Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]

Governance, Risk and Compliance

• Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)

• Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• How threat intelligence data maximizes business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• More than half of organisations fall victim to cyber attacks (betanews.com)

• Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight | Business Wire

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Shareholders win when businesses do better at cyber | Computer Weekly

• Getting Security Remediation on the Boardroom Agenda (darkreading.com)

• New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)

• The cyber security skills shortage: A CISO perspective | CSO Online

• Cyber security essentials during M&A surge - Help Net Security

• Companies told cyber security has to be cross business concern (emergingrisks.co.uk)

• It's Time to Stop Measuring Security in Absolutes (darkreading.com)

• True Cost of a Cyber Security Breach for Your Business - Converge

• 35 cyber security statistics to lose sleep over in 2024 (techtarget.com)

• Changing role of CISO | Professional Security

• 3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)

• Cyber security plans should centre on resilience | MIT Sloan

• Debunking compliance myths in the digital era - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog

• 78% of organisations plan to increase ransomware protection | Security Magazine

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Building Resiliency in the Face of Ransomware  - Security Boulevard

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

• US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)

• Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay

• Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay

• Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay

Ransomware Victims

• Hackers threaten to publish huge cache of NHS Scotland data - BBC News

• Alleged sale of Communication Workers Union’s users data (marcoramilli.com)

• Scullion LAW becomes victim of cyber attack | Scottish Legal News

• Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)

• Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)

• Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru

• Western Isles council tax bills delayed due to cyber attack - BBC News

• Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)

Phishing & Email Based Attacks

• 'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

Artificial Intelligence

• Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Scammers exploit tax season anxiety with AI tools - Help Net Security

• Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)

• AI Regulation at a Crossroads - Security Boulevard

• Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru

• Beware of rogue chatbot hacking incidents (securityintelligence.com)

• The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)

• AI weaponisation becomes a hot topic on underground forums - Help Net Security

• AI bots hallucinate software packages and devs download them • The Register

• Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)

• Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)

2FA/MFA

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)

Malware

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• 39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek

• ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Hunter-killer malware: How to prevent it from undermining security controls | SC Media (scmagazine.com)

• Python devs are being targeted by this massive infostealing malware campaign | TechRadar

• TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)

• Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar

• New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

• DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

• AI bots hallucinate software packages and devs download them • The Register

Mobile

• In-app browsers still a privacy, security, and choice issue • The Register

• Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica

• Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)

Internet of Things – IoT

• Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Data Breaches/Leaks

• AT&T won’t say how its customers’ data spilled online | TechCrunch

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

Organised Crime & Criminal Actors

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

Insider Risk and Insider Threats

• The missing link: How criminals teamed up with bank employees to orchestrate cyber frauds. - The Economic Times (indiatimes.com)

Insurance

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Supply Chain and Third Parties

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (thehackernews.com)

• Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach (darkreading.com)

Cloud/SaaS

• Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

Identity and Access Management

• Tackling DORA Compliance With a Focus on PAM - IT Security Guru

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple With Identity Pain Points | Decipher (duo.com)

Encryption

• Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Apple users targeted by annoying 'Reset Password' attack | Mashable

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

• What is Managing Secrets? - Security Boulevard

Social Media

• If you watched certain YouTube videos, investigators demanded your data from Google | Mashable

Malvertising

• Study claims more than half of Americans use ad blockers • The Register

Training, Education and Awareness

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Regulations, Fines and Legislation

• Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)

• techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK

• AI Regulation at a Crossroads - Security Boulevard

• Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

Models, Frameworks and Standards

• Debunking compliance myths in the digital era - Help Net Security

Backup and Recovery

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

Careers, Working in Cyber and Information Security

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Almost half of IT teams are burnt out as a result of war rooms, as ‘blame game’ culture becomes the norm for most organisations | TechRadar

• The cyber security skills shortage: A CISO perspective | CSO Online

Law Enforcement Action and Take Downs

• UK Law Enforcers Arrest 400 in Major Fraud Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Security Threats In International Relations: Are We Prepared For A Digital Pearl Harbor? – OpEd – Eurasia Review

