Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw

A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.

No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.

Sources: [IT Security Guru] [Beta News] [Verdict]

Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable

According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.

The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.

Sources: [Infosecurity Magazine]  [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]

Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.

Source: [TechRadar]

UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.

Source: [The Record Media]

Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.

Sources: [JDSupra]

Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.

Source:[ SC Media] [TechRadar]

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.

Source: [The Hacker News]

Independent Cyber Security Audits Are Powerful Tools for Boards

Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by  the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.

Source: [Bloomberg Law]

Navigating Cyber Security in The Era of Mergers

In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.

Source: [Forbes]

Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.

Sources: [Help Net Security] [Dark Reading]

Governance, Risk and Compliance

• Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Three-Quarters of Cyber Incident Victims Are Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• Still on Top: Cyber Security Incidents Ranked #1 Global Business Threat in 2024 | Dinsmore & Shohl LLP - JDSupra

• Navigating Cyber Security In The Era Of Mergers (forbes.com)

• SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)

• New Risk for Weary CISOs: Becoming the Scapegoat After Cyber Criminals Strike | Corporate Counsel (law.com)

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• OODA Loop - How To Properly Cut Your Cyber Security Budget

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos: Remote ransomware attacks on SMBs increasing | TechTarget

• UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)

• Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack | Dinsmore & Shohl LLP - JDSupra

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding the multi-tiered impact of ransomware. (thecyberwire.com)

• Ransomware tracker: The latest figures [March 2024] (therecord.media)

• Cyber attack costing hospitals millions - The Boston Globe

• British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? (therecord.media)

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

• Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar

• StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

Ransomware Victims

• British Library’s legacy IT blamed for lengthy rebuild • The Register

• British Library shares lessons from cyber attack | UKAuthority

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Stanford University failed to detect intruders for 4 months • The Register

• Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)

• Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)

• Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages (voanews.com)

• UnitedHealth Sets Timeline to Restore Change Healthcare Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Belgian village whose brewery was hit by cyber attack faces another on its coffee roastery (therecord.media)

• Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)

• Child protection among critical services affected by cyber attack on English council (therecord.media)

• Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Image-based phishing tactics evolve - Help Net Security

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

• What is phishing? Examples, types, and techniques | CSO Online

• New email standards: what you need to know | TechRadar

Other Social Engineering

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

Artificial Intelligence

• AI Poses Extinction-Level Risk, State-Funded Report Says | TIME

• Cyber crime underworld has removed all the guardrails on AI frontier

• Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)

• Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data - Security Boulevard

• Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)

• Intelligence officials warn pace of innovation in AI threatens US | CyberScoop

• How advances in AI are impacting business cyber security - Help Net Security

• NCSC Blog - AI and cyber security: what you need to know (techuk.org)

• Are Global Companies Equipped to Tackle Emerging AI-Driven Cyber Threats? New Study Reveals Insights | Cryptopolitan

• 4 types of prompt injection attacks and how they work | TechTarget

• How data poisoning attacks work | TechTarget

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• How to craft a generative AI security policy that works | TechTarget

2FA/MFA

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security

• SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

• Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)

• RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)

• Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)

Mobile

• Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard

• SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)

• PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• French government sites disrupted by très grande DDOS • The Register

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

• RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR

• The Growing Threat of Application-Layer DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks reach critical levels in 14 seconds | Security Magazine

Internet of Things – IoT

• Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard

• Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week

• The S in IoT stands for security • The Register

• Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

Data Breaches/Leaks

• Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra

• Jersey regulator's data breach leaks names and addresses - BBC News

• Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)

• Okta denies it was hacked again after data appears on hacking site | TechRadar

• Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)

• French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

Organised Crime & Criminal Actors

• How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)

• How to Identify a Cyber Adversary: What to Look For (darkreading.com)

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week

Insider Risk and Insider Threats

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Insider threats can damage even the most secure organisations - Help Net Security

• Your tech tools won’t save you from cyber threats | TechRadar

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• Meta Sues Former VP After Defection to AI Startup - Infosecurity Magazine (infosecurity-magazine.com)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

Insurance

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

Supply Chain and Third Parties

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International

Cloud/SaaS

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• How Not to Become the Target of the Next Microsoft Hack (darkreading.com)

• Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

• Cloud security vs. network security: What's the difference? | TechTarget

Encryption

• Building The Defence Sector's Quantum Threat Resilience (forbes.com)

• Are private conversations truly private? A cyber security expert explains how end-to-end encryption protects you (theconversation.com)

Linux and Open Source

• How to Ensure Open Source Packages Are Not Landmines (darkreading.com)

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)

• Overcoming the threat of account takeover fraud (securitybrief.co.nz)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leverage document publishing sites for ongoing credential and session token theft (talosintelligence.com)

• LastPass suffers worldwide outage causing site 404 error - 9to5Mac

Social Media

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

Training, Education and Awareness

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

Regulations, Fines and Legislation

• Everything you need to know about the EU's Cyber Solidarity Act | ITPro

• Cyber Security: European Parliament adopts Cyber Resilience Act at first reading | Practical Law (thomsonreuters.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

Models, Frameworks and Standards

• 4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

Backup and Recovery

• Immutability: A boost to your security backup (betanews.com)

Data Protection

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• How do you lot feel about Pay or OK model, ICO asks Brits • The Register

Careers, Working in Cyber and Information Security

• Half of firms struggling to hire cyber security experts (securitybrief.co.nz)

• UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

• Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

• How To Overcome The Machismo Problem In Cyber Security (forbes.com)

Law Enforcement Action and Take Downs

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

• WEF effort to disrupt cyber crime moves into operations phase • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

• Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. (thecyberwire.com)

• Chinese company at the centre of Biden's US port crane order denies it's a security threat | Fortune Asia

• Lithuania security services warn of China's espionage against the country (securityaffairs.com)

• Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

Russia

• Microsoft says Russian hackers stole source code after spying on its executives - The Verge

• Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)

• Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)

• Microsoft says it hasn't been able to evict Russian state hackers | AP News

• Why Cyber Attacks on Ukrainians Aren’t Working the Way Russia Expected - Carnegie Endowment for International Peace

• Kremlin accuses US of plotting election-day cyber attack • The Register

• Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC

• First-ever South Korean national detained for espionage in Russia (securityaffairs.com)

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

North Korea

• Japan Blames North Korea for PyPI Supply Chain Cyber Attack (darkreading.com)

Vulnerability Management

• How to Streamline the Vulnerability Management Life Cycle - Security Boulevard

• Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)

• Former CISA Dir. Krebs on cyber threats: Microsoft and others are 'hanging on by a thread' right now (cnbc.com)

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

Vulnerabilities

• Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (thehackernews.com)

• Adobe Patches Critical Flaws in Enterprise Products - Security Week

• Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week

• Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• SAP Patches Critical Command Injection Vulnerabilities - Security Week

• Cisco addressed severe flaws in its Secure Client (securityaffairs.com)

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard

• New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register

• Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)

• CISA confirms compromise of its Ivanti systems | TechTarget

• Threat actors breached two crucial systems of the US CISA (securityaffairs.com)

• Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)

• QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now | TechRadar

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week

Tools and Controls

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• 10 cloud security tips every IT leader should know | ITPro

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• Cloud security vs. network security: What's the difference? | TechTarget

• Immutability: A boost to your security backup (betanews.com)

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

• How teams can improve incident recovery time to minimize damages - Help Net Security

• New email standards: what you need to know | TechRadar

• Creating Security Through Randomness (darkreading.com)

• AI and the future of corporate security - Help Net Security

Reports Published in the Last Week

• The State of Email & Collaboration Security 2024 | Mimecast

Other News

• The rise of cyber attacks on financial institutions highlight the need to build a security culture   | SC Media (scmagazine.com)

• Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar

• French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)

