Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw

A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.

No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.

Sources: [IT Security Guru] [Beta News] [Verdict]

Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable

According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.

The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.

Sources: [Infosecurity Magazine]  [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]

Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.

Source: [TechRadar]

UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.

Source: [The Record Media]

Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.

Sources: [JDSupra]

Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.

Source:[ SC Media] [TechRadar]

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.

Source: [The Hacker News]

Independent Cyber Security Audits Are Powerful Tools for Boards

Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by  the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.

Source: [Bloomberg Law]

Navigating Cyber Security in The Era of Mergers

In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.

Source: [Forbes]

Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.

Sources: [Help Net Security] [Dark Reading]

Governance, Risk and Compliance

• Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Three-Quarters of Cyber Incident Victims Are Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• Still on Top: Cyber Security Incidents Ranked #1 Global Business Threat in 2024 | Dinsmore & Shohl LLP - JDSupra

• Navigating Cyber Security In The Era Of Mergers (forbes.com)

• SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)

• New Risk for Weary CISOs: Becoming the Scapegoat After Cyber Criminals Strike | Corporate Counsel (law.com)

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• OODA Loop - How To Properly Cut Your Cyber Security Budget

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos: Remote ransomware attacks on SMBs increasing | TechTarget

• UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)

• Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack | Dinsmore & Shohl LLP - JDSupra

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding the multi-tiered impact of ransomware. (thecyberwire.com)

• Ransomware tracker: The latest figures [March 2024] (therecord.media)

• Cyber attack costing hospitals millions - The Boston Globe

• British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? (therecord.media)

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

• Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar

• StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

Ransomware Victims

• British Library’s legacy IT blamed for lengthy rebuild • The Register

• British Library shares lessons from cyber attack | UKAuthority

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Stanford University failed to detect intruders for 4 months • The Register

• Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)

• Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)

• Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages (voanews.com)

• UnitedHealth Sets Timeline to Restore Change Healthcare Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Belgian village whose brewery was hit by cyber attack faces another on its coffee roastery (therecord.media)

• Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)

• Child protection among critical services affected by cyber attack on English council (therecord.media)

• Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Image-based phishing tactics evolve - Help Net Security

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

• What is phishing? Examples, types, and techniques | CSO Online

• New email standards: what you need to know | TechRadar

Other Social Engineering

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

Artificial Intelligence

• AI Poses Extinction-Level Risk, State-Funded Report Says | TIME

• Cyber crime underworld has removed all the guardrails on AI frontier

• Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)

• Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data - Security Boulevard

• Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)

• Intelligence officials warn pace of innovation in AI threatens US | CyberScoop

• How advances in AI are impacting business cyber security - Help Net Security

• NCSC Blog - AI and cyber security: what you need to know (techuk.org)

• Are Global Companies Equipped to Tackle Emerging AI-Driven Cyber Threats? New Study Reveals Insights | Cryptopolitan

• 4 types of prompt injection attacks and how they work | TechTarget

• How data poisoning attacks work | TechTarget

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• How to craft a generative AI security policy that works | TechTarget

2FA/MFA

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security

• SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

• Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)

• RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)

• Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)

Mobile

• Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard

• SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)

• PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• French government sites disrupted by très grande DDOS • The Register

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

• RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR

• The Growing Threat of Application-Layer DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks reach critical levels in 14 seconds | Security Magazine

Internet of Things – IoT

• Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard

• Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week

• The S in IoT stands for security • The Register

• Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

Data Breaches/Leaks

• Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra

• Jersey regulator's data breach leaks names and addresses - BBC News

• Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)

• Okta denies it was hacked again after data appears on hacking site | TechRadar

• Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)

• French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

Organised Crime & Criminal Actors

• How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)

• How to Identify a Cyber Adversary: What to Look For (darkreading.com)

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week

Insider Risk and Insider Threats

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Insider threats can damage even the most secure organisations - Help Net Security

• Your tech tools won’t save you from cyber threats | TechRadar

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• Meta Sues Former VP After Defection to AI Startup - Infosecurity Magazine (infosecurity-magazine.com)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

Insurance

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

Supply Chain and Third Parties

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International

Cloud/SaaS

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• How Not to Become the Target of the Next Microsoft Hack (darkreading.com)

• Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

• Cloud security vs. network security: What's the difference? | TechTarget

Encryption

• Building The Defence Sector's Quantum Threat Resilience (forbes.com)

• Are private conversations truly private? A cyber security expert explains how end-to-end encryption protects you (theconversation.com)

Linux and Open Source

• How to Ensure Open Source Packages Are Not Landmines (darkreading.com)

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)

• Overcoming the threat of account takeover fraud (securitybrief.co.nz)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leverage document publishing sites for ongoing credential and session token theft (talosintelligence.com)

• LastPass suffers worldwide outage causing site 404 error - 9to5Mac

Social Media

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

Training, Education and Awareness

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

Regulations, Fines and Legislation

• Everything you need to know about the EU's Cyber Solidarity Act | ITPro

• Cyber Security: European Parliament adopts Cyber Resilience Act at first reading | Practical Law (thomsonreuters.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

Models, Frameworks and Standards

• 4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

Backup and Recovery

• Immutability: A boost to your security backup (betanews.com)

Data Protection

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• How do you lot feel about Pay or OK model, ICO asks Brits • The Register

Careers, Working in Cyber and Information Security

• Half of firms struggling to hire cyber security experts (securitybrief.co.nz)

• UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

• Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

• How To Overcome The Machismo Problem In Cyber Security (forbes.com)

Law Enforcement Action and Take Downs

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

• WEF effort to disrupt cyber crime moves into operations phase • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

• Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. (thecyberwire.com)