Nation State Actors

China

• China cyber attacks a reminder Beijing poses 'constant and sophisticated' threat to western cyber security | Science & Tech News | Sky News

• US and UK accuse China of cyber operations targeting domestic politics | CyberScoop

• UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)

• China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)

• New Zealand follows UK in accusing China of hacking its parliament | The Independent

• Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)

• China linked to UK cyber-attacks on voter data, Dowden to say - BBC News

• Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

• SNP MP claims Scottish universities 'overdependent' on Chinese money | The National

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)

• The Chinese government is phasing out Intel and AMD CPUs and Microsoft's Windows OS because they don't fit its new 'safe and reliable' guidelines | PC Gamer

• Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes

• China cyber-attacks explained: who is behind the hacking operation against the US and UK? | Hacking | The Guardian

• What to make of China’s massive cyber-espionage campaign (economist.com)

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• PM says UK approach to China 'more robust' than allies, as senior Chinese diplomat summoned | ITV News

• UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)

• Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)

• Chinese hackers target family members to surveil hard targets | CyberScoop

Russia

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

Iran

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

North Korea

• Asian cuisine used to launder money for North Korea • The Register

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

Vulnerability Management

• Spyware vendors behind 75% of zero-days targeting Google | TechTarget

• Zero Days Surged by Over 50% Annually, Says Google - Infosecurity Magazine (infosecurity-magazine.com)

• On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)

• NVD slowdown leaves thousands of vulns without analysis data • The Register

• Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?  - Security Boulevard

Vulnerabilities

• Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)

• SQL injection vulnerability in Fortinet software under attack | TechTarget

• GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)

• Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (thehackernews.com)

• MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET

• Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)

• Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena

• A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

• Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Double trouble for DNSSEC though the devil is in the details • The Register

• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns - Help Net Security

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

Tools and Controls

• How threat intelligence data maximises business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• 78% of organisations plan to increase ransomware protection | Security Magazine

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• 10 Essential Measures to Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple with Identity Pain Points | Decipher (duo.com)

• Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)

• Cyber security plans should center on resilience | MIT Sloan

• Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Reports Published in the Last Week

• ThreatLabz 2023 Phishing Report | ITPro

Other News

• Why the World Needs a New Cyber Treaty for Critical Infrastructure - Carnegie Europe - Carnegie Endowment for International Peace

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro

• 8 cyber security predictions shaping the future of cyber defence - Help Net Security

• Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)

• Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)

• Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon

• How to Prevent Your Company from Being Hacked in 2024 - DevX

• Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs

• US and Japan plan biggest upgrade to security pact in over 60 years

• US must establish independent military cyber service to fix 'alarming' problems — report | DefenseScoop

• FTSE 100 Retailers showing signs of cyber security apathy, despite growing risks | Retail Bulletin (theretailbulletin.com)

• Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)

• French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.

Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.

Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]

1% of Users are Responsible for 88% of Data Loss Events

New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.

With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.

Source: [Help Net Security]

Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI

New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.

Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]

Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan

Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.

A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.

Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]

Risk and Regulation: Preparing for the Era of Cyber Security Compliance

The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.

In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.

Sources: [Security Week] [Verdict]

Ransomware Attacks Jump 73% Within a Year

A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.

Source: [TechTarget]

The New CISO - Rethinking the Role

The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.

Source: [Dark Reading]

90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.

Source: [MSSP Alert]

Chief Risk Officers Say Cyber Security is Most Pressing Risk

In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.

Source: [Insurance Journal]

Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.

Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.

To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.

Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]

Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.

A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.

Source: [TechRadar] [WSJ]

Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare

A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.

Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.

Sources: [Security Brief ] [Beta News]

Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.

