Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

• Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

• Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

• Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

• 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

• Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

• AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

• Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

• Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

• Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

• The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

• Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

• Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

• Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/

Governance, Risk and Compliance

• CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security

• Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)

• AI, trust, and data security are key issues for finance firms and their customers | ZDNET

• Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies - SecurityWeek

• Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert

• UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch

• Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Financial Industry Faces Soaring Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)

• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)

• Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)

• BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

• Ransomware, From a Different Perspective (darkreading.com)

• BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)

Ransomware Victims

• Capita admits hackers also stole staff’s personal details (thetimes.co.uk)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Barts NHS hack leaves folks on tenterhooks over extortion • The Register

• Deutsche Bank customer data leaked | Cybernews

• Scottish university cyber attack under investigation | The National

Phishing & Email Based Attacks

• New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)

• Number of email-based phishing attacks surges 464% - Help Net Security

• Chinese hackers compromised emails of US Government agencies- -Security Affairs

• Microsoft: Government agencies breached in email attacks | TechTarget

• RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security

• Top 10 Email Security Best Practices in 2023 (gbhackers.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)

• How hackers are now targeting your voice and how to protect yourself | Fox News

Artificial Intelligence

• How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• NIST Launches Generative AI Working Group (darkreading.com)

• ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)

• ‘Police are going to have a very difficult time with AI,’ says cyber security advisor – Channel 4 News

• ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

• Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop

2FA/MFA

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Malware

• 20% of malware attacks bypass antivirus protection - Help Net Security

• Malware delivery to Microsoft Teams users made easy - Help Net Security

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

• What’s up with Emotet? | WeLiveSecurity

• Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)

• Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News

• New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld

• BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

• Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

Mobile

• Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs

• The FCC aims to stop SIM swappers with new rules - The Verge

• Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)

• Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security

• Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy

Internet of Things – IoT

• Compliance seizes spotlight in the connected devices arena - Help Net Security

Data Breaches/Leaks

• So you gave personal info to a company caught in a data breach. Now what? | CBC News

• HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)

• US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Capita attackers reportedly stole data from pension fund • The Register

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

• Twenty Manx public authorities reprimanded for data breach - BBC News

• Bangladesh government website leaked data of millions of citizens-Security Affairs

Organised Crime & Criminal Actors

• British teens accused of hacks against Uber and Rockstar Games's Grand Theft Auto 6 (bitdefender.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

• Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• What’s up with Emotet? | WeLiveSecurity

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers have stolen $3 billion in crypto - Panda Security

• Cyber security professional accused of stealing $9M in crypto | TechCrunch

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

Insider Risk and Insider Threats

• How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

Fraud, Scams & Financial Crime

• E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Amazon Prime Day Draws Out Cyber Scammers (darkreading.com)

• Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Fewer Than 100 Scammers Responsible For Global Email Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• The FCC aims to stop SIM swappers with new rules - The Verge

• Hackers have stolen $3 billion in crypto - Panda Security

Insurance

• Zurich Unwraps New Cyber Insurance for Mid-Market Companies - MSSP Alert

• Rethinking Cyber Insurance | Mimecast

Dark Web

• Understanding Dark Web vs. Deep Web (geekflare.com)

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

Supply Chain and Third Parties

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Capita attackers reportedly stole data from pension fund • The Register

• MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

Cloud/SaaS

• Only 45% of cloud data is currently encrypted - Help Net Security

• Microsoft alleges China behind attack on Exchange Online • The Register

• For stronger public cloud data security, use defence in depth | TechTarget

• Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)

• Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

Hybrid/Remote Working

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

Attack Surface Management

• Attack Surface Management: Identify and protect the unknown - Help Net Security

Identity and Access Management

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

Encryption

• Only 45% of cloud data is currently encrypted - Help Net Security

API

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

Open Source

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Popular WordPress Security Plugin Caught Logging Plaintext Passwords - SecurityWeek

Social Media

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)

Travel

• Cyber security best practices while working in the summer - Help Net Security

Regulations, Fines and Legislation

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)

• A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly

Models, Frameworks and Standards

• NIST Launches Generative AI Working Group (darkreading.com)

• How to map security gaps to the Mitre ATT&CK framework | TechTarget

• Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget

Data Protection

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• Twenty Manx public authorities reprimanded for data breach - BBC News

Careers, Working in Cyber and Information Security

• Global Hacking Competition Addresses Critical Increase in Cybersecurity Threats for Businesses (darkreading.com)

• Free entry-level cyber security training and certification exam - Help Net Security

Law Enforcement Action and Take Downs

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• France 's government is giving the police more surveillance power-Security Affairs

Misinformation, Disinformation and Propaganda

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog

• NATO Countries Must Work Together to Counter the Russian Cyber-Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)

• Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)

• Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)

• Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• APT Profile: FIN7 - SOCRadar® Cyber Intelligence Inc.

• Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)

• Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)

• Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert

• Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

China

• China 'aggressively' targeting UK – but government has 'no strategy' to tackle it, Intelligence and Security Committee of MPs says | Politics News | Sky News

• Chinese hackers compromised emails of US Government agencies-Security Affairs

• UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent

• Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)

Iran

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

North Korea

• North Korean hackers have stolen $3 billion in crypto - Panda Security

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

Vulnerabilities

• MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)

• After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek

• Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack (thehackernews.com)

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek

• Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)

• Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari (thehackernews.com)

• Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)

• Raising concerns over Google Authenticator’s new features | TechRadar

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)

• Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek

• Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)

• Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

• Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs

• Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)

• Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs

OT/ICS Vulnerabilities

• Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organisations - SecurityWeek

• Critical RCE Vulnerability in Rockwell Automation PLCs Zaps ICS (darkreading.com)

• 3 Critical RCE Bugs Threaten Industrial Solar Panels (darkreading.com)

Tools and Controls

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

• Infrastructure upgrades alone won't guarantee strong security - Help Net Security

• Cyber Security Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions (darkreading.com)

• What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget

• Overcoming user resistance to passwordless authentication - Help Net Security

• Understanding The Difference Between DDR and EDR - GBHackers - Latest Cyber Security News | Hacker News

• Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)

• New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security (thehackernews.com)

• 3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)

• The history, evolution and current state of SIEM | TechTarget

• Attack Surface Management: Identify and protect the unknown - Help Net Security

• How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)

• Guide to Operationalizing Zero Trust (trendmicro.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

• Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)

• Intrusion Detection & Prevention Systems Guide (trendmicro.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

• Wi-Fi AP placement best practices and security policies | TechTarget

• For stronger public cloud data security, use defence in depth | TechTarget

Other News

• Growing reliance on satellites requires new approach to cyber security in space, expert says | CyberScoop

• White House Urged to Quickly Nominate National Cyber Director (darkreading.com)

• The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)

• Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop

• Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security

• White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.

The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.

According to Microsoft’s detailed report on the campaign, once hackers had broken into email inboxes via the use of stolen passwords and session cookies, they would exploit their access to launch Business Email Compromise (BEC) attacks on other targets.

By creating rules on victims’ email accounts, the attackers are able to then ensure that they maintain access to incoming email even if a victim later changes their password.

The global pandemic, and the resulting increase in staff working from home, has helped fuel a rise in the adoption of multi-factor authentication.

Cyber criminals, however, haven’t thrown in the towel when faced with MFA-protected accounts. Accounts with MFA are certainly less trivial to break into than accounts which haven’t hardened their security, but that doesn’t mean that it’s impossible.

Reverse-proxy phishing kits like Modlishka, for instance, impersonate a login page, and ask unsuspecting users to enter their login credentials and MFA code. That collected data is then passed to the genuine website – granting the cyber criminal access to the site.

As more and more people recognise the benefits of MFA, we can expect a rise in the number of cyber criminals investing effort into bypassing MFA.

Microsoft’s advice is that organisations should complement MFA with additional technology and best practices.

https://www.tripwire.com/state-of-security/featured/10000-organisations-targeted-by-phishing-attack-that-bypasses-multi-factor-authentication/

• Businesses Are Adding More Endpoints, But Can’t Manage Them All

Most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks, according to a survey conducted by Ponemon Institute.

Findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organisation’s IT department or the endpoints’ operating systems have become outdated.

Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.

IT organisations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.

https://www.helpnetsecurity.com/2022/07/14/businesses-are-adding-more-endpoints/

• Ransomware Activity Resurges in Q2

Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.

The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.

The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1,000 after a 13% growth in activity during the quarter.

LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.

At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.

Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.

https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/

• One-Third of Users Without Security Awareness Training Click on Phishing URLs

Phishing attacks just won't die, and new data underscores their effectiveness among users who have not been provided security awareness training.

According to data pulled from security awareness training provider KnowBe4's clients, 32.4% of users will fall for a phish — clicking on a link or following a phony request — if those users have not had any official training. The disconnect is worse in some industry sectors, including consulting, energy and utilities, and healthcare and pharmaceuticals, where half of all untrained users fall for phishing attacks.

