Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 16 February 2024
Black Arrow Cyber Threat Intelligence Briefing 16 February 2024:
-Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads
-Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business
-Leveraging Threat Intelligence for Regulatory compliance
-The Risks of Quishing and How Enterprises Can Stay Secure
-Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks
-Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks
-Cyber Risk Management: Bring Security to the Boardroom
-Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes
-Nation State Actors Intensify Focus on NATO Member States
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads
Proofpoint have released an alert relating to an active hacking operation in which cyber criminals are employing phishing traps and shared Office 365 documents to steal credentials. Hackers have been threading together credential phishing and account takeover (ATO) tactics to gain access to enterprise resources, with multiple organisations already hit. One of the identified methods in use involves attackers inserting links that direct users to click to view a document. This subsequently links them to a phishing page controlled by the attacker.
In another currently active phishing campaign, threat actors are targeting potential victims via email and SMS, with personalised content to match victim roles within their organisation. But instead of phishing for information directly, they are convincing victims to download remote monitoring and management software. Victims were directed to newly registered websites mimicking various financial institutions and asked to download a “live chat application”, which turned out to be an old version of AnyDesk. Once downloaded, the software would then allow full access to victim’s machine and network resources.
Sources: [Verdict] [Help Net Security]
Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business
A cyber attack is a matter of when, not if, and as such businesses must prepare for such an event happening to them. Whilst cyber security aims to defend the organisation, cyber resilience is about ensuring that your digital operations, which are the heart of your organisation, can withstand and quickly recover from any cyber attack, technical malfunction, or even deliberate tampering. If we think back to Covid, a lot of organisations suddenly had to adapt, to ensure that they could function as close to normal as possible. How many have tested their organisation’s ability to continue work since, or prepared for a loss of access to critical systems for an extended period of time? It’s the cyber resilient organisations that know they’ve made the right investments to significantly reduce the risk of their operations grinding to a halt.
Source: [Security Brief]
Leveraging Threat Intelligence for Regulatory Compliance
The collective improvement of cyber security is a high international priority and a wealth of EU legislation, such as NIS2 and the Digital Operational Resilience Act (DORA) is in the pipeline, to oblige organisations to understand and manage their cyber risks appropriately. As part of these regulations, threat intelligence is often a feature that can be leveraged to improve cyber resilience.
Threat intelligence can be collected from a variety of sources such as governmental advisories, dark web monitoring, private sector feeds, intelligence-sharing communities and open source information. The key for organisations is to be able to digest this, and apply it accordingly to their specific organisation, to improve their cyber resilience efforts.
Black Arrow provides weekly threat intelligence free of charge through our online blog and weekly subscription summary email. To sign up, visit https://www.blackarrowcyber.com/subscribe
Source: [BetaNews]
The Risks of Quishing and How Enterprises Can Stay Secure
QR codes have surged in popularity in the past two years, mainly due to their convenient and touchless features that streamline daily transactions, making it easy for users to scan and access information quickly. However, this surge in popularity has also caught the attention of cyber criminals, who exploit QR codes to perpetrate phishing attacks, known as "quishing." Attackers use tactics, such as disguising malicious QR codes in seemingly legitimate contexts; these pose substantial risks, leading to compromised personal and corporate data, financial loss, and reputational damage. Organisations must prioritise understanding and fortifying defences against quishing, as these attacks pose significant risks to both individuals and organisations. By educating employees on discerning phishing attempts, enforcing device security measures, and leveraging specialised solutions, organisations can bolster their resilience against QR code-based cyber threats and safeguard their digital assets effectively.
Source: [Zimperium]
Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks
A recent report found that phishing attempts increased 106% year on year, with malware detections up 40%. In a separate report on phishing, it was found that 91% of organisation were impacted by AI-enhanced phishing attacks. Such numbers reinforce the reason for organisations to implement effective phishing training, and this should include training regarding AI-enhanced phishing emails.
