Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

The Financial Sector is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift

A series of interviews with senior cyber executives and decision makers around the world gave insights into the attacks seen in the financial sector. The findings include 77% of financial organisations detecting campaigns to steal non-public market information, 48% falling victim to attacks solely focused on destroying data and 45% of organisations believing they were a victim of an attack which they were unable to detect. The financial sector remains a valuable target for cyber criminals and as such, organisations within this sector must proactively protect themselves.

Source: [PR News Wire]

The $10 Billion Cyber Insurance Industry Sees a Dangerous Year in Cyber Crime Ahead. AI, Ransomware, and War are its Biggest Concerns

A recent report by insurance broker Woodruff Sawyer sheds light on pressing concerns from the perspective of the insurance industry. Amidst ongoing global conflicts and the rise of AI-driven cyber threats, the boundaries between war and cyber attacks are blurring. Insurers are increasingly wary, with many opting not to provide coverage, particularly against war-related risks. The survey reveals a grim outlook, with 56% of clients anticipating a significant increase in cyber risks in 2024, primarily driven by ransomware and war associated threats. The challenge lies in defining and navigating these evolving risks, leaving clients uncertain about their cyber security strategies. Additionally, updated US Securities and Exchange Commission (SEC) rules mandating rapid disclosure of cyber breaches add further complexity to the cyber security landscape, warranting close monitoring by insurers. As cyber threats continue to evolve in a turbulent world, the insurance industry faces unprecedented challenges in safeguarding against cyber risks.

Source: [Fortune]

Microsoft Says Russian Hackers Used Known Identified Tactics to Breach Senior Exec Emails

Hackers allegedly linked to Russia’s Foreign Intelligence Service (SVR) breached a legacy non-production test tenant account in Microsoft last November, before pivoting into their senior executives’ email accounts. Microsoft only discovered the incident on 12 January. In a blog post, Microsoft said that the attackers had used a password spray attack on a limited number of accounts. One of these accounts was a legacy, non-production test account that had elevated access to the Microsoft corporate environment, and the ability to create malicious OAuth applications with access to other corporate mailboxes, leading to them accessing senior executives’ emails. Microsoft has since confirmed that multi-factor authentication was not enabled. Microsoft has previously warned the public about this exact scenario, writing that attackers “compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity.”

Sources: [The Record] [Bleeping Computer]

Old Methods, New Tricks: Cyber Criminals Are Still Using Social Engineering to Steal Your Credentials

2023 showed us that despite all the advancements in cyber security, most threat actors are simply just logging in. To do this an attacker needs credentials, often gained through phishing, the most common social engineering tactic. The emergence and utilisation of artificial intelligence has only made this easier, the point being that now virtually anyone can conduct a sophisticated phishing campaign, and with huge success. But what can organisations do? Focus on their human firewall. Social engineering will remain, and organisations need to ensure that their staff are consistently trained to be vigilant, as well as regular updated training on current trends. Users should ensure that they don’t reuse passwords across accounts, nor use easy to guess passwords or patterns. Users should be encouraged to use password managers to enable better, and more manageable, password hygiene. Where possible, multi factor authentication should be enforced.

Sources: [Security Boulevard] [Beta News] [Security Intelligence]

UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year

The UK government is urging organisations to prioritise cyber threats as a key business risk, on par with financial and legal challenges. They have released new guidelines, the Cyber Governance Code of Practice, aimed at directors and senior leaders to elevate cyber security as a focal point in business operations. The code recommends clear roles and responsibilities, customer protection, and plans to respond to cyber attacks. It also emphasises the need for employees to possess adequate cyber awareness and skills. As cyber security incidents rise, a report found that 77% of financial services organisations have experienced a cyber attack. Other figures also show that 32% of firms have suffered a cyber breach or attack in the past year alone. These guidelines align with the UK Government’s National Cyber Strategy, aiming to protect and promote online security in the country. With the financial sector experiencing underperforming cyber security providers, organisations need to strengthen their anti-fraud defences, possibly incorporating cyber risk ratings for a more robust security posture.

