of “keeping up” with security challenges alongside European partners, he said the immediate priority was tackling “links between criminal and state actors” to defeat ransomware, which he said “is no mean feat in itself”. https://www.telegraph.co.uk/news/2021/10/25/ransomware-cyber-attacks-double-year-reveals-spy-chief/

Graff Multinational Jeweller Hit by Conti Gang. Data of its Rich Clients Are At Risk, Including Trump and Beckham, as the Gang Threaten to Release Private Details of World Leaders, Actors and Tycoons

The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors and tycoons.

The customers of the company are the richest people on the globe, including Donald Trump, David Beckham, Tom Hanks, Samuel L Jackson, Alec Baldwin, and Sir Philip Green.

As proof of the hack, the group already published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump.

The Conti gang has already leaked 69,000 confidential documents, leaked files include customer lists, invoices, receipts, and credit notes. https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html

Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year

Reported business email compromise (BEC) incidents have hit 4600 cases over the past 12 months, costing individuals and businesses £138m in losses, according to new figures from the UK’s National Economic Crime Centre (NECC).

The government body is working with the National Crime Agency (NCA), City of London Police, banking group UK Finance and fraud prevention non-profit Cifas on a new campaign to raise awareness of the crime, also dubbed “mandate fraud” or “payment diversion fraud.”

It claimed that the average amount lost over those 4600 cases was £30,000, with criminals typically impersonating others and creating or amending invoices to trick victims into diverting money to accounts under their control. https://www.infosecurity-magazine.com/news/bec-costs-uk-firms-140m-past-year/

Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better

Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals follow the money in order to maximise the profit from illicit campaigns.

ENISNA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report, which analyses cyber-criminal activity between April 2020 and July 2021. It warns of a surge in cyber criminality, much of it driven by the monetisation of ransomware attacks.

Although the paper warns that many different cybersecurity threats are on the rise, ransomware represents the 'prime threat' faced by organisations today, with a 150% rise in ransomware attacks during the reporting period. And there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get worse before it gets better. https://www.zdnet.com/article/ransomware-its-a-golden-era-for-cyber-criminals-and-it-could-get-worse-before-it-gets-better/

Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place

98% of US executives report that their organisations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-US executives, according to a Deloitte survey.

Further, COVID-19 pandemic disruption led to increased cyber threats to US executives’ organisations (86%) at a considerably higher rate than non-US executives experienced (63%). Yet, 14% of US executives say their organisations have no cyber threat defence plans, a rate more than double that of non-US executives (6%).

The biggest fallout US execs report from cyber incidents or breaches at their organisations during the past year include operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of customer trust (22%).

Increases in data management, perimeter and complexities (38%), inability to match rapid technology changes (35%) and a need for better prioritization of cyber risk across the enterprise (31%) all pose obstacles to US executives’ organisation-wide cybersecurity management programs.

“No CISO or CSO ever wants to tell organisational stakeholders that efforts to manage cyber risk aren’t keeping-up with the speed of digital transformations made, or bad actors’ improving tactics”. https://www.helpnetsecurity.com/2021/10/28/threat-defence-plans/

Serious Warning Issued For Millions Of Apple iPhone Users

While iPhone 13 sales continue to soar, iPhones owners have faced growing security threats, multiple App Store scams, potential privacy violations and zero day hacks. Now a shocking account of extreme iPhone hacking has been revealed.

In a remarkable report, New York Times senior reporter Ben Hubbard has revealed how his iPhone was hacked multiple times over a period of several years, and without any human interaction or knowledge the attacks were taking place. And the experience results in a stark warning: “the spyware used against me makes us all vulnerable”.

“It’s like being robbed by a ghost,” explains Hubbard, recounting the experience. “I didn’t even have to click on a link for my phone to be infected.” https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Ransomware is an intensifying problem for all organisations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organisations into a multi-billion dollar cyber crime industry.

The organisational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organisations pay an average of $220,298 and suffer 23 days of downtime following an attack. https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/

Solarwinds Hackers Are Targeting The Global IT Supply Chain, Microsoft Says

The Russian-linked hacking group that’s been blamed for an attack on the US government and a significant number of private US companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft.

Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.

On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.”

“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers” https://www.cnbc.com/2021/10/25/solarwinds-hackers-targeting-global-it-supply-chain-microsoft-says.html

Defenders Worry Orgs Are More Vulnerable Than Last Year

Enterprise security defenders find themselves in a rough spot: The number of threats against their organisations is growing and that they're vulnerable to attacks. Data from Dark Reading's 2021 Strategic Security Survey suggest that even though most IT and security leaders are confident about the security defences they have implemented, they also believe their organisations are more vulnerable to attacks compared with a year ago.