• US Intelligence Predicts Upcoming Cyber Threats for 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard

• 78% of MSPs state cyber security is a prominent IT challenge | Security Magazine

• No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED

• Maritime cyber security: threats and challenges - Port Technology International

• What resources do small utilities need to defend against cyber attacks? | CyberScoop

• 10 free cyber security guides you might have missed - Help Net Security

• Using the wrong font could be a major security problem — and possibly not for the reason you might think | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Enterprises prepare for the inevitable cyber attack - Help Net Security

• Board Support Critical For Cyber Security Defence | Silicon UK

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• The Role of the CISO in Digital Transformation (darkreading.com)

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security—Do We See Risks Increasing? | ETF Trends

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)

• Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)

• Allianz cyber head warns ransomware is "back with a vengeance" | Insurance Business America (insurancebusinessmag.com)

• Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• The crazy world of ransomware • Graham Cluley

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (databreaches.net)

• DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

• Only 4% of UK housing associations feel sector is fully prepared for ransomware attack | Scottish Housing News

• Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)

Ransomware Victims

• Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette

• Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International

• Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)

• British Library contacts users after Rhysida leaks data • The Register

• Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News

• Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial (therecord.media)

• University of Manchester CISO Speaks Out on Summer Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)

• GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)

• English council spent £1.1 million recovering from ransomware attack (therecord.media)

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)

• Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)

• New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd

• Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)

• Ardent Health Services Grapples With Ransomware Disruption - Infosecurity Magazine (infosecurity-magazine.com)

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Top instant money provider service hacked, over a million users possibly affected | TechRadar

• Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)

Phishing & Email Based Attacks

• Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing makes up 43% of email attacks | Security Magazine

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• Organisations can't ignore the surge in malicious web links - Help Net Security

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Booking.com Customers Scammed in Novel Social Engineering Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• What custom GPTs mean for the future of phishing - Help Net Security

• A reality check on email security threats in healthcare (securitybrief.co.nz)

Artificial Intelligence

• Released: AI security guidelines backed by 18 countries - Help Net Security

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• CISA and NCSC lead efforts to raise AI security standards • The Register

• Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• Securing generative AI across the technology stack | TechCrunch

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• What custom GPTs mean for the future of phishing - Help Net Security

• 8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)

Malware

• Implications of “malware free” attacks on SMBs (databreaches.net)

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Hacked Microsoft Word documents being used to trick Windows users | TechRadar

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - Infosecurity Magazine (infosecurity-magazine.com)

• A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)

• LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)

Mobile

• Busting 6 Myths About Mobile Device Security | MSSP Alert

• Surge in counterfeit app risk as cyber crime exploits rising digital consumption (securitybrief.co.nz)

• NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)

• 200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)

Denial of Service/DoS/DDOS

• Same threat, new stakes: DDoS in an evolving telecoms sector

Internet of Things – IoT

• Cyber pros avoid smart devices: there is a good reason | Cybernews

• Navigating IoT security in a connected world - EDN

• IoT Security Labeling Improving, But More Collaboration Needed - EE Times

Data Breaches/Leaks

• Okta security breach much worse than originally disclosed – all customers' data potentially affected | Mashable

• Nuclear lab faces niche cyber threat (computing.co.uk)

• App used by hundreds of schools leaking children's data (securityaffairs.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Gulf Air exposed to data breach, 'vital operations not affected' | Reuters

• General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Leader of Killnet 'unmasked' by Russian state media • The Register

• A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

• Security official: Romania is an exporter of cyber security in its part of the word (stiripesurse.ro)

• I'm a hacker who was jailed for a decade for heading up a cyber criminal organisation - I started the group to fight back against bullies but got hooked on the power | Daily Mail Online

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch

• US imprisons Ukrainian SSNDOB administrator for 8 years • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Insurance

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

Supply Chain and Third Parties

• Cyber attack on managed service provider potentially affects hundreds of law firms | Scottish Legal News

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• Telecom Industry Association Advances Supply Chain Security | MSSP Alert

Cloud/SaaS

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)

• Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)

• Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon

• 90+ Key Password Breach Statistics in 2023 (techreport.com)

Social Media

• Google, Meta, allege China cyber attacks • The Register

Training, Education and Awareness

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

Regulations, Fines and Legislation

• European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)

• Released: AI security guidelines backed by 18 countries - Help Net Security

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• EU considers widening scope of cyber security regulation (finextra.com)

• Newly-proposed cyber security rules could affect cloud banking services in the EU - PaymentExpert.com

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

• 5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security

• The SEC’s Fraud Suit Against SolarWinds: 3 Cyber security Action Items for Companies to Consider | Orrick, Herrington & Sutcliffe LLP - JDSupra

• False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs

Models, Frameworks and Standards

• CISA Launches Project to Assess Effectiveness of Security Controls - Infosecurity Magazine (infosecurity-magazine.com)

• The challenge of adding governance as a pillar of cyber security (c4isrnet.com)

Data Protection

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

Careers, Working in Cyber and Information Security

• Information overload puts cyber security at risk (betanews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• More than half admit to ignoring cyber security alerts (itsecuritywire.com)

• Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)

• Unhappy network professionals juggling more with less - Help Net Security

Law Enforcement Action and Take Downs

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)

• CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle

• Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week

• New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

Misinformation, Disinformation and Propaganda

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors

China

• Deloitte and KPMG ask staff to use burner phones for Hong Kong trips

• Google, Meta, allege China cyber attacks • The Register

Russia

• Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)

• Leader of Killnet 'unmasked' by Russian state media • The Register

Iran

• Pennsylvania water facility hit by Iran-linked hackers | CyberScoop

• North Texas water utility serving 2 million hit with cyber attack (therecord.media)

• Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium

North Korea

• North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Hamas-linked APT uses Rust-based SysJoker backdoor against Israel (securityaffairs.com)

• Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop

• SysJoker Malware: Hamas-Related Threat Expands With Rust Variant - Infosecurity Magazine (infosecurity-magazine.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Israel’s national water company sees increase in cyber attacks since beginning of war | Ctech (calcalistech.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

Vulnerability Management

• Why it’s the perfect time to reflect on your software update policy - Help Net Security

Vulnerabilities

• Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)

• Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)

• Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security

• Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week

• Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! - Help Net Security

• PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

Tools and Controls

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News

• Building cyber resilience for tomorrow’s threats - Help Net Security

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

• What cyber security pros can learn from first responders (securityintelligence.com)

• Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert

• Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security

• Researcher flags OpenCart security issue, founder rages • The Register

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Reports Published in the Last Week

• 2023 Zscaler ThreatLabz State of Phishing Report | Zscaler

Other News

• Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360

• Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

• Microsoft is at the Heart of US National Security Systems and It’s Vulnerable: Cyber Security Expert | NTD

• Implications of “malware free” attacks on SMBs (databreaches.net)

• Reading Borough Council apologises for dodgy infosec advice • The Register

• Holiday Season Increases Cyber security Risks (forbes.com)

• Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Paris water agency targeted in cyber attack - Emerging Risks Media Ltd

• Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)

• No plain sailing: modern pirates hack superyachts' cyber security | Euronews

• Hackers Hijack Industrial Control System at US Water Utility  - Security Week

• How to Keep Cyber attacks From Taking Off (darkreading.com)

• Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)

• Japan’s space agency suffers cyber attack • The Register

• CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)

• New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

• Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

• SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

• IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

• Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

• Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

• Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

• Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

• Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

• Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Governance, Risk and Compliance

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)

• Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times

• Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)

• Cyber Defence: Council conclusions stress the importance of further strengthening the EU resilience to face cyber threats - Consilium (europa.eu)

• 5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)

• Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek

• The biggest threats are always those we fail to predict - Big Think

• How continuous security monitoring is changing the compliance game - Help Net Security