The data was pulled from 23.4 million simulated phishing tests conducted at more than 30,000 organisations, encompassing some 9.5 million users. According to KnowBe4, 90 days after monthly or more training, the number of phishing test fails dropped to around 17.6%, and to 5% after one year of regular awareness training.

https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing

• Ransomware Scourge Drives Price Hikes in Cyber Insurance

Cyber security insurance costs are rising, and insurers are likely to demand more direct access to organisational metrics and measures to make more accurate risk assessments.

The rising cost of ransomware attacks is helping push significant premium increases in cyber insurance policies in the UK and US, new data shows.

With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cyber security insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber insurance industry.

However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.

Panaseer notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive.

Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analysing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it. Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance.

https://www.darkreading.com/attacks-breaches/ransomware-scourge-drives-price-hikes-in-cyber-insurance

• Conventional Cyber Security Approaches Are Falling Short

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organisations are not well prepared for today’s rapidly shifting threat landscape.

On average, organisations experienced 15% more cyber security incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.

The top four causes of the most significant breaches reported by the affected organisations were:

• Human error

• Misconfigurations

• Poor maintenance/lack of cyber hygiene

• Unknown assets.

https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/

• Virtual CISOs Are the Best Defence Against Accelerating Cyber-Risks

The cyber security challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmanoeuvre security controls effortlessly.

As technology races forward, companies without a full-time CISO (Chief Information Security Officer) are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.

Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.

The best vCISO engagements are long-term contracts. Typically, there's an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.

https://www.darkreading.com/careers-and-people/virtual-cisos-are-the-best-defense-against-accelerating-cyber-risks

• Firms Not Planning for Supply Chain Threats

Enterprises are failing to plan properly for supply chain risks and cyber security threats from the wider digital ecosystem, a leading technology consultancy has warned.

According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.

The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.

The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organisations with above-average profit and revenue growth were more likely to put cyber security on the agenda at board meetings.

TCS also found that enterprises view the cloud as a more secure environment than conventional data centres and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cyber security are more likely to be able to close the skills gap, according to the study.

https://www.infosecurity-magazine.com/news/planning-supply-chain-threats/

• Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?

IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.

Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.

The Razer data breach occurred due to an issue with an IT system. It may have exposed the personal information of about 100,000 Razer customers.

The Razer data breach may have occurred due to a misconfigured Elasticsearch cluster. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.

Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is therefore responsible for the incident.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/data-breach-lawsuit-gaming-company-razer-sues-capgemini-for-7-million/

• Security Culture: Fear of Cyber Warfare Driving Initiatives

KnowBe4, the provider of security awareness training and simulated phishing platform, has conducted a survey during Infosecurity Europe, which evaluated the opinions of nearly 200 security professionals towards security culture, or more specifically: the ideas, customs and social behaviours of an organisation that influence their security practices.

The research found the threat of cyber warfare (30%) or experiencing a data breach or cyber attack (30%) were the two biggest reasons why security professionals wanted to improve security culture at their organisations. Given the current invasion of Ukraine by Russia and the resulting cyber security warnings announced by many of the world’s leading governments, improving current cyber security efforts has continued to be a top priority for many.

The study also revealed just over two thirds (67%) answered that a strong security culture would very likely reduce the risk of security incidents, with the majority (85%) directing their efforts into both improving security awareness training and communicating values expected from employees regarding security.

However, there are many obstacles when attempting to create a strong security culture, with the main issue being a lack of budget (26%) which was followed security professionals facing indifference from fellow employees (24%) and a lack of senior management support (16%).

Interestingly, just under three quarters (73%) admitted to putting an increased effort into measuring employees understanding of security – this still leaves a considerable gap of 27% that do not, something many security professionals will want to consider closing. Thankfully, 38% agree this aspect of security culture would be an area they want to improve in their organisation. When witnessing a colleague display poor security practises, 67% of UK security experts would prefer to tell the individual discreetly, while just under a third (31%) would send the member of staff training material to review. Only 18% would report the individual to the security team.

https://www.itsecurityguru.org/2022/07/11/security-culture-fear-of-cyber-warfare-driving-initiatives/

• Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors

Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.

A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.

Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.

Mixers aren’t solely used by criminals, but they are extremely popular with them. 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% of the share of other sources of funds tracked by the firm, including decentralised finance projects.

The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.