Source: [The Fintech Times]

94% of Organisations Would Pay a Ransom, Despite Having ‘Do Not Pay’ Policies, as 79% Faced an Attack in 2023

A recent study has found that 94% of organisations would pay a ransomware demand, even if they had a ‘do not pay’ policy, in the event of an attack. The study found that 79% had suffered a ransomware related attack in the second half of 2023. When it came to resilience, only 21% had full confidence in their organisation’s cyber resilience and ability to address today’s escalating cyber challenges and threats, and 23% reported that they would need over three weeks to recover data and restore business processes. A common theme in the study was the belief that senior and executive management do not fully understand the serious risks, with only 35% of respondents believing risks were fully understood.

Sources: [Beta News] [ Security Magazine] [MSSP Alert]

Interpol Arrests More than 30 Cyber Criminals in Global Operation

This week, international law enforcement announced that it detained 31 suspected cyber criminals and identified 1,300 malicious servers which were used to conduct phishing attacks and distribute malware. The operation, labelled “Synergia” was in response to “the clear growth, escalation and professionalisation of transnational cyber crime and the need for coordinated action against new cyber threats” Interpol said. Nearly 60 law enforcement agencies and several private companies were involved in the operation.

Sources: [The Record]

Divide and Succeed: Splitting IT and Security Makes Business Sense

Maintaining year-round security hygiene is important to protect both consumers and organisations. Cyber attacks, like the recent one on 23andMe, often exploit vulnerabilities that persist due to incomplete patching and compromised credentials. Many organisations cite time constraints as the primary reason for not updating security features. Ideally, in any organisation, and indeed in all organisations that have reached a level of maturity in this space, security and IT teams should be separate; however, this is not really achievable in many organisations and hence the responsibility to protect ultimately falls on IT teams. Overburdened IT teams, and IT teams whose primary focus is on operational IT, further compound the issue, spending significant time managing data requests and analysing data, leading to cyber security risks. As consumers become more privacy-conscious, businesses must review and adapt their data privacy policies to build trust. Additionally, the growing use of artificial intelligence poses new risks, necessitating the development of company-wide AI policies to protect data privacy. While privacy legislation remains fragmented, staying proactive by updating data privacy policies, understanding data usage, and fortifying cyber security defences is crucial for organisations.

Source: [Digital Journal]

Ransomware Groups Gain Clout with False Attack Claims

A concerning trend is on the rise: fake breach claims by ransomware groups. Cyber criminals are leveraging the dark web and social media to spread misinformation about alleged breaches, triggering unwarranted cyber investigations and generating unwanted, and unwarranted, negative publicity for the alleged victim. Recent incidents involving Technica Corp and Europcar exemplify this growing threat. While these claims often lack credible evidence, they serve as a means for ransomware operators to gain attention and clout in the cyber criminal world. These groups resort to false claims to maintain relevance. Cyber security teams must adapt to this new ransomware misinformation communication strategy and exercise caution when evaluating breach claims.

Source: [Dark Reading]

Payment Fraud is Hitting Organisations Harder Than Ever Before

According to research, 96% of companies in the US were targeted with at least one fraud attempt in the past year. 36% who suffered said the average loss they experienced was more than $1 million and for 25%, this was more than $5 million. The study found misaligned perception as despite the number falling victim, only 5% believed they could not keep up with fraud. Of concern, 75% of C-level finance leaders said they would stop doing business with an organisation that fell victim to payment fraud.

Source: [Help Net Security]

Chinese Hacking Operations Have Entered a Far More Dangerous Phase, US Warns

In the US, the directors of the FBI, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), have stated that China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on critical infrastructure. It was identified that Chinese nation-state actors were planting malware on network routers and other internet-connected devices that, if triggered, could disrupt water, power, rail and other critical services, possibly causing widespread chaos, or even injury or deaths as a result.

Source: [Defense One]

Governance, Risk and Compliance

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• Recognizing Security as a Strategic Component of Business (darkreading.com)

• Top Five Risks Facing Corporate Boards | The Volkov Law Group - JDSupra

• Despite awareness, small businesses still highly vulnerable to cyber attacks | Insurance Business America (insurancebusinessmag.com)

• Improving cyber security culture: A priority in the year of the CISO | CSO Online

• UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year | The Fintech Times

• Top 3 Cyber Security Trends for SME Business Leaders | MSSP Alert

• Building good cyber security posture doesn't have to be expensive – NCA | Insurance Business America (insurancebusinessmag.com)