• Forrester predicts 2023's top cyber security threats: From generative AI to geopolitical tensions | VentureBeat

• 50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy - Infosecurity Magazine (infosecurity-magazine.com)

• Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)

Threats

Ransomware, Extortion and Destructive Attacks

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Backup Repositories Targeted in 93% of Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)

• FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs

• Fortinet survey finds 78% of organisations felt prepared for ransomware attacks, yet half still fell victim | ITWeb

• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)

• Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims

• Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget

• The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)

• US saw 45% fewer ransomware victims posted on the dark web | Security Magazine

• BlackCat ransomware takes control of protected computers via new kernel driver | SC Media (scmagazine.com)

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)

• Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)

Ransomware Victims

• Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek

• Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million - Security Affairs

• Iowa hospital discloses breach following Royal ransomware leak | TechTarget

• Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)

• Mazars Group allegedly breached by BlackCat | Cybernews

• Dish Network says February ransomware attack impacted +300K - Security Affairs

• Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register

• Dorchester school IT system held to ransom in cyber attack - BBC News

• BlackByte lists city of Augusta after cyber 'incident' • The Register

Phishing & Email Based Attacks

• Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)

• Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• Threat actors exploit new channels for advanced phishing attacks - Help Net Security

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Phishing campaign targets ChatGPT users - Help Net Security

BEC – Business Email Compromise

• Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog

• Microsoft reports jump in business email compromise activity | CSO Online

• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool (darkreading.com)

Artificial Intelligence

• Employees are banned from using ChatGPT at these companies | Fortune

• When the tech boys start asking for new regulations, you know something’s up | John Naughton | The Guardian

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• 6 ChatGPT risks for legal and compliance leaders - Help Net Security

• 5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

• How to avoid shadow AI in your SOC - Help Net Security

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets ChatGPT users - Help Net Security

• The Security Hole at the Heart of ChatGPT and Bing | WIRED UK

2FA/MFA

• Cyber criminals masquerading as MFA vendors - Help Net Security

Malware

• New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)

• Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)

• Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Threat actors leverage kernel drivers in new attacks | TechTarget

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Google Unveils Bug Bounty Program For Android Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Botnets

• How smart bots are infecting and exploiting the internet - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Denial of Service/DoS/DDOS

• Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry (thehackernews.com)

Internet of Things – IoT

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• How Connected Car Cyber Risk will Evolve (trendmicro.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

Data Breaches/Leaks

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)

• Hackers steal the SSN of nearly 6 million people (pandasecurity.com)

• Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek

Organised Crime & Criminal Actors

• Inside the Mind of a Cyber Attacker | Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know

• IT employee piggybacked on cyber attack for personal gain - Help Net Security

• Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• Cyber criminals masquerading as MFA vendors - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

Insider Risk and Insider Threats

• How to prevent against the 5 main types of insider threats - IT Security Guru

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)

• Uncle Sam tries to wrangle 'money mules' • The Register

• Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Ads for lucrative jobs in Asia may be tech slavery scams • The Register

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Banking, tech and telecoms groups combine to gather intelligence on scammers | Financial Times (ft.com)

Supply Chain and Third Parties

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC

Software Supply Chain

• GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)

Cloud/SaaS

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)

Attack Surface Management

• The Need to Isolate Branch Offices in High-Risk Countries (darkreading.com)

Identity and Access Management

• 7 access management challenges during M&A - Help Net Security

• Think security first when switching from traditional Active Directory to Azure AD | CSO Online

Encryption

• Quantum attack would trigger Great Depression, think tank warns | SC Media (scmagazine.com)

API

• API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• What is API Security? | Definition from TechTarget

• The fragmented nature of API security ownership - Help Net Security

Open Source

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inactive accounts pose significant account takeover security risks | CSO Online

• What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)

• Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)

Biometrics

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Social Media

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

Training, Education and Awareness

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Realistic simulations are transforming cyber security training - Help Net Security

Travel

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Four ways your devices can be hacked in hotels and how to stay safe | This is Money

• Tips to Protect Against Holiday and Airline Scams - IT Security Guru

Parental Controls and Child Safety

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Regulations, Fines and Legislation

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

Models, Frameworks and Standards

• NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)

• New security model launched to eliminate 95% of cyber breaches - IT Security Guru

Backup and Recovery

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

Data Protection

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How to become a bug bounty hunter: Getting started | TechTarget

Law Enforcement Action and Take Downs

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

Privacy, Surveillance and Mass Monitoring

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• UK police to 'embed' facial recog but oversight is at risk • The Register

• Abuse of government spying powers: What's to worry about? • The Register

• Reflections on Ten Years Past The Snowden Revelations (ietf.org)

Misinformation, Disinformation and Propaganda

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Opinion: Cyber war and (no) peace (insuranceinsider.com)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• What’s Russia Planning? (informationsecuritybuzz.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• What’s Russia Planning? (informationsecuritybuzz.com)

• United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Nation State Actors

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)

• SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• GoldenJackal: Threat Risk For Organisations In Middle East & South Asia (informationsecuritybuzz.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (thehackernews.com)

• Fata Morgana Watering Hole Attack Targets Shipping, Logistics Firms - Infosecurity Magazine (infosecurity-magazine.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• Five Eyes and Microsoft accuse China US infrastructure raids • The Register

• Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security

• Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)

• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)

Vulnerability Management

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Fresh perspectives needed to manage growing vulnerabilities - Help Net Security

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• How to check for new exploits in real time? VulnCheck has an answer | CSO Online

Vulnerabilities

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites (searchenginejournal.com)

• Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)

• Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)

• Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)

• Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)

• GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)

• 83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)

• CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs

• Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security

• Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Tools and Controls

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• CMOs & CISOs: Uniting for Stronger Brands (cmswire.com)

• Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• How continuous security monitoring is changing the compliance game - Help Net Security

• Blacklist untrustworthy apps that peek behind your firewall - Help Net Security

• How generative AI is reshaping the identity verification landscape - Help Net Security

• What is API Security? | Definition from TechTarget

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• The fragmented nature of API security ownership - Help Net Security

• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)

• Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• 6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Attributes of a mature cyber-threat intelligence program | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

• Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

• Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

• Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

• Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

• 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

• 97% of organisations indicated they are experiencing private cloud problems.

• 75% have experienced a cyber security breach, threat and/or theft of data.

• 75% said shadow IT “impairs their ability to keep data secure.”

• 60% allow employees to download sensitive data to their personal devices.

• 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

• 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

• Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

• Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

• When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

• Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

• How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

• Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

• Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

• Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/

Threats

Ransomware, Extortion and Destructive Attacks

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Microsoft patches vulnerability used in Nokoyawa ransomware attacks | CSO Online

• How LockBit Changed Cyber security Forever (securityintelligence.com)

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Rorschach ransomware deployed by misusing a security tool - Help Net Security

• Medusa ransomware claims attack on Open University of Cyprus (bleepingcomputer.com)

• Cyble — New Cylance Ransomware with Power-Packed CommandLine Options

• Taiwanese PC Company MSI Falls Victim to Ransomware Attack (thehackernews.com)

• KFC, Pizza Hut owner discloses data breach after ransomware attack (bleepingcomputer.com)

• 7 Things Your Ransomware Response Playbook Is Likely Missing (darkreading.com)

• Cyber crime group exploits Windows zero-day in ransomware attacks-Security Affairs

• Windows zero-day vulnerability exploited in ransomware attacks (bleepingcomputer.com)

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Latitude Financial Refuses to Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)

• Superyacht-Maker Hit by Easter Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Microsoft: Phishing attack targets accountants as Tax Day approaches (bleepingcomputer.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Phishing Campaign Targeting YouTube Content Creators, Malware Hitting Charging Stations - MSSP Alert