The reasons for this pessimism vary. For 67% of respondents, the biggest concern lies in the fact that there are more attacks this year than there were last year. However, 56% say the increased sophistication of the threats they are facing is why their organisations are more vulnerable to compromise. Other reasons include the surge in ransomware attacks and shortage of skilled security professionals to detect and respond to threats. https://www.darkreading.com/edge-threat-monitor/defenders-worry-orgs-are-more-vulnerable-than-last-year

Threats

Ransomware

• These Companies Are Most at Risk for Ransomware Attacks | PCMag

• Ransomware: How Bad Is It Going To Get? - Help Net Security

• As Fewer Victims Pay Ransoms, Conti Gang Looks To Sell Victim Data | Sc Media (Scmagazine.Com)

• Europol Announces “Targeting” Of 12 Suspects In Ransomware Attacks – Naked Security (Sophos.Com)

• Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (thehackernews.com)

• SEO Poisoning Used to Distribute Ransomware (darkreading.com)

• FBI Warns Of Ranzy Locker Ransomware Threat, As Over 30 Companies Hit (Tripwire.Com)

• Ransomware Has Disrupted Almost 1,000 Schools in the US This Year (vice.com)

• Chaos Ransomware Targets Gamers Via Fake Minecraft Alt Lists (Bleepingcomputer.Com)

Phishing

• These Phishing Emails Use QR Codes To Bypass Defences And Steal Microsoft 365 Usernames And Passwords | ZDNet

• Phishing as a Ransomware Precursor - MSP Insights - MSSP Alert

• Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam | Threatpost

Other Social Engineering

• How Deepfakes Enhance Social Engineering And Authentication Threats, And What To Do About It | CSO Online

Malware

• Squid Game Malware Might Be The Scariest Thing You See This Halloween | Techradar

• TA575 Criminal Group Using 'Squid Game' Lures For Dridex Malware | ZDNet

• Snake Malware Biting Hard On 50 Apps For Only $25 (Bleepingcomputer.Com)

• New WSlink Malware Loader Runs as a Server and Executes Modules in Memory (thehackernews.com)

Mobile

• 6 Ways Your Cell Phone Can Be Hacked—Are You Safe? (makeuseof.com)

• Millions Of Android Users Targeted In Subscription Fraud Campaign (Bleepingcomputer.Com)

• New AbstractEmu Malware Roots Android Devices, Evades Detection (Bleepingcomputer.Com)

IOT

• Cyber Criminals Take Aim at Connected Car Infrastructure (darkreading.com)

Vulnerabilities

• All Windows Versions Impacted By New LPE Zero-Day Vulnerability (Bleepingcomputer.Com)

• Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs (thehackernews.com)

• Adobe's Surprise Security Bulletin Dominated by Critical Patches | Threatpost

• WordPress Plugin Bug Lets Subscribers Wipe Sites | Threatpost

• Over 1 Million WordPress Sites Affected by OptinMonster Plugin Flaws - Security Affairs

• Cisco SD-WAN Flaw Could Lead To Arbitrary Code Execution, Patch It Now! Security Affairs

Data Breaches/Leaks

• Millions Of Healthcare Records Reportedly Exposed In Mega Data Breach | Techradar

• Location Data Collection Firm Admits Privacy Breach - BBC News

• HIV Scotland Reveals Patient-Advocates' Names In Email Fail • The Register

Organised Crime & Criminal Actors

• Suspected Trickbot Malware Developer Faces 60 Years in Jail - Infosecurity Magazine (infosecurity-magazine.com)

• Reading INTERPOL the African Cyberthreat Assessment Report 2021 - Security Affairs

Dark Web

• Police Arrest 150 Dark Web Vendors Of Illegal Drugs And Guns (Bleepingcomputer.Com)

Supply Chain

• The SolarWinds Hackers Are Looking for Their Next Big Score | WIRED

• North Korean Lazarus Attackers Turn to the IT Supply Chain | Threatpost

• 6 Eye-Opening Statistics About Software Supply Chain Security (darkreading.com)

Nation State Actors

• North Korea-linked Lazarus APT targets the IT supply chainSecurity Affairs

• Microsoft Says Russia Hacked At Least 14 IT Service Providers This Year - The Record By Recorded Future

Other News

• All Sectors Are Now Prey as Cyber Threats Expand Targeting | Threatpost

• Attack The Block – How A Security Researcher Cracked 70% Of Urban WiFi Networks In One Hit | The Daily Swig (Portswigger.Net)

• Microsoft Warns Over Uptick In Password Spraying Attacks | ZDNet

• Increased Risk Tolerances Are Making Digital Transformation Programs Vulnerable - Help Net Security

• MITRE and CISA Publish The 2021 List of Most Common Hardware Weaknesses - Security Affairs

• Enterprises Allocating More IT Dollars on Cybersecurity (darkreading.com)

• Cyber-Attack Hits UK Internet Phone Providers - BBC News

• Despite Spending Millions On Bot Mitigation, 64% Of Organisations Lost Revenue Due To Bot Attacks - Help Net Security

• Threat Actor Leaks Mercedes-Benz Platform’s Source Code | CyberNews

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.