Source: [Reinsurance News]

Governance, Risk and Compliance

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)

• Microsoft: 87% of UK Organisations Vulnerable to Costly Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro

• New research calls for ‘less fear and more action’ from SMEs, as cyber naivety leaves 4 out of 5 businesses wide open to threats - Business Mondays

• Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)

• UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• UK government's "scarcely believable" cyber security survey makes grim reading for all sizes of business | TechFinitive

• 75% of UK Businesses Experienced a Cyber Incident in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News

• Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live

• The New CISO: Rethinking the Role (darkreading.com)

• Most IT pros think cyber attacks are getting worse - and many firms don't know how to deal with them | TechRadar

• Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)

• Using A Security Assessment As A Measuring Stick (forbes.com)

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)

• Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)

• Navigating the Evolving Cyber Threat Landscape: Insights from the Cyber Stability Conference → UNIDIR

• Organisations under pressure to modernize their IT infrastructures - Help Net Security

• Adapting Military Solutions to the Corporate Battlefield - Infosecurity Magazine (infosecurity-magazine.com)

• Board-level buy-in: preparing cyber defences the right way | Computer Weekly

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surges as compliance falters - Thales Group - Verdict

• Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)

• Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands - Infosecurity Magazine (infosecurity-magazine.com)

• NCC Group: Ransomware attacks jump 73% in February | TechTarget

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The Big Question: Is the UK ready to meet the threat of ransomware to British business? - Emerging Risks Media Ltd

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Ransomware Victims

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The British Library looks to the future as it reveals the incalculable damage of its ransomware attack (diginomica.com)

• VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine

• UnitedHealth cyber attack "one of the most stressful things we've gone through," doctor says - CBS News

• UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com

• Scottish health board hit by huge cyber attack with ‘significant quantity’ of data at risk (scotsman.com)

• Why UnitedHealth, Change Healthcare were targets of ransomware hackers

• Criminal investigation into Leicester City Council cyber attack - BBC News

• Yacht dealer to the celebs attack claimed by Rhysida gang • The Register

• UK council eerily cagey about 'cyber incident' details • The Register

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

Phishing & Email Based Attacks

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro

• Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)

• Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Email threat landscape | Professional Security

• Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)

• How to defend against phishing as a service and phishing kits | TechTarget

Other Social Engineering

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)

Artificial Intelligence

• Microsoft report says UK is not prepared for the age of AI — barely any businesses are ‘resilient’ to cyber crime | TechRadar

• 87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)

• UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly

• In the rush to build AI apps, don't leave security behind • The Register

• AI adoption by hackers pushed financial scams in 2023 | CSO Online

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Malware

• The most prevalent malware behaviours and techniques - Help Net Security

• Malware stands out as the fastest-growing threat of 2024 - Help Net Security

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)

• Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)

Mobile

• Kaspersky Identifies Three New Android Malware Threats (darkreading.com)

Denial of Service/DoS/DDOS

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why DDoS Threat Actors Are Shifting Their Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• 300,000 Systems Vulnerable to New Loop DoS Attack - Security Week

• Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar

Internet of Things – IoT

• Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

Data Breaches/Leaks

• 1% of users are responsible for 88% of data loss events - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Hackers steal personal data of 43 million French job seekers | ITPro

• International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)

• IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)

• NHS Dumfries and Galloway Warns of “Significant” Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)

• AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• Top 5 Data Breaches That Cost Millions - Security Boulevard

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Serial data thief pleads guilty to cyber crime charges • The Register

• Changing cause of data breaches | Professional Security

• Fake data breaches: Countering the damage - Help Net Security

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• How to verify a data breach | TechCrunch

• Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week

Organised Crime & Criminal Actors

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• IT helpdeskers increasingly targeted by cyber criminals • The Register

• Serial data thief pleads guilty to cyber crime charges • The Register

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

Insider Risk and Insider Threats

• 1% of users are responsible for 88% of data loss events - Help Net Security

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• Why human risk management is key to data protection (betanews.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• China-based Canadian accused of stealing Tesla trade secret • The Register

Insurance

• UK cyber insurance findings | Professional Security

• New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)

• Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)

Supply Chain and Third Parties

• Third-party breaches create network weak spots (betanews.com)

• How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)

Cloud/SaaS

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• The Definitive Guide to SaaS Security - Security Boulevard

Identity and Access Management

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

Encryption

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• Future inevitability of quantum computers is a security problem today - Breaking Defence

Linux and Open Source

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard

• What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

Social Media

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

Training, Education and Awareness

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• The Weakest Link: Securing The Human Element From Cyber Attack  - Security Boulevard

Regulations, Fines and Legislation

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• ICO publishes new fining guidance | ICO