BEC – Business Email Compromise

• 'BEC 3.0' Is Here with Tax-Season QuickBooks Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Simple psychology is the most dangerous form of cyber attack (thetimes.co.uk)

2FA/MFA

• Comparing enabled and enforced MFA in Microsoft 365 | TechTarget

• Rilide browser extension steals MFA codes - Help Net Security

Malware

• New Mirai Variant Employs Uncommon Tactics to Distribute Malware (darkreading.com)

• Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques (thehackernews.com)

• BlackGuard Stealer Extends its Capabilities in New Variant - MSSP Alert

• Check Point Software Technologies: Qbot Top Malware in March 2023 - MSSP Alert

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

• Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks (bleepingcomputer.com)

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft, Fortra Gains Legal Rights Against Cobalt Strike Abuse (informationsecuritybuzz.com)

• Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users (darkreading.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Mobile

• Protect your data with a USB condom | ZDNET

• FBI warns about dangers of public USB charging ports | Popular Science (popsci.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Android phones vulnerable to remote hacking — update right now | Tom's Guide (tomsguide.com)

• Burglars tunnel through Apple Store’s neighbour, allegedly steal $500K in iPhones | Ars Technica

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• Cyber criminals To Add Android Malware On Google Play Up To $20,000 (informationsecuritybuzz.com)

• Cyber criminals Turn to Android Loaders on Dark Web to Evade Google Play Security (thehackernews.com)

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Flood NPM with Bogus Packages Causing a DoS Attack (thehackernews.com)

• DDoS attacks shifting to VPS infrastructure for increased power (bleepingcomputer.com)

• DDoS threat report for 2023 Q1 (cloudflare.com)

• DDoS alert traffic reaches record-breaking level of 436 petabits in one day - Help Net Security

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

Internet of Things – IoT

• Printers Pose Persistent Yet Overlooked Threat (darkreading.com)

• There’s a new form of keyless car theft that works in under 2 minutes | Ars Technica

• Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters

• Default static key in ThingsBoard IoT platform can give attackers admin access | CSO Online

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• New Ultrasonic Acoustic Attack Targeting Microphones and Voice Assistants Gives Remote Access to Most Smart Devices - The Debrief

• Zigbee PRO 2023 introduces new security mechanisms, feature enhancements - Help Net Security

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Data Breaches/Leaks

• Samsung employees unwittingly leaked company secret data by using ChatGPT-Security Affairs

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Service NSW breach exposes personal data affecting thousands of customers | 7NEWS

• Leaked n documents provide rare window into depth of US intelligence on allies and foes | CNN Politics

• Military Intel Leak Investigated By US Officials (informationsecuritybuzz.com)

• Hyundai data breach exposes owner details in France and Italy (bleepingcomputer.com)

• Over 20,000 Iowa Medicaid Members Affected By Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Criminal businesses adopt corporate behaviour as they grow - Help Net Security

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Breached shutdown sparks migration to ARES data leak forums (bleepingcomputer.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• 5 Types of Cyber Crime Groups (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Sentiment DeFi Hacker Makes Amends by Returning 90% of Funds (beincrypto.com)

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• EU-Funded Report Calls for Crypto ID Checks, Police Training to Combat Darknet Markets (coindesk.com)

Insider Risk and Insider Threats

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Cyber criminals use simple trick to obtain personal data - Help Net Security

• Nearly Half of Workers Pilfer Former Employers’ Passwords to Access Accounts, Study Says - MSSP Alert

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Building a human firewall to block cyber attacks | McKinsey

• How to Combat Insider Threats-Security Affairs

Fraud, Scams & Financial Crime

• FBI warns of companies exploiting sextortion victims for profit (bleepingcomputer.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• When Banking Laws Don't Protect Consumers From Cybertheft (darkreading.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

• Stolen Card Numbers Plummet 94% Globally - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• 3CX confirms North Korean hackers behind supply chain attack (bleepingcomputer.com)

• Capita: IT outsourcer reels from being locked out of its own IT (thetimes.co.uk)

Cloud/SaaS

• Western Digital struggles to fix massive My Cloud outage, offers workaround (bleepingcomputer.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse - SecurityWeek

• How and Why to Put Multicloud to Work (darkreading.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

Hybrid/Remote Working

• 4 ways to secure your remote work setup | ZDNET

• Hybrid work environments are stressing CISOs - Help Net Security

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

Attack Surface Management

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• The new weakest link in the cyber security chain - Help Net Security

Shadow IT

• How to use a CASB to manage shadow IT | TechTarget

Identity and Access Management

• Identity Management Day: 3 Things MSSPs Need to Know - MSSP Alert

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

Encryption

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Why the US Needs Quantum-Safe Cryptography Deployed Now (darkreading.com)

API

• How to fix the top 5 API vulnerabilities | TechTarget

• Google launches dependency API and curated package repository with security metadata | CSO Online

• Why Shadow APIs are More Dangerous than You Think (thehackernews.com)

Open Source

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Almost Half of Former Employees Say Their Passwords Still Work (darkreading.com)

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Why it's time to move towards a passwordless future - Help Net Security

• AI can crack most password in less than a minute | TechRadar

• How an AI tool could crack your passwords in seconds | ZDNET

• Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype | Ars Technica

Social Media

• Tech layoffs raise new alarms about how platforms protect users | CNN Business

Malvertising

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

Training, Education and Awareness

• How to transform cyber security learning and make content more engaging - Help Net Security

Regulations, Fines and Legislation

• Lagging regulations frustrate protecting data from cyber attacks (themandarin.com.au)

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Battle could be brewing over new FCC data breach reporting rules | CSO Online

• When Banking Laws Don't Protect Consumers From Cyber Theft (darkreading.com)

Governance, Risk and Compliance

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Skyhigh Security Report: 75% of Organizations Have Suffered a Cyber security Breach - MSSP Alert

• Strategising cyber security: Why a risk-based approach is key | World Economic Forum (weforum.org)

• Who should I inform after a data hack? (thetimes.co.uk)

• Two-Fifths of IT Pros Told to Keep Breaches Quiet - Infosecurity Magazine (infosecurity-magazine.com)

• Outcome-based cyber security paves way for organizational goals - Help Net Security

• Why reporting an incident only makes the cyber security community stronger | CSO Online

• 6 common challenges facing cyber security teams and how to overcome them | TechCrunch

• Top 10 Cyber security Trends for 2023: From Zero Trust to Cyber Insurance (thehackernews.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Gartner: Human-Centric Design Is Top Cyber Security Trend for 2023 (darkreading.com)

Law Enforcement Action and Take Downs

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Spanish cops arrest teenage 'Robin Hood hacker' • The Register

• Australia Is Scouring the Earth for Cyber criminals — the US Should Too (darkreading.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• Dutch Police mails RaidForums members to warn they’re being watched (bleepingcomputer.com)

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Tesla Sued Over Workers' Alleged Access to Car Video Imagery - SecurityWeek

• Consumers take data control into their own hands amid rising privacy concerns - Help Net Security

Artificial Intelligence

• 5 ChatGPT security risks in the enterprise | TechTarget

• Samsung employees unwittingly leaked company secret data by using ChatGPT - Security Affairs

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• US cyber chiefs warn of threats from China and AI • The Register

• When you're talking to a chatbot, who's listening? | CNN Business

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• GPT-4 tried to escape into the internet today and it ‘almost worked’ | by Cezary Gesikowski | Mar, 2023 | Bootcamp (uxdesign.cc)

• It sounds like science fiction but it’s not: AI can financially destroy your business | Gene Marks | The Guardian

• AI can crack most password in less than a minute | TechRadar

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• European privacy watchdog creates ChatGPT task force | Reuters

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers linked to widespread attacks targeting NATO and EU (bleepingcomputer.com)