Sources: [The Fintech Times] [Security Magazine]
Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks
Microsoft has released a report detailing how prominent state-linked actors are using generative AI to enhance their attack methods. Russian, North Korean, Iranian, and Chinese-backed threat actors are attempting to use generative AI to inform, enhance, and refine their attacks, according to the report. It’s clear that AI is a double-edged sword, and organisations must implement processes to reduce their risk and increase their resilience to it.
Source: [ITPro]
Cyber Risk Management: Bring Security to the Boardroom
Organisations are facing the dual challenge of managing business risk and aligning with ever-expanding cyber security goals; as such, the need for a robust cyber risk management strategy is more critical than ever. This calls for organisations to effectively communicate their security posture to the board with relevant metrics.
Engaging the board requires a strategic approach, emphasising clear communication and contextual visibility. Board members are already increasingly recognising the impact of poor security on an organisation’s reputation, budget, and overall well-being; it is essential to translate security concerns into tangible metrics that resonate with the board. Real-time metrics, alignment with business goals, and educating the board on cyber security nuances can help build the foundation for such a strategy.
Source: [Trend Micro]
Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes
Recent changes in the National Cyber Security Centre's (NCSC) threat reporting framework have prompted a call to action for pension scheme advisors.
Cyber security has fast become one of the biggest threats to pension schemes. Data breeches, scamming, ransomware, fraud: these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defence measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and ensure that reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.
Source: [The HR Director]
Nation State Actors Intensify Focus on NATO Member States
The head of threat research and analysis at Google Cloud has highlighted that nation state actors consider cyber warfare as another tool in their box, noting the current ongoing cyber warfare between Russia and Ukraine. Separate reports have found that the cyber war has extended to NATO member states, with initial access brokers (individuals who sell credentials to organisations) increasingly targeting entities within NATO member states.
Sources: [Help Net Security] [World Economic Forum ] [Inforisktoday] [Help Net Security]
Governance, Risk and Compliance
Leveraging threat intelligence for regulatory compliance (betanews.com)
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
Cyber Risk Management: Bring Security to the Boardroom (trendmicro.com)
A changing world requires CISOs to rethink cyber preparedness | CSO Online
Cyber Security teams recognized as key enablers of business goals - Help Net Security
26 Cyber Security Stats Every User Should Be Aware Of in 2024 (securityaffairs.com)
Fortifying Businesses Against Modern Information Threats (forbes.com)
Executives must face down state-sponsored hacking groups targeting firmware | Computer Weekly
Cyber Security is your defensive strategy, cyber resilience is your business (securitybrief.co.nz)
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
New macOS Backdoor Linked to Prominent Ransomware Groups - SecurityWeek
Ransomware tactics evolve, become scrappier - Help Net Security
Rhysida Ransomware Cracked, Free Decryption Tool Released (thehackernews.com)
Dual Ransomware Attacks: A Quicker Route to Extortion - Security Boulevard
Ransomware Victims
Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union (darkreading.com)
Cyber Attack hits Swedish cloud provider Advania, healthcare services impacted | Cybernews
PR industry affected as media monitoring firm Onclusive hit by cyber attack | PR Week
German battery maker Varta says five plants hit by cyber attack - CNA (channelnewsasia.com)
The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro
Phishing & Email Based Attacks
91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times
Corporate users getting tricked into downloading AnyDesk - Help Net Security
Phishing attacks increased 106% year over year | Security Magazine
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
How are attackers using QR codes in phishing emails and lure documents? (talosintelligence.com)
Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)
2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)
London police block 43 crypto phishing web domains (cointelegraph.com)
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Other Social Engineering
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
QR code attacks target organizations in ways they least expect - Help Net Security
The Risks of Quishing and How Enterprises Can Stay Secure - Zimperium
Artificial Intelligence
Deepfake CFO Video Calls Result in $25MM in Damages (trendmicro.com)
91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
55% of Generative AI Inputs Include Sensitive Data: Menlo Security - Security Boulevard
We're at a Pivotal Moment for AI and Cyber Security (darkreading.com)
Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)
Cyber criminals get productivity boost with AI - Help Net Security