• What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard

• Divide and succeed: Splitting IT and Security makes business sense - Digital Journal

• Prioritizing cyber crime intelligence for effective decision-making in cyber security - Help Net Security

• Strengthening Cyber Security: The rise of the Security Assurance Officer (securitybrief.co.nz)

• Proactive Cyber Security: A strategic approach to cost efficiency and crisis management - Help Net Security

• 5 Cyber Security Strategies You Must Embrace to Protect Your Business | Inc.com

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Survey Shows 94% of Companies Would Pay | MSSP Alert

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• Ransomware's Impact May Include Heart Attacks, Strokes & PTSD (techrepublic.com)

• 79% of organisations faced a ransomware attack in H2 2023 | Security Magazine

• Ransomware Groups Gain Clout With False Attack Claims (darkreading.com)

• LockBit remorseless in latest children's hospital attack • The Register

• Alpha Ransomware Group Launches Data Leak Site on the Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

• The Ransomware Threat in 2024 is Growing: Report - Security Week

• Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register

• “More Groups, More Problems”: Searchlight Cyber Report Reveals Ransomware Groups to Watch in 2024 | Business Wire

• OpenText Cyber Security Global Ransomware Survey: The Risk Perception Gap | MSSP Alert

• The State of Ransomware 2024 - Security Boulevard

• The evolution of ransomware: Lessons for the future (securityintelligence.com)

• New strain of the Phobos ransomware discovered in VBA script | SC Media (scmagazine.com)

• Canadian Man Sentenced to Prison for Ransomware Attacks - Security Week

• Ransomware Research Reveals Millions Spent Despite Do Not Pay Policies - IT Security Guru

• A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)

• Online ransomware decryptor helps recover partially encrypted files (bleepingcomputer.com)

• Higher cyber defences lead to higher ransoms, study finds | Cybernews

• ICS Ransomware Danger Rages Despite Fewer Attacks (darkreading.com)

Ransomware Victims

• ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch

• Pentagon investigating theft of sensitive files by ransomware group | CyberScoop

• Johnson Controls says ransomware attack cost $27 million, data stolen (bleepingcomputer.com)

• "Cyber security matter" prompted network outage at Lurie Children's Hospital - CBS Chicago (cbsnews.com)

• New Jersey School District Shut Down by Cyber Attack (darkreading.com)

• Cactus ransomware gang claims the Schneider Electric hack (securityaffairs.com)

• Schneider Electric Responding to Ransomware Attack, Data Breach  - Security Week

• Akira ransomware gang says it stole passport scans from Lush • The Register

• Kansas public transportation authority hit by ransomware (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica

• Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it's being offered for sale for barely nothing to lure new criminals in | TechRadar

• In 2023, Cyber Criminals Were Still Using Social Engineering to Steal Your Credentials - Security Boulevard

• The top phishing themes of 2023 (betanews.com)

• AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

Artificial Intelligence

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• AI-Powered Attacks and Deepfake Technology Fuel Cyber Attack Concern - IT Security Guru

• ChatGPT bug leaked conversations from others in your history (bgr.com)

• AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

• Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One

• AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week

• AI-generated code leads to security issues for most businesses: report | CIO Dive

• Poisoned AI went rogue during training and couldn't be taught to behave again in 'legitimately scary' study | Live Science

• Assessing and quantifying AI risk: A challenge for enterprises | CSO Online

• AI And 5G are Defining a New Era of Cyber Security: The Industry Must Collectively Adapt - Infosecurity Magazine (infosecurity-magazine.com)

• Identity verification systems need hybrid liveness detection to protect against AI spoofs, say experts | ITPro

• Worried About AI Voice Clone Scams? Create a Family Password | Electronic Frontier Foundation (eff.org)

2FA/MFA

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

Malware

• It's true — Microsoft Teams group chat requests can be bad for you, as hackers hijack them to spread malware | TechRadar

• One of the world's biggest web hosting companies revealed that it eradicated nearly 500 million malware threats in 2023 - a staggering 250 instances per customer | TechRadar

• How the ZeuS Trojan Info Stealer Changed Cyber Security (securityintelligence.com)

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks (thehackernews.com)

• Windows PCs are now being hit by dangerous malware — here's the steps you need to take to stay safe | TechRadar

• Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines (thehackernews.com)