• NTC Vulkan leak shows evolving Russian cyberwar capabilities | CSO Online

• What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine | CyberScoop

• The Discord servers at the center of a massive US intelligence leak | CyberScoop

• Cisco trashed offices and destroyed spares as it quit Russia • The Register

• Another zero-click Apple spyware biz shows up in town again • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Experts warn of new spyware threat targeting journalists and political figures | Hacking | The Guardian

• Russia's Joker DPR Claims Access to Ukraine Troop Movement Data (darkreading.com)

• Spyware Offered to Cyber attackers via PyPI Python Repository (darkreading.com)

• Russian hackers ‘target security cameras inside Ukraine coffee shops’ | Ukraine | The Guardian

• Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool | CyberScoop

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

Nation State Actors

• Russia-linked APT29 is behind recent attacks targeting NATO and EU-Security Affairs

• North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack (thehackernews.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• US cyber chiefs warn of threats from China and AI • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• Google is on a crusade against cyber security threats from North Korea | TechRadar

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Leaked US. assessment includes warning about Russian hackers accessing sensitive infrastructure (nbcnews.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• Lazarus Group's DeathNote Campaign Reveals Shift in Targets - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Eliminating 2% of Exposures Could Protect 90% of Critical Assets - Infosecurity Magazine (infosecurity-magazine.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Google Launches New Cyber security Initiatives to Strengthen Vulnerability Management (thehackernews.com)

Vulnerabilities

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Windows admins warned to patch critical MSMQ QueueJumper bug (bleepingcomputer.com)

• Nokoyawa ransomware attacks with Windows zero-day | Securelist

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• Apple issues emergency patches for spyware-style 0-day exploits – update now! – Naked Security (sophos.com)

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek

• Cisco Patches Code and Command Execution Vulnerabilities in Several Products - SecurityWeek

• CISA orders agencies to patch Backup Exec bugs used by ransomware gang (bleepingcomputer.com)

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips • The Register

• Twitter 'Shadow Ban' Bug Gets Official CVE (darkreading.com)

• Exploit available for critical bug in VM2 JavaScript sandbox library (bleepingcomputer.com)

• Microsoft finally gets around to fixing half-decade-old Firefox CPU bug | TechRadar

• SAP releases security updates for two critical-severity flaws (bleepingcomputer.com)

• Adobe Plugs Gaping Security Holes in Reader, Acrobat - SecurityWeek

• Limit Login Attempts Plugin Patches Severe Unauthenticated Stored XSS Vulnerability – WP Tavern

• Fortinet Patches Critical Vulnerability in Data Analytics Solution - SecurityWeek

• How Microsoft’s Shared Key authorization can be abused and how to fix it | CSO Online

• Microsoft shares fix for Outlook issue blocking access to emails (bleepingcomputer.com)

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Tools and Controls

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• Stopping criminals from abusing security tools - Microsoft On the Issues

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• LastPass Breach Reveals Important Lessons (darkreading.com)

• The Pope's Security Gets a Boost With Vatican's MDM Move (darkreading.com)

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• Detailed Analysis Of The Best Password Managers In 2023 (informationsecuritybuzz.com)

• How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments (darkreading.com)

• SD-WAN vs. VPN: How do they compare? | TechTarget

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

• What is an Intrusion Prevention System (IPS)? (techtarget.com)

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• 4 strategies to help reduce the risk of DNS tunnelling | CSO Online

Reports Published in the Last Week

• DDoS threat report for 2023 Q1 (cloudflare.com)

Other News

• MSI Confirms Cyber Attack, Issues Firmware Download Guidance - SecurityWeek

• Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign - Microsoft Security Blog

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Western Digital restores service; attack details remain unclear | TechTarget

• 5 tips for tackling technical debt | CIO

• The Internet Reform Trilemma (darkreading.com)

• Rapid7 Has Good News for UK Security Posture - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hackers Hit One Third of Organisations Worldwide Multiple Times

Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.

The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.

Overall, respondents rated the following as the top cyber threats in 1H 2022:

• Business Email Compromise (BEC)

• Clickjacking

• Fileless attacks

• Ransomware

• Login attacks (Credential Theft)

Here are some key findings from the study:

• The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.

• This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.

• The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.

• The number now expected to be compromised over the coming year has also increased from 76% to 85%.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0

By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.

You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.

https://www.msspalert.com/cybersecurity-research/hackers-hit-one-third-of-organizations-worldwide-multiple-times/

• Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks

Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.

Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.

According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.

The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.

These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.

Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.

Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.

The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.

In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.

Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.

https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/

• 90% of Organisations have Microsoft 365 Security Gaps

A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?

Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:

• 90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins

• 87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)

• Only 17% of companies had strong password requirements that were being consistently followed.

Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.

In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:

• The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.

• 17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.

Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.

https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

• Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors

A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.

The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.

“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.

“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.

As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.

The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.

https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/

• The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For

With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.

In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.

A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.

Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”

Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).

Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.

For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.

https://informationsecuritybuzz.com/the-real-cost-of-cyber-attacks-what-organizations-should-be-prepared-for-2/

• 34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware

As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.

"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.

Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.

A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.

Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.

https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html

• “Password” Continues to Be the Most Common Password in 2022

You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.

But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.

As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.

“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.

“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”

Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.

“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.

The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).

https://news.softpedia.com/news/password-continues-to-be-the-most-common-password-in-2022-as-well-536503.shtml

• Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.

At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.

https://9to5mac.com/2022/11/25/massive-twitter-data-breach/

• European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked

On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.

As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.

In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.

Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.

https://www.europarl.europa.eu/news/en/press-room/20221118IPR55707/european-parliament-declares-russia-to-be-a-state-sponsor-of-terrorism

https://informationsecuritybuzz.com/comment-european-parliament-hit-by-cyberattack-after-vote-on-russia/

• The Changing Nature of Nation-State Cyber Warfare

Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.

The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.

Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.

The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.

https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/

• Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question

Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.

Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.

With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.

But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.

Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance.  While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.

https://informationsecuritybuzz.com/is-your-company-covered-for-a-cybersecurity-attack-thats-the-2-million-question/

Threats

Ransomware and Extortion

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank hackers release 1,500 more patient records on dark web, including mental health data | Medibank | The Guardian

• Fake subscription invoices lead to corporate data theft and extortion - Help Net Security

• Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network • Graham Cluley

• Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)

• New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)

• Donut extortion group also targets victims with ransomware (bleepingcomputer.com)

• Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)

• Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)

• An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs

• Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• Cybereason warns of fast-moving Black Basta campaign (techtarget.com)

• Spate Of Ransomware Targeting Healthcare Cost $92 Billion In Downtime Since 2018, Experts Weigh In - Information Security Buzz

• RansomExx Upgrades to Rust (securityintelligence.com)

• Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)

• Montreal-area city hit by ransomware: Report | IT World Canada News

Phishing & Email Based Attacks

• Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)

• World Cup phishing emails spike in Middle Eastern countries • The Register

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• SocGholish finds success through novel email techniques | SC Media (scmagazine.com)

BEC – Business Email Compromise

• Ten Charged in $11m Healthcare BEC Plots - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online

• A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot

• Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs

• All You Need to Know About Emotet in 2022 (thehackernews.com)

• New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)

• Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)

• This new malware is able to bypass all of Microsoft's security warnings | TechRadar

• Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)

Mobile

• 'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)

• Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)

• Your iPhone may be collecting more personal data than you think | Digital Trends

• This Android File Manager App Infected Thousands of Devices with SharkBot Malware (thehackernews.com)

• Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity

• WhatsApp data leak: 500 million user records for sale | Cybernews

Internet of Things – IoT

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Data Breaches/Leaks

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• WhatsApp data leak: 500 million user records for sale - Security Affairs

• California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com

• Personal data of AirAsia Malaysia, Indonesia and Thailand passengers allegedly leaked due to ransomware - SoyaCincau