Stolen Face ID scans used to break into bank accounts • The Register
AI outsourcing: A strategic guide to managing third-party risks - Help Net Security
The Coming End of Biometrics Hastens AI-Driven Security - Security Boulevard
Rental scams could soar as AI spreads, warns industry... (lettingagenttoday.co.uk)
Cyber Security Threats: How To Fight AI With AI (forbes.com)
The rise of AI threats and cyber security: predictions for 2024 | World Economic Forum (weforum.org)
2FA/MFA
MFA isn't always keeping businesses safe from cyber attack | TechRadar
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica
Malware
RustDoor malware targets macOS users by posing as a Visual Studio Update - gHacks Tech News
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)
VexTrio network of hijacked websites used to spread malware • The Register
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks (darkreading.com)
Suspected Warzone RAT hackers arrested | SC Media (scmagazine.com)
From Cracked to Hacked: Malware Spread via YouTube Videos (cybereason.com)
Bumblebee malware attacks are back after 4-month break (bleepingcomputer.com)
Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)
Glupteba Botnet Adds UEFI Bootkit to Cyber Attack Toolbox (darkreading.com)
Understanding the tactics of stealthy hunter-killer malware - Help Net Security
Miscreants turn to ad tech to measure malware metrics • The Register
New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer.com)
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Mobile
Stolen Face ID scans used to break into bank accounts • The Register
Google Chrome Warning Suddenly Issued For All Android Users (forbes.com)
Russian banks beat App Store Review using fake apps (appleinsider.com)
Meta brushes off risk of account theft via number recycling • The Register
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Denial of Service/DoS/DDOS
Cyber Security sectors adjust as DDoS attacks reach new heights - Help Net Security
How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog
Telecoms was the most targeted sector for DDoS attacks in 2023
DDoS Hacktivism is Back With a Geopolitical Vengeance - SecurityWeek
Internet of Things – IoT
Data Breaches/Leaks
Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)
Caravan club admits members' personal data possibly accessed • The Register
DOD notifying people who may be impacted by a year-old data breach | DefenseScoop
The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro
200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)
Prudential says hackers gained access to its computer systems | The Star
Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru
DNA testing: What happens if your genetic data is hacked? - BBC Future
BMW security error left valuable private company data exposed online | TechRadar
Organised Crime & Criminal Actors
5 Things Movies Always Get Wrong About Computer Hackers (slashgear.com)
9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data (securityaffairs.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru
Insider threat greatest mid-market cyber security concern - CIR Magazine
Supply Chain and Third Parties
Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
Jet engine dealer to major airlines discloses cyber snafu • The Register
AI outsourcing: A strategic guide to managing third-party risks - Help Net Security
6 best practices for third-party risk management | CSO Online
Software security debt piles up for organisations even as critical flaws drop | CSO Online
Cloud/SaaS
Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica
Benefits and challenges of managed cloud security services | TechTarget
Encryption
Social Media
Meta brushes off risk of account theft via number recycling • The Register
200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Security experts: Investigatory powers plans will delay security updates | Computer Weekly
FCC orders telecom carriers to report PII data breaches within 30 days (bleepingcomputer.com)
Models, Frameworks and Standards
Benefits And Cautions Of Aligning With Cyber Security Frameworks (forbes.com)
Key strategies for ISO 27001 compliance adoption - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
UK cyber skills gap risk to businesses and national security | TechRadar
Higher education offers limited benefit to many infosec pros | SC Media (scmagazine.com)
We can’t risk losing staff to alert fatigue - Help Net Security
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Why we fall for fake news and how can we change that? - Help Net Security
France uncovers a vast Russian disinformation campaign in Europe (economist.com)
Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)
Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters
Cyber threats cast shadow over 2024 elections - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek
Rise in cyberwarfare tactics fueled by geopolitical tensions - Help Net Security
Threat actors intensify focus on NATO member states - Help Net Security
Nation State Actors
China
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
US Official Warns of China’s Growing Offensive Cyber Power – The Diplomat
China Targets US Hacking Ops in Media Offensive - Infosecurity Magazine (infosecurity-magazine.com)
Threat actors intensify focus on NATO member states - Help Net Security