• Fake Google ads are trying to trick users into downloading nasty malware — here's how you can fight back | TechRadar

• Police disrupt Grandoreiro banking malware operation, make arrests (bleepingcomputer.com)

• Threat Actors Using Adult Games To Launch Remcos RAT Attack - Security Boulevard

• Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware (thehackernews.com)

• More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)

• Don't believe everything you read - hackers are pushing malware via media, news sites | TechRadar

Mobile

• Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping  - Security Week

• More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attack power skyrockets to 1.6 Tbps - Help Net Security

Internet of Things – IoT

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world (talosintelligence.com)

Data Breaches/Leaks

• There was a 39% surge in data exfiltration cyber attacks in 2023 | Security Magazine

• Europcar denies data breach of 50 million users, says data is fake (bleepingcomputer.com)

• 3.5M exposed in COVID-19 e-passport leak (securityaffairs.com)

• Mercedes-Benz accidentally exposed sensitive data, including source code (securityaffairs.com)

• FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)

• 23andMe confirms last year's massive data breach went unnoticed for five months, hackers stole raw genotype data | TechSpot

• 23andMe admits it didn’t detect cyber attacks for months | TechCrunch

• Millions of corporate messages leaked by Miracle Software's unsecured MongoDB instance | SC Media (scmagazine.com)

• Football Australia investigating 'critical data' leak - ESPN

• Top 3 Data Breaches of 2023, and What Lies Ahead in 2024 (darkreading.com)

• A Look Back at the Biggest Data Breaches in 2023: a Cautionary Tale for All Businesses - Hayes Connor

• DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)

• Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security

• Data leak at fintech giant Direct Trading Technologies (securityaffairs.com)

• Timex breach leaks employee Social Security numbers | SC Media (scmagazine.com)

• Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)

• Keenan warns 1.5 million people of data breach after summer cyber attack (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Dark Web Drugs Vendor Forfeits $150m After Guilty Plea - Infosecurity Magazine (infosecurity-magazine.com)

• ReasonLabs Releases Annual "State of Consumer Cyber Security Report" for 2024 (prnewswire.com)

• Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security

• ‘Extremely heinous’: Myanmar hands over 10 leading cyber scam suspects to China | South China Morning Post (scmp.com)

• Smarter, Meaner, Sneakier: Security Trends for 2024 (trendmicro.com)

• How businesses can tackle the cyber crime economy (siliconrepublic.com)

• Expert explains the alarming creativity of today's cyber attacks, and five unlikely places you're vulnerable (techxplore.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bitcoin worth £1.4bn seized after ex-takeaway worker tried to buy £23m mansion, court hears | UK News | Sky News

• Pump-and-Dump Schemes Make Crypto Fraudsters $240m - Infosecurity Magazine (infosecurity-magazine.com)

• Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping  - Security Week

• Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k (securityaffairs.com)

Insider Risk and Insider Threats

• Top-tier IT talent doesn't stick around in 'mid-market' organisations - which could also be a major security risk | TechRadar

• DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)

• Put People First When Facing Sophisticated Cyber Threats (forbes.com)

Insurance

• A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

Supply Chain and Third Parties

• Supply Chain Security and NIS2: What You Need to Know - Security Boulevard

• Third-party risk management best practices and why they matter - Help Net Security

• Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)

• Cyber criminals embrace smarter strategies, less effort - Help Net Security

• Expert explains the alarming creativity of today's cyber attacks, and five unlikely places you're vulnerable (techxplore.com)

Cloud/SaaS

• Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it's being offered for sale for barely nothing to lure new criminals in | TechRadar

• Microsoft Teams phishing pushes DarkGate malware via group chats (bleepingcomputer.com)

• Why adversaries have their heads in the cloud - Red Canary

• 'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally (darkreading.com)

• Cyber Attacks, AI and Multicloud Hit Cyber Security in 2023 - The New Stack

• Why DNS protection should be the first step in hybrid cloud security | TechRadar

Identity and Access Management

• Microsoft tells how Russia's Cozy Bear broke into its email • The Register

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica

• Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)

Linux and Open Source

• Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard

• New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)

• White House releases report on securing open-source software | CyberScoop

Passwords, Credential Stuffing & Brute Force Attacks

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

• ‘Credential stuffing’ attacks set to rise (theage.com.au)