Organised Crime & Criminal Actors

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)

• DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News

• Hackers are locking out Mars Stealer operators from their own servers | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)

• Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Crypto exchanges’ bundling of services threatens stability, says Bank of England official | Financial Times (ft.com)

• Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)

Fraud, Scams & Financial Crime

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Beware - Black Friday online shopping scams are here now | TechRadar

• Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online

• Pig butchering domains seized and slaughtered by the Feds • The Register

• Experts Warn Remote Workers of Black Friday Security Threats - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• What cyber insurance really covers - Help Net Security

Software Supply Chain

• CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers - Infosecurity Magazine (infosecurity-magazine.com) 

Denial of Service DoS/DDoS

• Out of the blue: Surviving an 18-hour, 39M-request DDoS attack - Help Net Security

Cloud/SaaS

• The impact of inadequate SaaS management - Help Net Security

Hybrid/Remote Working

• How remote working impacts security incident reporting | CSO Online

Identity and Access Management

• Access Rights – Bridging the Gap Between Current and Desired States - Information Security Buzz

Encryption

• Mathematical theorem used to crack US government encryption algorithm (phys.org)

API

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• The API Timebomb - Information Security Buzz

• What are different types of APIs? - IT Security Guru

• Three security design principles for public REST APIs - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• Guess the most common password. Hint: We just told you • The Register

• World Cup Players Among Most Breached Passwords - IT Security Guru

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)

Social Media

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)

• Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)

• Musk to abused Twitter users: Your tormentors will return • The Register

• Facebook sued for collecting personal data to sell adverts | News | The Times

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

Cyber Bullying, Cyber Stalking and Sextortion

• Musk to abused Twitter users: Your tormentors will return • The Register

Regulations, Fines and Legislation

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• UK’s Privacy Tsar Defends Controversial Enforcement Strategy - Infosecurity Magazine (infosecurity-magazine.com)

• How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop

Law Enforcement Action and Take Downs

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• Interpol Seized $130 Million from Cyber criminals in Global "HAECHI-III" Crackdown Operation (thehackernews.com)

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• iPhones are not as privacy-focused as Apple claims, researchers point out - India Today

• Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica

Misinformation, Disinformation and Propaganda

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine shows how space is now central to warfare | Financial Times (ft.com)

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• EU Parliament Putin things back together after cyber attack • The Register

• Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post

• Scotland's broadband builder linked to Israeli spyware | HeraldScotland

• Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)

Nation State Actors

Nation State Actors – Russia

• Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors – China

• US Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk (thehackernews.com)

• UK bans Chinese CCTV cameras on ‘sensitive’ government sites • The Register

Vulnerability Management

• EPSS explained: How does it compare to CVSS? | CSO Online

Vulnerabilities

• 73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)

• ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• Vulnerability in AWS AppSync allowed unauthorized access to cloud resources | The Daily Swig (portswigger.net)

• AWS fixes 'confused deputy' vulnerability in AppSync • The Register

• How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)

• Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)

• Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)

• Security experts are laying Mastodon's flaws bare | TechRadar

• Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs

• PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Tools and Controls

• Does Zero Trust mean Defence in Depth is dead? - Information Security Buzz

• Charting the Path to Zero Trust: Where to Begin (darkreading.com)

Reports Published in the Last Week

• Threat actors extend attack techniques to new enterprise apps and services - Help Net Security

Other News

• Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online

• 'Quiet quitting' poses a cyber security risk that calls for a shift in workplace culture  | VentureBeat

• Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike (thehackernews.com)

• Security Culture Matters when IT is Decentralized (trendmicro.com)

• Legacy IT system modernization largely driven by security concerns - Help Net Security

• Been Doing It The Same Way For Years? Think Again. (thehackernews.com)

• Here's how to make sure your incident response strategy is ready for holiday hackers - Help Net Security

• Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)

• Hacked digital billboard in Brisbane displays pornography for several minutes | Queensland | The Guardian

• The Case For A Security Program - Information Security Buzz

• How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)

• Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews

• Deloitte reveals 10 strategic cyber security predictions for 2023  | VentureBeat

• The Biden administration has racked up a host of cyber security accomplishments | CSO Online

• US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021

Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organisation, partly due to attempts stemming from the Log4j vulnerability, according to new data.

Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.

The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.

https://www.darkreading.com/attacks-breaches/corporate-networks-saw-50-more-attacks-per-week-in-2021-

Cyber Attacks Against MSPs Jump 67%

Cyber attacks spiked by 50 percent in 2021 as compared to 2020, aided by millions of attacks in December by hackers attempting to exploit the Log4J vulnerability, according to a Check Point Software Technologies research report.

In terming 2021 a “record breaking year,” the security provider pointed to a worldwide peak of 925 cyber attacks per organisation weekly and an October 2021 measure that showed a 40 percent increase in cyberattacks, with one out of every 61 entities hit by ransomware each week. The number of cyberattacks on managed service providers (MSPs) and internet service providers (ISPs) rose by nearly 70 percent year over year.

https://www.msspalert.com/cybersecurity-news/cyberattacks-vs-msps-skyrocket/

SMEs Still An Easy Target For Cyber Criminals

Cyber crime continues to be a major concern, with 51% of SMEs experiencing a cyber security breach, a Markel Direct survey reveals.

In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs. The survey found the most common cybersecurity attacks were malware/virus related (24%) followed by a data breach (16%) and phishing attack (15%), with 68% reporting the cost of their breach was up to £5,000.

This comes after the latest Quarterly Fraud and Cyber Crime Report revealed that Britons lost over £1 billion in the first six months of 2021, due to the considerable increase in fraudulent activity.

https://www.helpnetsecurity.com/2022/01/12/smes-cybersecurity-breach/

World Economic Forum: Cyber Security Failures an Increasing Global Threat

Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).

Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.

Digital challenges, such as “cyber security failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years

https://www.infosecurity-magazine.com/news/world-economic-forum-cybersecurity/

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft started 2022 with a large January Patch Tuesday update covering nine critical CVEs, including a self-propagator with a 9.8 CVSS score.

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.

The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).

https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise takedown, which it said was carried out at the request of the US authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organised cyber crime syndicate.

"In order to implement the criminal plan, these persons developed malicious software, organised the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement.

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html

North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says

North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.

Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.

The attacks mainly targeted investment firms and centralised exchanges.

North Korea has routinely denied being involved in hack attacks attributed to them.

"From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," Chainalysis said in a report.

https://www.bbc.co.uk/news/business-59990477

No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare

Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.

"As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere," said John Hultquist, an intelligence analyst at US cyber security company Mandiant, possibly including "destructive attacks that target critical infrastructure."

"Organisations need to begin preparing," Hultquist added.

Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organised cyber criminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.

In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.

https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/

Ukrainian Police Arrest Five Members Of Ransomware Affiliate

Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US.

In a statement, both the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.

US and UK law enforcement officials worked with Ukrainian officials on the operation.

Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware.

One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement.

The bank card details were used to buy things online that were then resold.

https://www.zdnet.com/article/ukrainian-police-arrest-members-of-ransomware-affiliate/

Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry

The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organisations today.

According to "Follow the Money," a new report (.PDF) published on the financial sector by Outpost24's Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.

The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organisations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.

They also often underpin the economy: if a payment processor or bank's systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.

https://www.zdnet.com/article/fingers-point-to-lazarus-cobalt-fin7-as-key-hacking-groups-focused-on-finance-industry/

Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For

The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organisation’s network.

In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organisations all the time.