The use of mixers by North Korea state-backed hackers, and a popular mixer they employed to launder funds, made up the rest of the transfers.

https://www.cyberscoop.com/cryptocurrency-mixers-see-record-transactions-from-sanctioned-actors/

• Online Payment Fraud Expected to Cost $343B Over Next 5 Years

Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organisations more than $343 billion over the next five years.

Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report.

Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users.

https://www.darkreading.com/application-security/online-payment-fraud-expected-to-cost-343b-over-5-years

Threats

Ransomware

• Largest ransom pay-outs by cyber-insurers averaged £3.2 million in the past two years – Intelligent CISO

• Risk & Repeat: Ransomware in 2022 so far (techtarget.com)

• Paying ransomware crooks won’t reduce your legal risk, warns regulator – Naked Security (sophos.com)

• Ransomware Attacks Reign Supreme in 2022 - MSSP Alert

• BlackCat (aka ALPHV) ransomware is increasing stakes up to $2.5 million in demands - Help Net Security

• New Lilith ransomware emerges with extortion site, lists first victim (bleepingcomputer.com)

• Experts warn of the new 0mega ransomware operation - Security Affairs

• Organisations Warned of New Lilith, RedAlert, 0mega Ransomware | SecurityWeek.Com

• Microsoft links H0ly Gh0st ransomware operation to North Korean hackers (bleepingcomputer.com)

• Feds Issue Warning for North Korean-backed Ransomware Hijackers - MSSP Alert

• Ransomware gang now lets you search their stolen data (bleepingcomputer.com)

• Rise in ransomware drives IT leaders to implement data encryption - Help Net Security

• BlackCat Ransomware Group Deploys Brute Ratel Pen Testing Kit - Infosecurity Magazine (infosecurity-magazine.com)

• Bandai Namco confirms hack after ALPHV ransomware data leak threat (bleepingcomputer.com)

• 1.9m patients' medical data exposed in PFC ransomware attack • The Register

Phishing & Email Based Attacks

• Email scams are getting more personal – they even fool cyber security experts (theconversation.com)

• New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials (darkreading.com)

• Hackers impersonate cyber security firms in callback phishing attacks (bleepingcomputer.com)

• $8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)

• Almost a third of untrained users will click a phishing link - KnowBe4 research - IT Security Guru

• PayPal phishing kit added to hacked WordPress sites for full ID theft (bleepingcomputer.com)

Other Social Engineering

• Rise In Smishing Scams, Why And How To Protect? (informationsecuritybuzz.com)

• How Hackers Create Fake Personas for Social Engineering (darkreading.com)

• How attackers abuse Quickbooks to send phone scam emails - Help Net Security

Malware

• Criminals are now posing as security companies to trick you into installing malware | TechRadar

Mobile

• New Android malware on Google Play installed 3 million times (bleepingcomputer.com)

• The weaponizing of smartphone location data on the battlefield - Help Net Security

Internet of Things – IoT

• Honda Admits Hackers Could Unlock Car Doors, Start Engines | SecurityWeek.Com

• Watch This $80,000 Tesla Model Y Get Hacked With $20 Hardware - autoevolution

Data Breaches/Leaks

• Fewer Individuals Fall Victim to Data Breaches as Attackers Switch to Business in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• A look inside Russian cyber crime syndicate TrickBot reveals an organised, potent adversary - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto Scams Soar Despite Crash (informationsecuritybuzz.com)

• Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why? | Ars Technica

• Falling Cryptocurrency Market Stalling Cyber Crime Activity - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers stole $620 million from Axie Infinity via fake job interviews (bleepingcomputer.com)

Insider Risk and Insider Threats

• Joshua Schulte Convicted of Leaking CIA 'Vault 7' to Wikileaks (gizmodo.com)

Fraud, Scams & Financial Crime

• New Phishing Kit Hijacks WordPress Sites for PayPal Scam (darkreading.com)

Insurance

• Cyber Insurers Looking for New Risk Assessment Models - Infosecurity Magazine (infosecurity-magazine.com)

• How War Impacts Cyber Insurance | Threatpost4

• The cyber insurance market has a critical infrastructure problem - CyberScoop

Supply Chain and Third Parties

• 3 Golden Rules of Modern Third-Party Risk Management (darkreading.com)

Denial of Service DoS/DDoS

• Mantis, the tiny shrimp that launched 3,000 DDoS attacks • The Register

Identity and Access Management

• Report: Financial Institutions Overly Complacent About Current Authentication Methods (darkreading.com)