• Chinese company at the centre of Biden's US port crane order denies it's a security threat | Fortune Asia

• Lithuania security services warn of China's espionage against the country (securityaffairs.com)

• Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

Russia

• Microsoft says Russian hackers stole source code after spying on its executives - The Verge

• Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)

• Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)

• Microsoft says it hasn't been able to evict Russian state hackers | AP News

• Why Cyber Attacks on Ukrainians Aren’t Working the Way Russia Expected - Carnegie Endowment for International Peace

• Kremlin accuses US of plotting election-day cyber attack • The Register

• Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC

• First-ever South Korean national detained for espionage in Russia (securityaffairs.com)

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

North Korea

• Japan Blames North Korea for PyPI Supply Chain Cyber Attack (darkreading.com)

Vulnerability Management

• How to Streamline the Vulnerability Management Life Cycle - Security Boulevard

• Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)

• Former CISA Dir. Krebs on cyber threats: Microsoft and others are 'hanging on by a thread' right now (cnbc.com)

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

Vulnerabilities

• Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (thehackernews.com)

• Adobe Patches Critical Flaws in Enterprise Products - Security Week

• Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week

• Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• SAP Patches Critical Command Injection Vulnerabilities - Security Week

• Cisco addressed severe flaws in its Secure Client (securityaffairs.com)

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard

• New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register

• Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)

• CISA confirms compromise of its Ivanti systems | TechTarget

• Threat actors breached two crucial systems of the US CISA (securityaffairs.com)

• Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)

• QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now | TechRadar

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week

Tools and Controls

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• 10 cloud security tips every IT leader should know | ITPro

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• Cloud security vs. network security: What's the difference? | TechTarget

• Immutability: A boost to your security backup (betanews.com)

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

• How teams can improve incident recovery time to minimize damages - Help Net Security

• New email standards: what you need to know | TechRadar

• Creating Security Through Randomness (darkreading.com)

• AI and the future of corporate security - Help Net Security

Reports Published in the Last Week

• The State of Email & Collaboration Security 2024 | Mimecast

Other News

• The rise of cyber attacks on financial institutions highlight the need to build a security culture   | SC Media (scmagazine.com)

• Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar

• French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)

• US Intelligence Predicts Upcoming Cyber Threats for 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard

• 78% of MSPs state cyber security is a prominent IT challenge | Security Magazine

• No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED

• Maritime cyber security: threats and challenges - Port Technology International

• What resources do small utilities need to defend against cyber attacks? | CyberScoop

• 10 free cyber security guides you might have missed - Help Net Security

• Using the wrong font could be a major security problem — and possibly not for the reason you might think | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Group Targeting MSPs Worldwide in New Campaign

Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.

The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.

Source [Dark Reading]

As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable

Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.

Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.

This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.

Sources [WWD] [InfoSecurity Magazine] [CRN]

Business Email Compromise Attack Costs Far Exceeding Ransomware Losses

Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.

Source [ITPro]

Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible

According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.

A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.

With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.

Sources [Tech Radar] [Makeuseof]

Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations

In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.

Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.

Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]

LinkedIn Suffers Significant Wave of Account Hacks

LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.

With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.

Source [Dark Reading]

High Net-Worth Families are at Risk of Cyber Crime

A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.

A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.

Source [Campdenfb]

Cyber Attack Rule Raises Insurance Risks for Corporate Officers

The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.

Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.

Whilst this is only in the US at the moment, other developed nations are likely to follow suit.

Source [Bloomberg Law]

PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously

The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.

The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.

Source [The Guardian]

The Imperative of Cyber Preparedness: The Power of Tabletop Exercises

Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.

A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.

Source [JDSupra]

Why Are Phones a Cyber Security Weak Spot?

Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.

Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.

Source [Tech Shout]

Governance, Risk and Compliance

• Hedge Fund Cyber security Trends Report says Majority Firms Report a Surge in Cyber Attacks - ITSecurityWire

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• 1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru

• Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• The Imperative of Cyber Preparedness: The Power of Tabletop Exercises | Bradley Arant Boult Cummings LLP - JDSupra

• Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)

• Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• 4 reasons to understand technology risks when buying a business (businessplus.ie)

• What did you say? Boards tackle corporate jargon | Fortune

• Boards Don't Want Security Promises — They Want Action (darkreading.com)

• Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)

• How threats to mid-sized businesses impact us all - Help Net Security

• 7 Reasons People Don't Understand What You Tell Them (darkreading.com)

• 6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Threats

Ransomware, Extortion and Destructive Attacks

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)

• Ransomware Surges With 1500 Confirmed Victims This Year - Infosecurity Magazine (infosecurity-magazine.com)

• 'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)

• As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN

• Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)

• Companies are finding it harder to detect ransomware | TechRadar

• Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)

• Ransomware: To pay or not to pay - Help Net Security

• Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW

• 'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• It's time for companies to double down on cyber security measures as ransomware attacks rise, say experts | CBC News

• Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek

• Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)

• Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the US and IT Integrator in Latin America (databreaches.net)

• Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)

• 3 strategies that can help stop ransomware before it becomes a crisis | CSO Online

• Latitude Financial takes profit hit from major cyber attack | The West Australian

• MOVEit cyber attack ignites worry about retirement plan fiduciary responsibility | Pensions & Investments (pionline.com)

• Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)

• Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)

• HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED

• Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)

• How to Create a Ransomware Incident Response Plan (techtarget.com)

Ransomware Victims

• Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)

• Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)

• Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• LockBit claims seven new victims in ransomware spree (techmonitor.ai)

• Cyber attack strikes Prince George's County schools, district says - The Washington Post

• Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Inside Housing - News - Hackney to procure new IT system after cyber attack

• Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)

• Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)

• Alberta dental benefits administrator hit by cyber attack | Edmonton Sun

Phishing & Email Based Attacks

• Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)

• If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine

• Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)

• Email – The System Running Since 71’ - SecurityWeek

• 3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)

• Most consumers can't spot phishing scams | TechRadar

• Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)

• Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)

• What Is a Blank Image Phishing Scam? (makeuseof.com)

• Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

• Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE

• Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)

• 30% of phishing threats involve newly registered domains - Help Net Security

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)

BEC – Business Email Compromise

• Business email compromise attack costs far exceeding ransomware losses | ITPro

Artificial Intelligence

• Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt

• 66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices - IT Security Guru

• ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)

• AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)

• New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru

• Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine

• Navigating generative AI risks and regulatory challenges - Help Net Security

• Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Top 10 AI Security Risks According to OWASP (trendmicro.com)

• AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)

• Cyber security practitioners' generative AI dilemma (iapp.org)

• People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

2FA/MFA

• How to prevent multifactor authentication fatigue attacks - SiliconANGLE

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

Malware

• Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)

• Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• Malware could be hiding on your Mac thanks to faults in Apple’s Background Task Manager | Tom's Guide (tomsguide.com)

• An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED

• Macs are getting compromised to act as proxy exit nodes - Help Net Security

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealers-Security Affairs

• Malware Dwell Time: Everything You Need to Know (makeuseof.com)

• Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)

• Security Researchers Publish Gigabud Banking Malware Analysis - Infosecurity Magazine (infosecurity-magazine.com)

• Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)

• Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag

• New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

• Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)

• Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | Cyber scoop

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Turns out AI probably isn't very good at writing malware • The Register

• Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)

Mobile

• Why Are Phones A Cyber security Weak Spot? - TechShout

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)

• 3 Mobile or Client-Side Security Myths Debunked (darkreading.com)

• Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)

• Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)

• FBI warns of money-stealing fake beta-release mobile apps • The Register

• Three reasons why your smartphone needs security protection (securitybrief.co.nz)

• Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)

• This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch

Botnets

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)

Denial of Service/DoS/DDOS

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (therecord.media)

Internet of Things – IoT

• Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)

• Is YOUR electric car vulnerable to hackers? How cyber criminals could steal personal data because of weak security at charging hubs and 'flaws' in vehicles' outdated software | Daily Mail Online

• Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)

Data Breaches/Leaks

• Electoral Commission had unpatched vulnerability on server • The Register

• PSNI and UK voter breaches show data security should be taken more seriously | Data and computer security | The Guardian

• UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)

• UK govt contractor MPD FM leaks employee passport data-Security Affairs

• Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)

• PSNI: Leaked Data Will be Used to Target Police Officers - Infosecurity Magazine (infosecurity-magazine.com)

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Over 100 Court Service agency workers warned of payslip security breach after cyber attack | BelfastTelegraph.co.uk

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• Alberta Dental Services Security Breach Exposes 1.47M Records - Infosecurity Magazine (infosecurity-magazine.com)

• The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)

• Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Man arrested in Northern Ireland police data leak • The Register

• teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company

• Here’s what you need to do after your personal data is breached (telegraph.co.uk)

Organised Crime & Criminal Actors

• Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)

• Cyber security researchers become target of criminal hackers | Financial Times (ft.com)

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealersSecurity Affairs

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

• File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• Web3 projects suffered from forty-two exploits within a week (coinpaper.com)

Insider Risk and Insider Threats

• The Data Behind Human Cyber Risk - GovInfoSecurity

Fraud, Scams & Financial Crime

• A Third of UK University Students Targeted By Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)

• “Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)

• Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)

• The road ahead for ecommerce fraud prevention - Help Net Security

• A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED

Insurance

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

Dark Web

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

Supply Chain and Third Parties

• Building Cyber security into the supply chain is essential as threats mount (att.com)

• Why the public sector still loves Capita (even though it got hacked) - Tech Monitor

• How to Ensure Cyber Resilience Across the Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)

• PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)

Software Supply Chain

• Study reveals staggering cost of vulnerable software supply chains - Plant & Works Engineering (pwemag.co.uk)

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

Cloud/SaaS

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing

• Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

Containers

• Kubernetes clusters face widespread attacks across numerous organisations - Help Net Security

Encryption

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• WhatsApp is right to be angry about the UK’s encryption mess | The Spectator

• Google adds post-quantum encryption key protection to Chrome • The Register

API

• The Evolution of API: From Commerce to Cloud-Security Affairs

• How financial services cyber regulations are hotting up for API security (betanews.com)

Open Source

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

• Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 6 best practices to defend against corporate account takeover attacks | CSO Online

• What's the State of Credential theft in 2023? (thehackernews.com)

• Building a secure future without traditional passwords - Help Net Security

• Are browser-stored passwords secure? | Kaspersky official blog

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

Social Media

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

Malvertising

• Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser

• Malvertisers up their game against researchers (malwarebytes.com)

Training, Education and Awareness

• Tips on employee cyber security training, risks and how to manage them - Albany Business Review (bizjournals.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Sextortion suspects on trial after one victim dies • The Register

• Digital Safety Advice is Not Getting Through to Women - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Navigating generative AI risks and regulatory challenges - Help Net Security

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra

• Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)

• How do we define “cyber worker”? The SEC’s rationale behind its new cyberincident disclosure rule. (thecyberwire.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• How financial services cyber regulations are hotting up for API security (betanews.com)

• A closer look at the new TSA oil and gas pipeline regulations - Help Net Security

• New York’s Department of Financial Services Moves to Further Bolster Cyber security Requirements | Jackson Lewis P.C. - JDSupra