How can financial organisations protect themselves from existing threats and combat new ones at the same time?

https://www.helpnetsecurity.com/2022/01/12/finance-industry-threats/

Threats

Ransomware

• Night Sky Ransomware Is Attacking Corporate Networks For 800k Ransom - The Cybersecurity Times

• One Of The REvil Members Arrested Was Behind Colonial Pipeline Attack - Security Affairs

• Ransomware Is Being Rewritten In Go For Joint Attacks On Windows, Linux Users | IT PRO

• Inside a Ransomware Hit at Nordic Choice Hotels - WSJ

• Watch Out, That Microsoft Edge Update Is Actually Ransomware | TechRadar

• Qlocker Ransomware Returns To Target QNAP NAS Devices Worldwide (bleepingcomputer.com)

• Trends That Shaped Ransomware – And Why It’s Not Slowing Down - CyberScoop

Phishing

• Check Your SPF Records: Wide IP Ranges Undo Email Security And Make For Tasty Phishes | ZDNet

• Phishers Are Targeting Office 365 Users By Exploiting Adobe Cloud - Help Net Security

• Hackers Exploiting Microsoft Exchange Server Vulnerabilities in Enterprise Phishing Campaigns - MSSP Alert

• Real Big Phish: Mobile Phishing & Managing User Fallibility | Threatpost

Malware

• Microsoft Defender Weakness Lets Hackers Bypass Malware Detection (bleepingcomputer.com)

• New RedLine Malware Version Spread As Fake Omicron Stat Counter (bleepingcomputer.com)

• ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS | Threatpost

• FluBot Malware Continues To Evolve. What's New In Ver 5.0 And Beyond? Security Affairs

• Oops: Cyberspies Infect Themselves With Their Own Malware (bleepingcomputer.com)

Mobile

• Android Users Can Now Disable 2G to Block Stingray Attacks (bleepingcomputer.com)

• EFF Praises Android’s New 2G Kill Switch, Wants Apple To Follow Suit | Ars Technica

• How To Protect Yourself Against Sim-Swapping Scams With Mobile Phone Fraud On The Rise (inews.co.uk)

IoT

• How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App (vice.com)

• Better Smart Home Security In 5 Easy Steps - CNET

Organised Crime & Criminal Actors

• Cyber Attacks On Corporations Hit Record Breaking Highs - IT Security Guru

Cryptocurrency/Cryptomining/Cryptojacking

• Abcbot Botnet Is Linked To Xanthe Cryptojacking Group | ZDNet

• North Korean Hackers Impersonate Major Crypto Investment Firm to Scam Startups (vice.com)

Insider Risk and Insider Threats

• Insider Threat Does Not Have To Be Malicious, So How Do You Protect Your Organisation? - Help Net Security

• Data Security In The Age Of Insider Threats: A Primer - Help Net Security

• Former DHS Official Charged With Stealing Govt Employees' PII (bleepingcomputer.com)

• Forensics Expert Kept Murder Snaps on PC - Infosecurity Magazine

Fraud, Scams & Financial Crime

• £92m Lost To Romance Scammers In 2021 - IT Security Guru

• ‘It Felt Like Losing A Husband’: The Fraudsters Breaking Hearts – And Emptying Bank Accounts | Relationships | The Guardian

DoS/DDoS

• Extortion DDoS Attacks Grow Stronger And More Common (Bleepingcomputer.Com)

• DDoS Attacks That Come Combined With Extortion Demands Are On The Rise | ZDNet

CNI, OT, ICS, IIoT and SCADA

• Manufacturers Are Starting To Realize The Importance Of OT Security - Help Net Security

• FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure (thehackernews.com)

• Critical Infrastructure Falls Short on Ransomware Readiness, Mitigation, Recovery - MSSP Alert

Nation State Actors

• Ukraine Hacks Add to Worries of Cyber Conflict With Russia | SecurityWeek.Com

• Destructive Malware Targeting Ukrainian Organisations - Microsoft Security Blog

• US Olympic Athletes Urged to Leave Phones Behind (gizmodo.com)

• Suspected Chinese Hackers Use Log4j Flaw To Deploy Night Sky Ransomware, Microsoft Warns - CyberScoop

• Russian Submarines Threatening Undersea Cables, UK Defence Chief Warns - Security Affairs

• Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor (thehackernews.com)

• US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence (thehackernews.com)

Cloud

• The Rising Threat Of Cyber Criminals Targeting Cloud Infrastructure In 2022 - Help Net Security

• 5 Top Hybrid Cloud Security Challenges | CSO Online

Passwords & Credential Stuffing

• 4 Ways Cyber Criminals Hide Credential Stuffing Attacks | CSO Online

Parental Controls and Child Safety

• UK Hacker Jailed for Spying on Children and Downloading Indecent Images (thehackernews.com)

Vulnerabilities

• CISA Adds 15 Exploited Vulnerabilities From Google, IBM, Microsoft, Oracle And More To Catalog | ZDNet

• Threat Actors Can Bypass Malware Detection Due To Microsoft Defender Weakness - Security Affairs

• noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise | CrowdStrike

• Adobe Fixes 4 Critical Reader Bugs That Were Demonstrated At Tianfu Cup - Security Affairs

• WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws (bleepingcomputer.com)

• WordPress Bugs Exploded in 2021, Most Exploitable | Threatpost

• Sonicwall SMA 100 VPN Box Security Hole Exploit Info Shared • The Register

• Cisco Patches Critical Vulnerability in Contact Center Products | SecurityWeek.Com

• Millions of Routers Exposed to RCE by USB Kernel Bug | Threatpost

• MacOS Bug Could Let Creeps Snoop On You | Threatpost

• Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws | SecurityWeek.Com

Sector Specific

Financial Services Sector

• When It Comes To Banking Security, There's No Silver Bullet - Help Net Security

SMBs – Small and Medium Businesses

• Over Half of SMEs Have Experienced a Cyber Security Breach - Infosecurity Magazine

Reports Published in the Last Week

• Finance Whitepaper. Digital risk management for FSIs. (blueliv.com)

Other News

• Hackers Penetrate 93% of Local Company Networks, Cyber Simulation Finds - MSSP Alert

• URL Parsing: A Ticking Time Bomb Of Security Exploits - TechRepublic

• Europol Told to Delete Vast Trove of Personal Information - Infosecurity Magazine

• The Race Towards Renewable Energy Is Creating New Cyber Security Risks | ZDNet

• What Is Clipboard Hijacking? How to Avoid Becoming a Victim (makeuseof.com)

• White House Reminds Tech Giants Open Source Is A National Security Issue (bleepingcomputer.com)

• Want To Improve Corporate Security? Prioritize Personal Security | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

The Log4j Flaw Will Take Years to be Fully Addressed

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly, and will require coordination between different project teams to address the flaw.

Shortly after the first vulnerability in the Apache Log4j library (CVE-2021-44228) was disclosed, Google's Open Source Insights Team surveyed all the Java packages in the Maven Central Repository "to determine the scope of the issue in the open source ecosystem of JVM based languages, and to track the ongoing efforts to mitigate the affected packages," say team members James Wetter and Nicky Ringland. The team estimates it could take years before the vulnerability is fully addressed within the Java ecosystem.

A significant part of the problem has to do with indirect dependencies. Direct dependencies, or the cases where package explicitly pulls log4j into the code, are relatively straightforward to fix, as the developer or project owner just has to update log4j to the latest version.

https://www.darkreading.com/tech-trends/the-log4j-flaw-will-take-years-to-be-fully-addressed

Copycat And Fad Hackers Will Be The Bane Of Supply Chain Security In 2022

Replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases next year, cyber security researchers have warned.

The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original -- singular -- victim or may choose to cherry-pick from the most valuable potential targets.

This can save cyber criminals time and money, as one successful attack can open the door to potentially thousands of victims at once.