• Hundreds of network operators’ credentials found circulating in Dark Web (securityaffairs.com)

• US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)

Social Media

• A tangled mess: Government rules for social media security lack clarity | CyberScoop

• Defending Against Corporate Social Media Account Takeovers (databreachtoday.co.uk)

Malvertising

• Fake Google ads are trying to trick users into downloading nasty malware — here's how you can fight back | TechRadar

Regulations, Fines and Legislation

• ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch

• Thе Cyber Resilience Act: What Startups Should Know About Hardware and Software Transparency in 2024 - TheRecursive.com

• SolarWinds Files Motion to Dismiss SEC Lawsuit (darkreading.com)

• What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard

• A tangled mess: Government rules for social media security lack clarity | CyberScoop

• AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week

• The SEC Won't Let CISOs Be: Understanding New SaaS Cyber Security Rules (thehackernews.com)

• How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week

• UK law could ban Apple security updates across the world in an 'unprecedented overreach' | TechRadar

Models, Frameworks and Standards

• Supply Chain Security and NIS2: What You Need to Know - Security Boulevard

• NIS2 Directive raises stakes for security leaders - Help Net Security

• Complete Guide To PCI DSS Compliance - Security Boulevard

• CMMC Is the Starting Line, Not the Finish (darkreading.com)

Data Protection

• ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch

Careers, Working in Cyber and Information Security

• Wait, infosec isn't a computer science degree requirement? • The Register

• The Future Of Cyber Security Is More Human Than You Think (forbes.com)

Law Enforcement Action and Take Downs

• Interpol arrests more than 30 cyber criminals in global ‘Synergia’ operation (therecord.media)

• Interpol-Led Initiative Targets 1300 Suspicious IPs - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Drugs Vendor Forfeits $150m After Guilty Plea - Infosecurity Magazine (infosecurity-magazine.com)

• Bitcoin worth £1.4bn seized after ex-takeaway worker tried to buy £23m mansion, court hears | UK News | Sky News

• US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)

• US sanctions 3 for supporting ISIS with cyber security expertise, money transfers - UPI.com

• Canada's 'most prolific hacker' jailed for two years (bitdefender.com)

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care | TechRadar

• Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• $10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune

• Cyber attacks as war crimes | International Bar Association (ibanet.org)

• What Are State-Sponsored Cyber Attacks? - Security Boulevard

• Satya Nadella Worries About Hackers Causing 'Breakdown of World Order' (businessinsider.com)

• Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One

• The Cyber Warfare Option Against Hostile States and Groups | National Review

Nation State Actors

China

• Chinese hacking operations have entered a far more dangerous phase, US warns - Defense One

• Chinese hackers preparing to 'wreak havoc' on US, warns FBI chief Christopher Wray | US News | Sky News

• FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)

• Wray’s stunning warning points to a new age of US vulnerability | CNN Politics

• Cyber attacks as war crimes | International Bar Association (ibanet.org)

• EU economic security plan eyes China with more defence than offense (qz.com)

Russia

• Microsoft says Russian hackers used previously identified tactic to breach senior exec emails (therecord.media)

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technicac

• Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)

• Russia hacks Microsoft: It’s worse than you think | Computerworld

• Microsoft Threat Report: How Russia’s War on Ukraine Is Impacting the Global Cyber Security Community (darkreading.com)

• Series of Cyber Attacks Hit Ukrainian Critical Infrastructure Organisations (darkreading.com)

• Russian 'cyber war' could exploit divisions in Scotland | The Herald (heraldscotland.com)

• Pawn Storm Uses Brute Force and Stealth Against High-Value Targets (trendmicro.com)

• Russian threat actors dig in, prepare to seize on war fatigue | Security Insider (microsoft.com)

• Russian spies impersonating Western researchers in ongoing hacking campaign (therecord.media)

• Ukranian Military intelligence claims cyber attack on IT company providing services to Russian defence industry (kyivindependent.com)

• Ukraine's POW Coordination Headquarters restores services after cyber attack (kyivindependent.com)

• Ukraine Military Targeted With Russian APT PowerShell Attack (darkreading.com)

Iran

• New Leaks Expose Web of Iranian Intelligence and Cyber Companies - Infosecurity Magazine (infosecurity-magazine.com)