Models, Frameworks and Standards

• Center for Internet Security announces secretive Microsoft partnership | StateScoop

• What's New in the NIST Cyber security Framework 2.0 (darkreading.com)

Data Protection

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Careers, Working in Cyber and Information Security

• 650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)

• Effectively upskilling cyber security professionals to help close the skills gap | CSO Online

• How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE

• Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)

• Vietnam admits massive shortage of infosec pros • The Register

• Heavy workloads driving IT professionals to resign - Help Net Security

• ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)

Law Enforcement Action and Take Downs

• Polish police arrest five in swoop on Cyber Crime site - TVN24

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Sextortion suspects on trial after one victim dies • The Register

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)

• Man arrested in Northern Ireland police data leak • The Register

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

Misinformation, Disinformation and Propaganda

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Foreign Office cyber attacks may have risked safety of civil servants and UK's allies, Tory MPs say (inews.co.uk)

• APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs

• Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)

• Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)

• Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Suspected spies for Russia held in major UK security investigation - BBC News

• Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian

China

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (thehackernews.com)

• DHS to Review Microsoft’s Security in Chinese Email Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)

• New Zealand says it is aware of China-linked intelligence activity in country | Reuters

• China teases imminent exposé of seismic US spying scheme • The Register

• Wide-ranging cyberespionage campaign by China's Ministry of State Security. Vulnerabilities in CPUs. MacOS threat trends. (thecyberwire.com)

• Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)

• 15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan

• China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says (therecord.media)

• US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch

• China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons (thehackernews.com)

Iran

• German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)

• Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)

• Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)

North Korea

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

Misc/Other/Unknown

• APTs use of lesser-known TTPs are no less of a headache - Help Net Security

Vulnerability Management

• Electoral Commission had unpatched vulnerability on server • The Register

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

Vulnerabilities

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)

• Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)

• Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations (thehackernews.com)

• Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)

• Magento shopping cart attack targets critical vulnerability • The Register

• New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)

• Data centers at risk due to flaws in power management software | CyberScoop

• Bugs in transportation app Moovit gave hackers free rides | TechCrunch

• Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability (thehackernews.com)

• Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News

• Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)

• AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar

• Windows 11 update install failures are reportedly happening again – and it’s breaking the built-in antivirus | TechRadar

• Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro

• Multiple Flaws Found in the Avada WordPress Theme and Plugin - Infosecurity Magazine (infosecurity-magazine.com)

• Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica

Tools and Controls

• What is Cyber security Monitoring? - MSSP Alert

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• AI-powered fraud detection: Strengthening security in fintech | The Financial Express

• Microsoft Teams Rooms on Windows to enhance security with meeting ID and passcode requirement - OnMSFT.com

• MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)

• Evaluate the risks and benefits of AI in cyber security | TechTarget

• How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)

• Lock Down APIs to Prevent Breaches (darkreading.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• Building a secure future without traditional passwords - Help Net Security

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• SEC cyber security rules shape the future of incident management - Help Net Security

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam

• SASE and requirements of business | Professional Security

• Why You Need Continuous Network Monitoring? (thehackernews.com)

• CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Other News

• Cyber attacks against the UK Electoral Commission reveal an ongoing threat to democracy (techxplore.com)

• Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News

• Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)

• Government highlights cyber threat to health and social care | UKAuthority

• Why is the Education Sector a Target for Cyber Attacks? | UpGuard

• Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard

• What would an OT cyber attack really cost your organisation? | CSO Online

• Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)

• Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)

• Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)

• Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)

• Documentary shines spotlight on a central bank heist and threats from cyber criminals - BNN Bloomberg

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching

A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.

This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.

Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]

67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.

A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.

The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Source: [Security Intelligence]

Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.

Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]

The Generative AI War Between Companies and Hackers is Starting

To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.

A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.

Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.

Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]

Spend to Save: The CFO’s Guide to Cyber Security Investment

As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.

The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.

It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.

Source: [Security Intelligence]

Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.

There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.

Source [CSO Online]

How the Talent Shortage Impacts Cyber Security Leadership

The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.

Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.

The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.

Source: [Security Intelligence]

Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.

Source: [Security Brief]

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.

While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.

Sources: [RUSI] [Dark Reading]

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.

"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."

Source: [TheHackerNews]

66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.

In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.

Source: [ITSecurityWire]

UK legal Sector at Risk, National Cyber Security Centre Warns

Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.

The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.

Sources: [Todays Conveyancer] [Infosecurity Magazine]

Startups Should Move Fast and Remember Cyber Security

The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.

The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.

Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]

Governance, Risk and Compliance

• Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Global Lawyers Unveil Cyber Best Practices for Execs - Infosecurity Magazine (infosecurity-magazine.com)

• From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Companies make strides in cyber defence and resilience amid escalating cyber threats: Aon - Reinsurance News

• Data Security Can Make Or Break Your Business (forbes.com)

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• CISOs Need Backing to Take Charge of Security (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

• The State Of Cyber security – Outlook And Challenges For 2023 And Beyond (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 67% of data breaches start with a single click - Help Net Security

• 1 in 100 emails is malicious - Help Net Security

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• The race against time in ransomware attacks - Help Net Security

• As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)

• Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report (malwarebytes.com)

• Ransomware gang increases attacks on insecure MSSQL servers | CSO Online

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber criminals pivot away from ransomware encryption | Computer Weekly

• Food manufacturers top three for ransomware attacks

• Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• 2023 State of Ransomware | Malwarebytes

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

Ransomware Victims

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)

• Scottish university UWS targeted by cyber attackers - BBC News

• Tempur Sealy isolated tech system to contain cyber burglary • The Register

• US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)