• Access Permissions: Manual Reviews Less Effective than Automation, Netwrix Study Finds - MSSP Alert

Encryption

• What to do now about tomorrow’s code-cracking computers | The Economist

Social Media

• Facebook 2FA scammers return – this time in just 21 minutes – Naked Security (sophos.com)

• Disneyland Social Media Hacked - IT Security Guru

Training, Education and Awareness

• Accessible Cyber security Awareness Training Reduces Your Risk of Cyber Attack (darkreading.com)

Privacy

• New Cache Side Channel Attack Can De-Anonymize Targeted Online Users (thehackernews.com)

• Amazon handed Ring video to police without warrant, consent • The Register

• TikTok Chief Security Officer Steps Down Amid Concerns About Privacy (businessinsider.com)

Regulations, Fines and Legislation

• Proposed SEC Rules Require More Transparency About Cyber-Risk (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine's Cyber Agency Reports Q2 Cyber-Attack Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber espionage groups increasingly target journalists and media organisations | CSO Online

• Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (darkreading.com)

• The Man at the Centre of the New Cyber World War - POLITICO

• How War Impacts Cyber Insurance | Threatpost

• Lithuanian Energy Firm Disrupted by DDOS Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Security vendor splits to address Russia’s war in Ukraine • The Register

• Apple previews Lockdown Mode, a new extreme security feature | ZDNet

Nation State Actors

Nation State Actors – North Korea

• ‘Nobody is holding them back’ — North Korean cyber-attack threat rises (cointelegraph.com)

• North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware - Microsoft Security Blog

Nation State Actors – Misc APT

• APT groups target journalists and media organisations since 2021 - Security Affairs

Vulnerability Management

• Rethinking Vulnerability Management in a Heightened Threat Landscape | Threatpost

• Using shields up to secure credentials and mitigate vulnerabilities (scmagazine.com)

• The enemy of vulnerability management? Unrealistic expectations - Help Net Security

Vulnerabilities

• DHS warns: Expect Log4j risks for 'a decade or longer' • The Register

• Microsoft's Patch Tuesday fixes one bug under active exploit • The Register

• Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (cisecurity.org)

• CISA orders agencies to patch new Windows zero-day used in attacks (bleepingcomputer.com)

• Flaw in Netwrix Auditor application allows arbitrary code execution - Security Affairs

• Elastix VoIP systems hacked in massive campaign to install PHP web shells (bleepingcomputer.com)

• Hackers Targeting VoIP Servers by Exploiting Digium Phone Software (thehackernews.com)

• Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature | The Daily Swig (portswigger.net)

• Anvil Mobile Hit By New Exploit - DNS Hijacking. (informationsecuritybuzz.com)

• Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now (darkreading.com)

• Patch these Juniper Networks bugs, CISA says • The Register

• Buggy WordPress plugin allows complete site takeover • The Register

• VMware patches vCenter Server flaw disclosed in November (bleepingcomputer.com)

• Vulnerabilities that could allow undetectable infections affect 70 Lenovo laptop models | Ars Technica

• AMD, Intel chips vulnerable to 'Retbleed' Spectre variant • The Register

• Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs (bleepingcomputer.com)

• Microsoft releases PoC exploit for macOS sandbox escape vulnerability (bleepingcomputer.com)

• AWS squashes authentication bugs in Kubernetes service • The Register

• Lenovo fixes trio of UEFI vulnerabilities • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in. 

• Automotive

• Construction

• Critical National Infrastructure (CNI)

• Defence & Space

• Education & Academia

• Energy & Utilities

• Estate Agencies

• Financial Services

• FinTech

• Food & Agriculture

• Gaming & Gambling

• Government & Public Sector (including Law Enforcement)

• Health/Medical/Pharma

• Hotels & Hospitality

• Insurance

• Legal

• Manufacturing

• Maritime

• Oil, Gas & Mining

• OT, ICS, IIoT, SCADA & Cyber-Physical Systems

• Retail & eCommerce

• Small and Medium Sized Businesses (SMBs)

• Startups

• Telecoms

• Third Sector & Charities

• Transport & Aviation

• Web3

Reports Published in the Last Week

State of Authentication in the Finance Industry 2022 | HYPR

Online Payment Fraud Market Report 2022-27: Size, Share, Trends (juniperresearch.com)

Other News

5 key considerations for your 2023 cyber security budget planning | CSO Online

What Are the Risks of Employees Going on a 'Hybrid Holiday'? (darkreading.com)