• Iran's 'Cyber Centers' Dodge Sanctions to Sell Cyber Operations (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• US sanctions 3 for supporting ISIS with cyber security expertise, money transfers - UPI.com

Vulnerability Management

• Does CVSS 4.0 solve the exploitability problem? - Help Net Security

• Why the Right Metrics Matter When it Comes to Vulnerability Management (thehackernews.com)

• Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard

• Why organisations need risk-based vulnerability management | TechTarget

Vulnerabilities

• Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register

• Ivanti Struggling to Hit Zero-Day Patch Release Schedule - Security Week

• Ivanti releases patches for old and new VPN zero-days • The Register

• A zero-day vulnerability (and PoC) to blind defences relying on Windows event logs - Help Net Security

• 45k Jenkins servers exposed to RCE attacks using public exploits (bleepingcomputer.com)

• Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (thehackernews.com)

• New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)

• CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS (thehackernews.com)

• If you’re using this router brand, you may want to disconnect now — security researchers found more vulnerabilities and a hardcoded password in Totolink hardware | TechRadar

• Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care | TechRadar

• Tor Code Audit Finds 17 Vulnerabilities - Security Week

Tools and Controls

• Microsoft tells how Russia's Cozy Bear broke into its email • The Register

• In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica

• Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)

• Building good cyber security posture doesn't have to be expensive – NCA | Insurance Business America (insurancebusinessmag.com)

• Prioritizing cyber crime intelligence for effective decision-making in cyber security - Help Net Security

• What is DMARC? - Security Boulevard

• Multi-factor authentication suffers from three major weaknesses | TechRadar

• AI-generated code leads to security issues for most businesses: report | CIO Dive

• 3 Best Practices to Improve Threat Hunting - Security Boulevard

• How to make developers accept DevSecOps - Help Net Security

• Assessing and quantifying AI risk: A challenge for enterprises | CSO Online

• How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week

• Why DNS protection should be the first step in hybrid cloud security | TechRadar

• What Is Cyber Threat Hunting? (Definition & How it Works) (techrepublic.com)

• Proactive cyber security: A strategic approach to cost efficiency and crisis management - Help Net Security

• The Future Of Cyber Security Is More Human Than You Think (forbes.com)

• Managing the hidden risks of shadow APIs • The Register

Reports Published in the Last Week

• Cyber Bank Heists | Cyber Security Threats Facing Financial Sector | Contrast Security

• ReasonLabs Releases Annual "State of Consumer Cyber Security Report" for 2024 (prnewswire.com)

• Gartner Report: Innovation Insight for Application Security Posture Management (legitsecurity.com)

Other News

• The Financial Sector Is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift, According to the Modern Bank Heists Report From Contrast Security (prnewswire.com)

• How SMBs can lower their risk of cyber attacks and data breaches (bleepingcomputer.com)

• FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)

• Global critical infrastructure faces relentless cyber activity - Help Net Security

• Why the healthcare industry must prioritize cyber resilience | World Economic Forum (weforum.org)

• UK says Emirates-backed stake in Vodafone poses national security risk | Vodafone | The Guardian

• Cyber attacks soar to 13 per second – with OT a key target - Drives and Controls Magazine (drivesncontrols.com)

• Israeli Government: Smallest of SMBs Hit Hardest in Cyber Attacks (darkreading.com)

• How to prepare for the increasing cyber attacks on critical infrastructure - Data Centre & Network News (dcnnmagazine.com)

• CISA: Vendors must secure SOHO routers against Volt Typhoon attacks (bleepingcomputer.com)

• Firmware remains the soft underbelly of banking cyber defence (techmonitor.ai)

• Cyber attacks on state and local governments rose in 2023, says CIS report | StateScoop

• City Cyber Taskforce Launches to Secure Corporate Finance - Infosecurity Magazine (infosecurity-magazine.com)

• Fulton County Suffers Power Outages as Cyber Attack Continues (darkreading.com)

• How to Prepare for a Cyber Attack - Security Boulevard

• The Imperative for Robust Security Design in the Health Industry (darkreading.com)

• National cyber security plans lack performance measures and estimated costs, GAO says | CyberScoop

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Criminals Exploit Invasion of Ukraine

Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.

In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.

Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.

Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.

Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.

https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/

UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.

Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.

John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.

Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.

Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”

https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat

Phishing - Still a Problem, Despite All The Work

Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.

Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?

https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work

Phishing Attacks Hit All-Time High in December 2021

The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/

Ransomware Infections Top List of The Most Common Results of Phishing Attacks

A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.

Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.

Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.

https://www.techrepublic.com/article/ransomware-infections-top-list-of-the-most-common-results-of-phishing-attacks/

Social Media Phishing Attacks Are at An All Time High

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.

As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.

Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.

https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/

Insurance Giant AON Hit by a Cyber Attack

Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.

AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.

AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.

In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.

AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.

The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.

In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

How Prepared Are Organisations to Face Email-Based Ransomware Attacks?

Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/

The Most Impersonated Brands in Phishing Attacks

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.

The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.

Key findings:

·         Financial services is the most impersonated industry

·         Microsoft is the most impersonated cloud brand and the top corporate brand

·         Facebook dominates social media phishing

·         35% of all phishing pages impersonated financial services brands

·         Mondays and Tuesdays are the top days for phishing

·         78% of phishing attacks occur on weekdays

·         Monday and Thursday are the top days for Facebook phishing

·         Thursday and Friday are the top days for Microsoft phishing

https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/

As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry

In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”

The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.

Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.

https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/

2022 May Be The Year Cyber Crime Returns Its Focus to Consumers

Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.

This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.

ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Kaspersky Neutral Stance in Doubt As It Shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/

Threats

Ransomware

• Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)

• Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register

• Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet

• Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica

• Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)

• Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine

Phishing & Email

• Unusual Sign-In Activity Mail Goes Phishing For Microsoft Account Holders | Malwarebytes Labs

Other Social Engineering

• 'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet

• Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)

Malware

• TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)

• Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)

Mobile

• How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security

• TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet

• This Nasty Android Malware Steals Your Passwords — What You Need To Know [Update] | Tom's Guide (tomsguide.com)

• SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)

• A New Money-Stealing Malware Makes Rounds On Google Play Store Posing As An Innocent App With Over 50,000 Downloads - NotebookCheck.net News

Data Breaches/Leaks

• Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)

• NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)

• 250,000-Plus Lawyer Disciplinary Records Leak • The Register

• Swiss Bank Requests Destruction of Documents - Infosecurity Magazine

Organised Crime & Criminal Actors

• Ukraine-Russia Cyber Warzone Splits Cyber Underground | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar

• Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Don’t Be Fooled Into Thinking You’re Too Smart To Be Scammed | News | The Sunday Times (thetimes.co.uk)

DoS/DDoS

• DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica

• DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet

• Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Nation State Actors

• Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant

• Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)

• Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru

• Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)

• Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com

• Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet

• Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica

• IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs

• Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)

• Cyber Attacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen | SecurityWeek.Com

• Chinese Malware Targeted Multiple Governments • The Register

• Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)

Passwords & Credential Stuffing

• Microsoft Accounts Targeted by Russian-Themed Credential Harvesting | Threatpost

Spyware, Espionage & Cyber Warfare

• Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters

• Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop

• How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review

• Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO

• Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet

• China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)

Vulnerabilities

• Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet

• Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com

• Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)

• New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)

• Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)

• New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)

• Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability - Information Security Buzz

Sector Specific

Financial Services Sector

• Banks Brace For Retaliatory Ransomware Attacks From Russia | Bitcoinist.com

Health/Medical/Pharma Sector

• Conti And Karma Actors Attack Healthcare Provider At Same Time Through ProxyShell exploits – Sophos News

• Over 100,000 Medical Infusion Pumps Vulnerable To Years Old Critical Bug (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Lack Of Visibility Plaguing ICS Environments - Help Net Security

Reports Published in the Last Week

• Vade Releases 2021 Phishers' Favourites Report (darkreading.com)

• Salt Security releases State of API Security Report - IT Security Guru

Other News

• Microsoft Teams Grows As Cyber Attack Vector - MSSP Alert

• Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz

• The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)

• Cyber Attackers Are Looking To Exploit People Who Want To Help Ukraine, Security Experts Warn | The Independent

• Multifactor Authentication Is Being Targeted by Hackers – The New Stack

• Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)

• Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz

• Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security

• Facebook, Twitter, Google Move To Intercept Russian Propaganda, Disinformation About Ukraine - CyberScoop

• Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)

• Open Source Security Fears Are Fading Away | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.