Phishing & Email Based Attacks

• 1 in 100 emails is malicious - Help Net Security

• 67% of data breaches start with a single click - Help Net Security

• Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)

• Emerging Cyber security Threat: How Google AMP Phishing Attacks Are Bypassing Email Security Measures (informationsecuritybuzz.com)

BEC – Business Email Compromise

• 1 in 100 emails is malicious - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• UK calls artificial intelligence a “chronic risk” to its national security | CSO Online

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)

• Intersection of generative AI, cyber security and digital trust | TechTarget

• Hackers are using AI to create vicious malware, says FBI | Digital Trends

• The generative A.I. war between companies and hackers is starting (cnbc.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Think tank wants monitoring of China's AI-enabled products • The Register

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Deputy National Security Advisor Anne Neuberger on addressing the security threats of AI | CyberScoop

• Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica

• Organisations want stronger AI regulation amid growing concerns - Help Net Security

• AI-enhanced images a ‘threat to democratic processes’, experts warn | Artificial intelligence (AI) | The Guardian

Malware

• Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)

• Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)

• IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

• New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)

• New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security

• Cyber criminals Renting WikiLoader to Target Italian Organisations with Banking Trojan (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)

• Hackers can gain complete control over your Mac with this new dark web hacking tool | Tom's Guide (tomsguide.com)

• Threat Actors Use AWS SSM Agent as a Remote Access Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• OT/IoT Malware Surges Tenfold in First Half of the Year - Infosecurity Magazine (infosecurity-magazine.com)

• CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)

Mobile

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)

• New smartphone vulnerability could allow hackers to track user location (techxplore.com)

• Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

• SpyNote Android Spyware Strikes Financial Institutions - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners (thehackernews.com)

Botnets

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

Denial of Service/DoS/DDOS

• Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)

• Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• "Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)

Internet of Things – IoT

• Canon warns of Wi-Fi security risks when discarding inkjet printers (bleepingcomputer.com)

Data Breaches/Leaks

• Cyber security breaches exposed 146 million records - ITSecurityWire

• Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)

• Pentagon hit by ‘critical compromise’ of US air force communications – report | US military | The Guardian

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Been Hacked? These are Your Next Steps | Entrepreneur

• Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)

• NI Executive Office and Patient and Client Council rapped for data breach risks | BelfastTelegraph.co.uk

• Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)

Organised Crime & Criminal Actors

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• How Hackers Trick You With Basic Sales Techniques (makeuseof.com)

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register

Insider Risk and Insider Threats

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• US military battling cyber threats from within and without • The Register

Deepfakes

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

Insurance

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

Dark Web

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

Supply Chain and Third Parties

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

Software Supply Chain

• Lessons Not Learned From Software Supply Chain Attacks (darkreading.com)

Cloud/SaaS

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

• Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop

Identity and Access Management

• The gap in users' identity security knowledge gives cyber criminals an opening - Help Net Security

Encryption

• Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)

• SCARF cipher sets new standards in protecting sensitive data - Help Net Security

• Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post

Open Source

• Open-source security challenges and complexities - Help Net Security

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Retail chain Hot Topic discloses wave of credential-stuffing attacks (bleepingcomputer.com)

Biometrics

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

Social Media

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• Social media giants on notice over foreign cyber threat (themandarin.com.au)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Instagram Flags AI-Generated Content (darkreading.com)

Travel

• Never share boarding passes online, cyber security experts warn travellers - NZ Herald

Regulations, Fines and Legislation

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)

• CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch

• What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget

• Why the California Delete Act Matters (darkreading.com)

• Organizations want stronger AI regulation amid growing concerns - Help Net Security

• Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)

• Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra

Models, Frameworks and Standards

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru

• What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek

• Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru

• White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)

• Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW

Law Enforcement Action and Take Downs

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

• FBI: Without Section 702, we can't ID cyber criminals • The Register

Privacy, Surveillance and Mass Monitoring

• Home Office plans new national police ‘facial-matching’ service after signing £50m deal for biometrics platform – PublicTechnology

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica

• Tor’s shadowy reputation will only end if we all use it | Engadget

• Delivering privacy in a world of pervasive digital surveillance: Tor Project's Executive Director speaks out - Help Net Security

• After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats (thehackernews.com)

• BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)

• Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures (thehackernews.com)

• Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)

• Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent

• Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

China

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica

• US senator victim-blames Microsoft for Chinese hack • The Register

• Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

• Think tank wants monitoring of China's AI-enabled products • The Register

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• US military battling cyber threats from within and without • The Register

Iran

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

• Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)

North Korea

• STARK#MULE Targets Koreans with US Military-themed Document Lures (thehackernews.com)

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

Misc/Other/Unknown

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Kaspersky unveils latest APT trends for Q2 | Media OutReach Newswire (media-outreach.com)

Vulnerability Management

• Relying on CVSS alone is risky for vulnerability management - Help Net Security

• Top 12 vulnerabilities list highlights troubling reality: many organizations still aren't patching | CyberScoop

• Old vulnerabilities, major vendors dominate list of most-exploited flaws of 2022 | SC Media (scmagazine.com)

• In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues - Security Affairs

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022 > National Security Agency/Central Security Service > Press Release View

• What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)

• Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)

• Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica

Vulnerabilities

• Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek

• Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)

• New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs

• Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek

• Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK

• US fears attacks will continue against Ivanti MDM installs • The Register

• Cisco Talos Discusses Flaws in SOHO Routers Post-VPNFilter - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)

• Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)