A ransomware attack levied against Kaseya in 2021 highlighted the disruption a supply chain-based attack can cause. Ransomware was deployed by exploiting a vulnerability in Kaseya's VSA software, leading to the compromise of multiple managed service providers (MSP) in Kaseya's customer base.

https://www.zdnet.com/article/copycat-and-fad-hackers-will-be-the-bane-of-supply-chain-security-in-2022/

This Nightmare Incident Shows Why You Really Shouldn't Store Passwords In Your Browser

An infostealer is scooping up passwords stored in browsers, experts warn

An unnamed company was recently breached after an employee stored their corporate account password in their web browser, a new report suggests.

According to research from security company AhnLab, the employee was working from home on a device shared with other household members, which was already infected with Redline Stealer, an infostealing malware.

Although the computer was equipped with antivirus software, the malware was able to evade detection, before stealing the passwords stored in the victim's browser.

https://www.techradar.com/news/this-simple-malware-shows-why-you-really-shouldnt-store-passwords-in-your-browser

Kaspersky Research: 47% of Incident Response Requests Linked to Ransomware

This year — 2021 — marked a “new era of ransomware,” said Vladimir Kuskov, head of threat exploration at Russian cyber security company Kaspersky. This is reflected in security incident requests handled by Kaspersky’s Global Emergency Response Team (GERT) between January and November 2021.

Kaspersky reported 46.7 percent of the security incidents that GERT handled in the first 11 months of 2021 were related to ransomware. Comparatively, Kaspersky attributed ransomware to 37.9 percent of security incidents that GERT handled for all of 2020 and 34 percent for 2019.

In addition, the government and industrial sectors have been the most common targets for ransomware attacks in 2021 to date, Kaspersky indicated. These industries accounted for nearly 50 percent of ransomware-related incident response requests that GERT has handled.

https://www.msspalert.com/cybersecurity-research/kaspersky-research-47-of-incident-response-requests-linked-to-ransomware/

Global Cyber Attacks from Nation-State Actors Posing Greater Threats

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.

The macro-trend I’m most alarmed by today is the fact that attackers don’t seem to care about getting caught anymore. We have seen an increase in temerity of attacks by nation-states, such as the Russian attack on SolarWinds, and seen their attack tactics shift from targeted, stealthy operations into opportunistic hacks for potential future uses, such as the attacks attributed to Hafnium.

Such a brazen approach hasn’t been a common tactic of nation-states in the past, but now seems to be the status quo. In part, this trend may also be due to a destabilization of the international relations climate stemming from COVID-19, as well as work-from-home forcing core business services out onto the internet to facilitate employee access.

Broadly speaking, we should see China as a rising cyber security threat on the international stage. That has been the case for some time in terms of their economic, defense and military posture, but 2021 has quite clearly demonstrated that the relationship has deteriorated into a sort of Cold War, with espionage playing out in the cyber-domain.

https://threatpost.com/global-cyberattacks-nation-state-threats/177253/

Y2k22 Bug Is Causing Microsoft Exchange Server To Fail Worldwide: FIP-FS Scan Engine Failed To Load

Company admins are having their New Year’s celebrations interrupted by reports that their Exchange Servers are failing with the error “FIP-FS Scan Engine failed to load – Can’t Convert “2201010001” to long (2022/01/01 00:00 UTC)“.

The issue appears to be due to Microsoft using the first two numbers of the update version to denote the year of the update, which caused the “long” version of the date to overflow.

At present, it seems the main workaround is to disable the anti-malware scanner on the Exchange Server by using Set-MalwareFilteringServer -BypassFiltering $True -identity <server name> and restarting the Microsoft Exchange Transport service.

It appears Microsoft has not acknowledged the issue yet, but if you are affected some peer support is available at Reddit here.

Update: Microsoft has now acknowledged the issue and is working on a fix

https://mspoweruser.com/y2k22-bug-is-causing-microsoft-exchange-server-to-fail-worldwide/

External Attackers Can Penetrate Most Local Company Networks

In 93% of cases, external attackers can breach the organisation’s network perimeter and gain access to local network resources, and it takes an average of two days to penetrate the company’s internal network. In 100% of companies analysed, an insider can gain full control over the infrastructure.

These are the results of a new research report by Positive Technologies, analyzing results of the company’s penetration testing projects carried out in the second half of 2020 and first half of 2021.

The study was conducted among financial organizations (29%), fuel and energy organizations (18%), government (16%), industrial (16%), IT companies (13%), and other sectors.

During the assessment of protection against external attacks, Positive Technologies experts managed to breach the network perimeter in 93% of cases. According to the company’s researchers, this figure has remained high for many years, confirming that criminals are able to breach almost any corporate infrastructure.

https://www.helpnetsecurity.com/2021/12/28/external-attackers-local-company-networks/

The Have I Been Pwned Service Now Includes 441K Accounts Stolen By RedLine Malware

The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by the popular info-stealer.

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as a first-stage malware.

Stolen data are stored in an archive (logs) before being uploaded to a server under the control of the attackers.

A few days ago the data breach hunter Bob Diachenko discovered an unsecured server exposing over 6 million RedLine logs containing data harvested between August and September 2021. The server is still accessible, but the researchers pointed out that threat actors abandoned it because the the number of logs is not increasing.

https://securityaffairs.co/wordpress/126186/malware/redline-malware-hibp.html

Threats

Ransomware

• Organisations Targeted With Babuk-Based Rook Ransomware | SecurityWeek.Com

• QNAP NAS Devices Hit With Surge Of Ransomware Attacks | TechRadar

• Shutterfly Hit By A Conti Ransomware Attack - Security Affairs

• Cyber Attack On One Of Norway’s Largest Media Companies Shuts Down Presses - The Record by Recorded Future

Malware

• Threat Actor Uses HP iLO Rootkit To Wipe Servers - The Record by Recorded Future

• New Malware Uses SSD Over-Provisioning to Bypass Security Measures | Tom's Hardware

• Threat Actors Are Abusing MSBuild To Implant Cobalt Strike Beacons - Security Affairs

Data Breaches/Leaks

• LastPass Says No Passwords Were Compromised Following Breach Scare - The Verge

• T-Mobile Welcomed Christmas With Its Second Data Breach In Less Than Six Months - Phonearena

Organised Crime & Criminal Actors

• In the Fight Against Cyber Crime, Takedowns Are Only Temporary (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• Cryptomining Attack Exploits Docker API Misconfiguration Since 2019 | Threatpost

Insider Risk and Insider Threats

• When Employees Leave, Is Your Data Walking Out The Door? - Help Net Security

Scams, Fraud & Financial Crime

• Fraud Detection And Prevention Market To Hit $100 Billion By 2027 - Help Net Security

Nation State Actors

• China-linked BlackTech APT Uses New Flagpro Malware In Recent Attacks - Security Affairs

• APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools | Threatpost

Passwords

• RedLine Malware Shows Why Passwords Shouldn't Be Saved In Browsers (bleepingcomputer.com)

Vulnerabilities

• Experts Monitor Ongoing Attacks Using Exploits For Log4j Library Flaws - Security Affairs

• Netgear Leaves Vulnerabilities Unpatched In Nighthawk Router (bleepingcomputer.com)

Other News

• What the Rise in Cyber-Recon Means for Your Security Strategy | Threatpost

• Most Companies Struggling To Achieve Observability Despite Investing In Tools - Help Net Security

• LastPass Confirms Credential Stuffing Attack Against Some Of Its Users - The Record by Recorded Future

• A New Year Will Bring New Targets: What to Look for in 2022 | SecurityWeek.Com

• University Loses 77TB Of Research Data Due To Backup Error (bleepingcomputer.com)

• Don’t Expect A Slowdown After Record-Setting Year For Cyber Security As Several Drivers Remain For Big 2022 – Crunchbase News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.