New ‘Luna Moth’ hackers breach orgs via fake subscription renewals (bleepingcomputer.com)

Experian accounts could still be at risk from hackers | TechRadar

Cyber security skills surpass cloud skills as this year's training priority, if professionals can find the time | ZDNet

Average American Accesses Suspicious Sites 6.5 Times a Day - Infosecurity Magazine (infosecurity-magazine.com)

Mergers and acquisitions are a strong zero-trust use case • The Register

Recruitment agency Morgan Hunt confirms 'cyber incident' • The Register

New Exploit Attacks UK Routers and Runs Up Mobile Data Bills - ISPreview UK

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub (darkreading.com)

CEO of Dozens of Companies Charged in Scheme to Traffic An Estimated $1bn in Fake Cisco Devices - Infosecurity Magazine (infosecurity-magazine.com)

Data breaches explained: Types, examples, and impact | CSO Online

President of European Central Bank Christine Lagarde targeted by hackers - Security Affairs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Losses Triple To £1.3bn In H1 2021

Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/

Ransomware On A Rampage; A New Wake-Up Call

The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81

22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks

A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/

Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat

In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

Key Email Threats And The High Cost Of Business Email Compromise

Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/

Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/

58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks

Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/

Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/

Security Teams Report Rise In Cyber Risk

Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Threats

Ransomware

• 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

• Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits

• FBI Shares Technical Details For Hive Ransomware

• New Ransomware Called LockFile Targets Microsoft Exchange Servers

• Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang

• FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’

Phishing

• That Email Asking For Proof Of Vaccination Might Be A Phishing Scam

• Phishing Could Have Cost Businesses $354m In Potential Direct Losses

Other Social Engineering

• Scammers Impersonate Europol Chief In An Effort To Defraud Belgians

• Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts

Malware

• 13 Million Malware Attacks On Linux Seen In Wild

• New SideWalk Backdoor Targets U.S.-Based Computer Retail Business

• Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic

• Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups

Mobile

• Dreadful Joker Virus That Can Empty Bank Accounts Returns: Remove These Apps On Your Device ASAP

• Pegasus iPhone Hacks Used As Lure In Extortion Scheme

IOT

• Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit

• IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority

• Hackers Could Increase Medication Doses Through Infusion Pump Flaws

Vulnerabilities

• F5 Bug Could Lead To Complete System Takeover

• Multiple Products Impacted By OpenSSL RCE vulnerability

• Microsoft Breaks Silence On Barrage of ProxyShell Attacks

• Atlassian Warns Of Critical Confluence Flaw

• VMware Issues Patches To Fix New Flaws Affecting Multiple Products

• Critical Flaw Discovered In Cisco APIC for Switches — Patch Released

• New Ryzen Chipset Driver Patches Security Vulnerabilities

• CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

• Attackers Actively Exploiting Realtek SDK Flaws

• Google Issues Warning For 2 Billion Chrome Users

Data Breaches/Leaks

• Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year

• Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses

• Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

• T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact

Organised Crime & Criminal Actors

• Infamous Hacker Group Claims To Be Selling Data From Over 70 Million AT&T Customers, According To A Privacy Group 

Cryptocurrency/Cryptojacking

• Man Sues Parents Of Teens Who Hijacked Nearly $1M In Bitcoin

• Coinbase Accounts Hacked As Bitcoin Hovers Near $50k

Insider Threats

• Employees Participating In Unethical Behaviours To Help An Organisation Actually Harm Themselves

DoS/DDoS

• Cloudflare says it stopped the largest DDoS attack ever reported

• Botnet Generates One Of The Largest DDoS Attacks On Record

OT, ICS, IIoT and SCADA

• ICS Vulnerabilities Disclosed In H1 2021 Rose By 41%

Nation State Actors

• Spies for Hire: China’s New Breed Of Hackers Blends Espionage And Entrepreneurship

• InkySquid State Actor Exploiting Known IE Bugs

• US Media, Retailers Targeted By New SparklingGoblin APT

Cloud

• 40% of SaaS (Cloud) Assets Are Unmanaged, Putting Companies At Risk For Data Leaks

Privacy

• Phones Of Nine Bahraini Activists Found To Have Been Hacked With NSO Spyware

Other News

• Razer bug lets you become a Windows 10 admin by plugging in a mouse

• Cyber Security Market Soaring As Threats Target Commercial And Govt Organisations

• UK to overhaul privacy rules in post-Brexit departure from GDPR

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.