• Firefox 116: improved upload performance and security fixes - gHacks Tech News

• Oracle Critical Patch Update Advisory - July 2023

• Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop

Tools and Controls

• Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek

• Data stolen from millions via missing web app access checks • The Register

• Keeping the cloud secure with a mindset shift - Help Net Security

• Strengthening security in a multi-SaaS cloud environment | TechCrunch

• 5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)

• AI has a place in cyber, but needs effective evaluation | Computer Weekly

• Top 5 benefits of SASE to enhance network security | TechTarget

• MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert

• 4 Generative AI Security Benefits (trendmicro.com)

• What is Data Security Posture Management (DSPM)? (thehackernews.com)

• Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)

• What is an ISMS (Information Security Management System)? | UpGuard

• VPNs remain a risky gamble for remote access - Help Net Security

• Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Reports Published in the Last Week

• 2023 State of Ransomware | Malwarebytes

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

Other News

• The top 6 cyber security incidents in July 2023 (cshub.com)

• UK legal sector at risk, National Cyber Security Centre warns | Today's Conveyancer (todaysconveyancer.co.uk)

• UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)

• How local governments can combat cyber crime - Help Net Security

• Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)

• Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)

• Cyber Attacks Targeting Government Agencies Increase 40% - Infosecurity Magazine (infosecurity-magazine.com)

• BPP targeted in cyber attack - Legal Cheek

• Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)

• Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek

• New Study Reveals Forged Certificate Attack Risks - Infosecurity Magazine (infosecurity-magazine.com)

• 80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Business Email Compromise Attacks Can Take Just Hours

Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.

https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.

https://www.itsecurityguru.org/2023/03/08/research-reveals-password-still-the-most-common-term-used-by-hackers-to-breach-enterprise-networks/

Just 10% of Firms Can Resolve Cloud Threats in an Hour

Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/

MSPs in the Crosshairs of Ransomware Gangs

Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.

https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/

Stolen Credentials Increasingly Empower the Cyber Crime Underground

Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.

https://www.csoonline.com/article/3690409/stolen-credentials-increasingly-empower-the-cybercrime-underground.html#tk.rss_news

It’s Time to Assess the Potential Dangers of an Increasingly Connected World

As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.

https://www.imf.org/en/Blogs/Articles/2023/03/02/mounting-cyber-threats-mean-financial-firms-urgently-need-better-safeguards

Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022

Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.

https://www.darkreading.com/application-security/inside-threat-developers-leaked-10m-credentials-passwords-2022

Cyber Threat Detections Surges 55% In 2022

Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.

https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/

European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.

https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6

Employees Are Feeding Sensitive Business Data to ChatGPT

1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.

https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears

Is Ransomware Declining? Not So Fast Experts Say

Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).

https://www.techtarget.com/searchsecurity/news/365532201/Is-ransomware-declining-Not-so-fast-experts-say

Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims

The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.

https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/

Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.

https://www.zdnet.com/article/faced-with-likelihood-of-ransomware-attacks-businesses-still-choosing-to-pay-up/

Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.

https://www.theglobeandmail.com/business/careers/article-experts-see-growing-need-for-cybersecurity-workers-as-one-in-six-jobs/

Threats

Ransomware, Extortion and Destructive Attacks

• Faced with likelihood of ransomware attacks, businesses still choosing to pay up | ZDNET

• MSPs in the Crosshairs of Ransomware Gangs - MSSP Alert

• Is ransomware declining? Not so fast, experts say | TechTarget

• FBI and CISA warn of increasing Royal ransomware attack risks (bleepingcomputer.com)

• City of Oakland Faces Major Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Indigo Books Refuses LockBit Ransomware Demand (darkreading.com)

• Anatomy of a Ransomware Attack

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• Ransom House ransomware attack hit Hospital Clinic de Barcelona- - Security Affairs

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems (darkreading.com)

• Ransomware review: March 2023 (malwarebytes.com)

• Ransomware gang posts video of data stolen from Minneapolis schools (bleepingcomputer.com)

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

• Examining Ransomware Payments From a Data-Science Lens (trendmicro.com)

• DND: Black & McDonald reported ransomware attack | CTV News

• Cyble — BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow

Phishing & Email Based Attacks

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Catches of the Month: Phishing Scams for March 2023 - IT Governance UK Blog

• Emotet starts post-break phishing campaign • The Register

BEC – Business Email Compromise

• Microsoft: Business email compromise attacks can take just hours (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• Defeating the Deepfake Danger - SecurityWeek

• Does Your Help Desk Know Who's Calling? (thehackernews.com)

2FA/MFA

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• DrayTek VPN routers hacked with new malware to steal data, evade detection (bleepingcomputer.com)

• Malicious PyPI package signals direction of cyber crime • The Register

• How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)

• Snake Keylogger Malware Removal Guide (makeuseof.com)

• Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

• New malware infects business routers for data theft, surveillance (bleepingcomputer.com)

• Old Windows ‘Mock Folders’ UAC bypass used to drop malware (bleepingcomputer.com)

• Emotet malware attacks return after three-month break (bleepingcomputer.com)

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Custom Chinese Malware Found on SonicWall Appliance - SecurityWeek

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• FBI and international cops catch a NetWire RAT • The Register

Mobile

• Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (thehackernews.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Denial of Service/DoS/DDOS

• Akamai mitigated a record-breaking DDoS that peaked 900Gbps- Security Affairs

Internet of Things – IoT

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

Data Breaches/Leaks

• Preventing corporate data breaches starts with remembering that leaks have real victims - Help Net Security

• The LastPass Hack Somehow Gets Worse | WIRED

• LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach (thehackernews.com)

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• Popular fintech apps expose valuable, exploitable secrets - Help Net Security

• PayPal Sued Over Data Breach that Impacted 35,000 users (hackread.com)

• Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (hackread.com)