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek
Top US Venture Firms Funded Blacklisted Chinese Companies, House Committee Says | Mint
Russia
Microsoft and OpenAI thwart AI use by state-affiliated hackers (geekwire.com)
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
Russia Continues to Focus on Cyber Operations and Espionage (inforisktoday.com)
Russian banks beat App Store Review using fake apps (appleinsider.com)
France uncovers a vast Russian disinformation campaign in Europe (economist.com)
Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters
The methods of Russian interference in Scottish politics (ukdefencejournal.org.uk)
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (thehackernews.com)
Iran
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Iranian cyber attacks targeting US and Israeli entities | TechTarget
North Korea
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)
North Korea turns to designing gambling websites for cash • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Security experts: Investigatory powers plans will delay security updates | Computer Weekly
Three critical application security flaws scanners can’t detect (bleepingcomputer.com)
Vulnerabilities
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (bleepingcomputer.com)
Zoom stomps critical privilege escalation bug, 6 other flaws • The Register
Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices (thehackernews.com)
Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)
ESET Patches High-Severity Privilege Escalation Vulnerability - SecurityWeek
CISA: Roundcube email server bug now exploited in attacks (bleepingcomputer.com)
Urgent patches available for QNAP vulnerabilities, one 0-day • The Register
Tools and Controls
Leveraging threat intelligence for regulatory compliance (betanews.com)
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
MFA isn't always keeping businesses safe from cyber attack | TechRadar
Understand the pros and cons of enterprise password managers | TechTarget
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
This botched migration shows why you need to deal with legacy tech | ZDNET
Benefits and challenges of managed cloud security services | TechTarget
5 Steps to Improve Your Security Posture in Microsoft Teams (bleepingcomputer.com)
No Security Scrutiny for Half of Major Code Changes: AppSec Survey - SecurityWeek
10 Security Metrics Categories CISOs Should Present to the Board (darkreading.com)
Three critical application security flaws scanners can’t detect (bleepingcomputer.com)
What is Threat Detection and Incident Response? - Security Boulevard
Reports Published in the Last Week
Other News
This botched migration shows why you need to deal with legacy tech | ZDNET
What is Threat Detection and Incident Response? - Security Boulevard
How Non-Profits and NGOs Deal with Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Here's how we get young people to rally for cyber security | World Economic Forum (weforum.org)
Types of Cyber security Threats and Vulnerabilities - Security Boulevard
Hacking the flow: The consequences of compromised water systems - Help Net Security
Dutch insurers still requiring nudes from cancer patients • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling·
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 October 2023
Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:
-More Companies Adopt Board-Level Cyber Security Committees
-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
-More Than 46 Million Potential Cyber Attacks Logged Every Day
-Fighting Cyber Attacks Requires Top-Down Approach
-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023
-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
-How Cyber Security Has Evolved in The Past 20 Years
-Rising Global Tensions Could Portend Destructive Hacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Companies Adopt Board-Level Cyber Security Committees
In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.
Source: [Decipher]
Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.
Sources: [Dark Reading] [SC Magazine] [Reinsurance News]
Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.
Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]
More Than 46 Million Potential Cyber Attacks Logged Every Day
New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.
Sources: [Evening Standard] [Proactive] [The Independent]
Fighting Cyber Attacks Requires Top-Down Approach
Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.
Source: [Chief Investment Officer]
Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023
The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.
Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [Security Magazine] [MSSP Alert] [TechRadar]
98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.
Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]
48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Security Magazine]
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.
We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.
Source: [Dark Reading]
How Cyber Security Has Evolved in The Past 20 Years
Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.
The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.
Source: [Forbes]
Rising Global Tensions Could Portend Destructive Hacks
Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.