• Brazilian Conglomerate Suffers 3TB Data Breach: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Data breach exposed millions of Verizon customers' account info (androidpolice.com)

• Congress’ Social Security Numbers Leaked in DC Health Link Hack (gizmodo.com)

• Data protection vendor Acronis admits to data leak • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Organised Crime & Criminal Actors

• At Least 30% of "Cyber-Criminals" Are Women: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• BidenCash leaks 2.1M stolen credit/debit cards- Security Affairs

• Malicious PyPI package signals direction of cyber crime • The Register

• Where are the women in cyber security? • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

Insider Risk and Insider Threats

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Fraud, Scams & Financial Crime

• Scams Security Pros Almost Fell For (darkreading.com)

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers using voice-cloning A.I. to mimic relatives | Fortune

• Alleged security breach leaves millions of dollars missing from Flutterwave accounts | TechCrunch

• UK Government Plans Skills Boost for Public Sector Fraud Fight - Infosecurity Magazine (infosecurity-magazine.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• New Rise In ChatGPT Scams Reported By Fraudsters (informationsecuritybuzz.com)

Deepfakes

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• Defeating the Deepfake Danger - SecurityWeek

Insurance

• Talking Cyber Insurance With Munich Re - SecurityWeek

Dark Web

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Supply Chain and Third Parties

• Snap CISO talks risky supply chain security business • The Register

• SolarWinds IR lead: supply-chain attacks 'getting bigger' • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Software Supply Chain

• SBOMs become a security staple for the software supply chain • The Register

Cloud/SaaS

• Just 10% of Firms Can Resolve Cloud Threats in an Hour - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks (thehackernews.com)

• Hackers are quickly learning how to target cloud systems (axios.com)

• Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Asset Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Encryption

• New TPM 2.0 flaws could let hackers steal cryptographic keys (bleepingcomputer.com)

• New Steganography Breakthrough Enables “Perfectly Secure” Digital Communications (scitechdaily.com)

API

• API Security for UK companies - IT Security Guru

• Attackers exploit APIs faster than ever before - Help Net Security

Open Source

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Research Reveals 'Password' Still the Most Common Term Used by Hackers to Breach Enterprise Networks - IT Security Guru

• Stolen credentials increasingly empower the cyber crime underground | CSO Online

• The LastPass Hack Somehow Gets Worse | WIRED

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• The Role of Verifiable Credentials In Preventing Account Compromise (darkreading.com)

• Securing ways to share workplace passwords • The Register

• Young government workers show poor password management habits - Help Net Security

Social Media

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok unveils new European data security regime | Reuters

Training, Education and Awareness

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Regulations, Fines and Legislation

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Government Claims New UK GDPR Will Save Firms Billions - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Why do Businesses Need to Focus More on Cyber security (hackread.com)

• Flashpoint: Threat vectors converging, increasing damage | TechTarget

• How to achieve and shore up cyber resilience in a recession - Help Net Security

• The cyber security landscape in the era of economic instability – Help Net Security

Models, Frameworks and Standards

• Open letter demands OWASP overhaul, warns of mass project exodus | CSO Online

• PCI Compliance Requirements Guide (trendmicro.com)

• NIST Retooling Cyber security Framework to Reflect Changing Cyber scape – MSSP Alert

Data Protection

• Government Claims New UK GDPR Will Save Firms Billions – Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Experts see growing need for cyber security workers as one in six jobs go unfilled – The Globe and Mail

• How to Jump-Start Your Cyber security Career (darkreading.com)

Law Enforcement Action and Take Downs

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• FBI and international cops catch a NetWire RAT • The Register

Privacy, Surveillance and Mass Monitoring

• Secret Service and ICE break the law with fake phone towers • The Register

• Thought you'd opted out of online tracking? Think again • The Register

Artificial Intelligence

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)

• You can poison AI datasets for just $60, a new study shows (fastcompany.com)

• Microsoft and MITRE developed a tool to prepare security teams for attacks on ML systems - Help Net Security

• Thousands scammed by AI voices mimicking loved ones in emergencies | Ars Technica

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• Criminals will use ChatGPT to unleash wave of fraud, warns Darktrace (telegraph.co.uk)

Misinformation, Disinformation and Propaganda

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Pegasus spyware used to spy on a Polish mayor- Security Affairs

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese cyber spies target unpatched SonicWall gear • The Register

• What is Cyberwarfare? | Definition from TechTarget

Nation State Actors

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Russia Bans Messengers, Including WhatsApp, Telegram, And More (informationsecuritybuzz.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

• China-aligned APT is exploring new technology stacks for malicious tools - Help Net Security

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (thehackernews.com)

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese firm got Covid contract despite trying to hack NHS data, minister says | Politics | The Guardian

• Chinese cyber spies target unpatched SonicWall gear • The Register

• TikTok unveils new European data security regime | Reuters

• Lazarus group infiltrated South Korean finance firm twice last year | CSO Online

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Chinese regulatory body expected to streamline data governance rules | CSO Online

Vulnerability Management

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations

• Zero Day Threat Protection for Your Network (trendmicro.com)

• 557 CVEs Added to CISA's Known Exploited Vulnerabilities Catalog in 2022 - SecurityWeek

• Machine Learning Improves Prediction of Exploited Vulnerabilities (darkreading.com)

• Security Patch Management Strengthens Ransomware Defense (trendmicro.com)

• VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022 | TechTarget

Vulnerabilities

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers discover 'kill switch' in Starlink terminals - Security - iTnews

• PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security

• CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (thehackernews.com)

• Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing - SecurityWeek

• Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com)

• Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies… | by Fat Selimi | Feb, 2023 | InfoSec Write-ups (infosecwriteups.com)

• Chinese cyber spies target unpatched SonicWall gear • The Register

• Chrome 111 Patches 40 Vulnerabilities - SecurityWeek

• Bitwarden flaw can let hackers steal passwords using iframes (bleepingcomputer.com)

• Veeam warns to install patches to fix a bug in Backup & Replication- Security Affairs

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks - SecurityWeek

• Jenkins Server Vulnerabilities Chained for Remote Code Execution  - SecurityWeek

Tools and Controls

• The LastPass Hack Somehow Gets Worse | WIRED

• 3 Ways Security Teams Can Use IP Data Context (darkreading.com)

• Two-Thirds of European Firms Have Started Zero Trust - Infosecurity Magazine (infosecurity-magazine.com)

• What is zero trust? A model for more effective security | CSO Online

• Too Many SOAR Vendors are Failing MSSPs - MSSP Alert

• Why enterprise SecOps strategies must include XDR and MDR | TechTarget

Other News

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Tracking device technology: A double-edged sword for CISOs | CSO Online

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• What CISOs need to understand about document signing - Help Net Security

• Thousands of websites hacked as part of redirection campaign- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Criminals Exploit Invasion of Ukraine

Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.

In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.

Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.

Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.

Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.

https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/

UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.

Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.

John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.

Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.

Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”

https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat

Phishing - Still a Problem, Despite All The Work

Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.

Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?

https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work

Phishing Attacks Hit All-Time High in December 2021

The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/

Ransomware Infections Top List of The Most Common Results of Phishing Attacks

A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.

Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.

Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.

https://www.techrepublic.com/article/ransomware-infections-top-list-of-the-most-common-results-of-phishing-attacks/

Social Media Phishing Attacks Are at An All Time High

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.

As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.

Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.

https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/

Insurance Giant AON Hit by a Cyber Attack

Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.

AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.

AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.

In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.

AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.

The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.

In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

How Prepared Are Organisations to Face Email-Based Ransomware Attacks?

Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/

The Most Impersonated Brands in Phishing Attacks

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.

The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.

Key findings:

·         Financial services is the most impersonated industry

·         Microsoft is the most impersonated cloud brand and the top corporate brand

·         Facebook dominates social media phishing

·         35% of all phishing pages impersonated financial services brands

·         Mondays and Tuesdays are the top days for phishing

·         78% of phishing attacks occur on weekdays

·         Monday and Thursday are the top days for Facebook phishing

·         Thursday and Friday are the top days for Microsoft phishing

https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/

As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry

In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”

The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.

Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.

https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/

2022 May Be The Year Cyber Crime Returns Its Focus to Consumers

Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.

This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.

ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Kaspersky Neutral Stance in Doubt As It Shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/

Threats

Ransomware

• Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)

• Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register

• Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet

• Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica

• Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)

• Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine

Phishing & Email

• Unusual Sign-In Activity Mail Goes Phishing For Microsoft Account Holders | Malwarebytes Labs

Other Social Engineering

• 'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet

• Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)

Malware

• TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)

• Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)

Mobile

• How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security

• TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet

• This Nasty Android Malware Steals Your Passwords — What You Need To Know [Update] | Tom's Guide (tomsguide.com)

• SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)

• A New Money-Stealing Malware Makes Rounds On Google Play Store Posing As An Innocent App With Over 50,000 Downloads - NotebookCheck.net News

Data Breaches/Leaks

• Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)

• NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)

• 250,000-Plus Lawyer Disciplinary Records Leak • The Register

• Swiss Bank Requests Destruction of Documents - Infosecurity Magazine

Organised Crime & Criminal Actors

• Ukraine-Russia Cyber Warzone Splits Cyber Underground | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar

• Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Don’t Be Fooled Into Thinking You’re Too Smart To Be Scammed | News | The Sunday Times (thetimes.co.uk)

DoS/DDoS

• DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica

• DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet

• Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Nation State Actors

• Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant

• Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)

• Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru

• Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)

• Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com

• Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet

• Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica

• IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs

• Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)

• Cyber Attacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen | SecurityWeek.Com

• Chinese Malware Targeted Multiple Governments • The Register

• Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)

Passwords & Credential Stuffing

• Microsoft Accounts Targeted by Russian-Themed Credential Harvesting | Threatpost

Spyware, Espionage & Cyber Warfare

• Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters

• Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop

• How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review

• Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO

• Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet

• China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)

Vulnerabilities

• Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet

• Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com

• Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)

• New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)

• Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)

• New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)

• Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability - Information Security Buzz

Sector Specific

Financial Services Sector

• Banks Brace For Retaliatory Ransomware Attacks From Russia | Bitcoinist.com

Health/Medical/Pharma Sector

• Conti And Karma Actors Attack Healthcare Provider At Same Time Through ProxyShell exploits – Sophos News

• Over 100,000 Medical Infusion Pumps Vulnerable To Years Old Critical Bug (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Lack Of Visibility Plaguing ICS Environments - Help Net Security

Reports Published in the Last Week

• Vade Releases 2021 Phishers' Favourites Report (darkreading.com)

• Salt Security releases State of API Security Report - IT Security Guru

Other News

• Microsoft Teams Grows As Cyber Attack Vector - MSSP Alert

• Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz

• The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)

• Cyber Attackers Are Looking To Exploit People Who Want To Help Ukraine, Security Experts Warn | The Independent

• Multifactor Authentication Is Being Targeted by Hackers – The New Stack

• Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)

• Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz

• Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security

• Facebook, Twitter, Google Move To Intercept Russian Propaganda, Disinformation About Ukraine - CyberScoop

• Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)

• Open Source Security Fears Are Fading Away | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.