Source: [Info Risk Today]
Governance, Risk and Compliance
Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
How to establish a great security awareness culture (att.com)
More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)
Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)
SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)
AI-related security fears drive 2024 IT spending - Help Net Security
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Threats
Ransomware, Extortion and Destructive Attacks
SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)
Ransomware is threatening more businesses than ever before | TechRadar
Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)
Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)
Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)
Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist
Five things organisations don’t consider before a ransomware attack | TechRadar
Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR
Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)
BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)
Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg
Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)
Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News
Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware Victims
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week
US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)
Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)
American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)
Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)
Cyber crims leak patient pics in low blow bid to win ransom • The Register
Phishing & Email Based Attacks
Over 200 million malicious emails were detected in Q3 2023 | Security Magazine
Watch out - that QR code could just be a phishing scam | TechRadar
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Email security threats are more dangerous than ever - here's what you need to know | TechRadar
What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert
The US released popular phishing techniques | Inquirer Technology
Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE
Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
AI-related security fears drive 2024 IT spending - Help Net Security
Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly
Governments, firms should spend more on AI safety, top researchers say | Reuters
Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)
Businesses ignorant to gen AI security threats suggests research (ship-technology.com)
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Oops! When tech innovations create new security threats | CSO Online
2FA/MFA
Malware
Hackers are using an incredibly sneaky trick to hide malware | Digital Trends
Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)
Dangerous new malware can crack encrypted USB drives | TechRadar
'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Mobile
Android trojan spotted in the wild can record audio and phone calls | ZDNET
Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News
Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)
Android adware apps on Google Play amass two million installs (bleepingcomputer.com)
Denial of Service/DoS/DDOS
This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)
Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Okta says hackers breached its support system and viewed customer files | Ars Technica
Okta support system breach highlights need for strong MFA policies | CSO Online
1Password suffers cyber security incident after latest Okta breach - Tech Monitor
Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)
Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)
City of Philadelphia discloses data breach after five months (bleepingcomputer.com)
500k Irish National Police records exposed by third party • The Register
The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)
Organised Crime & Criminal Actors
More than 500 potential cyber attacks logged every second, BT says | The Independent
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insider Risk and Insider Threats
Forget the outside hacker, the bigger threat is inside • The Register
Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Fraud, Scams & Financial Crime
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)
Online scammers target desperate loan seekers using online fraud | TechRadar
Christmas scams to watch out for this festive season (nationalworld.com)
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Deepfakes
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insurance
Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)
Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra
Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Passwords, Credential Stuffing & Brute Force Attacks
Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)
'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)
Social Media
Malvertising
Training, Education and Awareness
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Regulations, Fines and Legislation
Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
UK government finalises IoT cyber security requirements - Lexology
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)
Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
‘I’m looking for fewer ways to be traceable, not more’ | Financial Times
Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)
ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)
International Criminal Court attack was targeted and sophisticated (securityaffairs.com)
Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)
It's Time to Establish the NATO of Cyber Security (darkreading.com)
War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360
International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
Geopolitical Threats/Activity
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
China
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)
Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live
Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)
Russia
Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International
Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)
Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)
Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert
France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Ex-NSA techie admits to selling state secrets to Russia • The Register
Iran
North Korea
Vulnerability Management
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Vulnerabilities
Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)
Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly
Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs
Cisco hackers likely taking steps to avoid identification | Computer Weekly
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)
Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week
The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Apple Ships Major iOS, macOS Security Updates - Security Week
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica
ServiceNow quietly fixes 8-year-old data exposure flaw • The Register
Tools and Controls
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber attack response plans need to be in place to avoid chaos - FreightWaves
NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online
What is Network Segmentation? Virtual & Physical Segmentation | UpGuard
AI-related security fears drive 2024 IT spending - Help Net Security
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)
Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)
Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)
Cyber security concerns grow among physical security professionals | Security Magazine
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Other News
MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online
Strategies to overcome cyber security misconceptions - Help Net Security
UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online
5 important cyber security takeaways for law firms - Lawyers Weekly
How Cyber Security Has Evolved In The Past 20 Years (forbes.com)
Oops! When tech innovations create new security threats | CSO Online
Spooky Cyber Statistics And Trends You Need To Know (forbes.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Proactively preventing your company from becoming the next cyber attack headline (betanews.com)
Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon
Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review
OT cyber attacks proliferating despite growing cyber security spend - Help Net Security
Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)
What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)
Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.