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert

Models, Frameworks and Standards

• Chinese media exposes criminal smartphone farms • The Register

Data Protection

• Why human risk management is key to data protection (betanews.com)

Careers, Working in Cyber and Information Security

• How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga

• 3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)

• Why cyber recruitment needs a rapid overhaul | TechRadar

• AI Won't Solve Cyber Security's Retention Problem (darkreading.com)

Law Enforcement Action and Take Downs

• Filipino police break up forced labour cyber operation • The Register

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• Court jails first person convicted of cyberflashing in England | Crime | The Guardian

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Serial data thief pleads guilty to cyber crime charges • The Register

• Ukrainian Police Arrest Suspected Brute Force Account Hijackers - Infosecurity Magazine (infosecurity-magazine.com)

• Money laundering network boss hit with multi-million pound confiscation order - National Crime Agency

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

Nation State Actors

China

• Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week

• Confronted with Chinese hacking threat, industrial cyber security pros ask: What else is new?  | CyberScoop

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• Chinese media exposes criminal smartphone farms • The Register

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

• A look inside the Chinese cyber threat at the biggest ports in US

• CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)

Russia

• Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard

• UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)

• The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Russia’s Hybrid Warfare with the United States | Geopolitical Monitor

• HUR and cyber activists hacked at least seven Russian companies between March 11 and 18 / The New Voice of Ukraine (nv.ua)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor

• Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (therecord.media)

• Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)

• Over 800 Russian cyber attacks on Ukraine's state institutions and services since February 2022 – Prosecutor General | Ukrainska Pravda

• I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

• Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.

• Putin Sees Disastrous Start to Presidential Election (newsweek.com)

• Russia targets hundreds of Americans with new sanctions, including cyber journalists (therecord.media)

• Putin’s party hit by cyber attack as armed Russian troops oversee voters in occupied Ukraine | The Independent

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Iran

• Hackers claim to have breached Israeli nuclear facility’s computer network (therecord.media)

North Korea

• North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says

• North Korea's Kimsuky gang now exploiting Windows Help files • The Register

• Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Vulnerability Management

• NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)

• No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)

• 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Vulnerabilities

• Exploitation activity increasing on Fortinet vulnerability | TechTarget

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)

• Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)

• Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)

• Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)

• Another Microsoft vulnerability is being used to spread malware | TechRadar

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Google Chrome 123 launches with security fixes and Google Update changes on Windows - gHacks Tech News

• The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• iOS 17.4.1 release includes bug fixes and security updates | Macworld

• Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week

Tools and Controls

• Using A Security Assessment As A Measuring Stick (forbes.com)

• Mastering Physical Security In Information Security (informationsecuritybuzz.com)

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• How to choose the best cyber security vendor for your business | ITPro

• Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls - Security Boulevard

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)

• How To Not Fly Blind With API Security (forbes.com)

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

• EDR vs. antivirus: What's the difference? | TechTarget

• SIEM vs XDR: Capabilities and Key Differences | MSSP Alert

• Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK (darkreading.com)

• 95% of companies face API security problems - Help Net Security

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Reports Published in the Last Week

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• The 2024 Sophos Threat Report: Cyber Crime on Main Street – Sophos News

• 2024 Thales Data Threat Report Reveals Rise in Ransomware Attacks, as Compliance Failings Leave Businesses Vulnerable to Breaches | Thales Group

• Equifax Releases 2023 Security Annual Report (prnewswire.com)

Other News

• At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

• The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)

• Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)

• Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security

• Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post

• Cyber Security for Trustees: How to Reduce Risk and Respond to an Incident | Woodruff Sawyer - JDSupra

• How Can We Reduce Threats From the IABs Market? (darkreading.com)

• UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)

• Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

• Cyber security is an urgent priority for the museums sector - Museums Association

• Meet America’s Most Cyber Secure Banks 2024 (forbes.com)

• Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)

• Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)

• The Consequences for Schools and Students After a Cyber Attack - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

• Why governance, risk, and compliance must be integrated with cyber security | CSO Online

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)

• Beating the drum on cyber risk: the battle for boardroom attention - Risk.net

• What is cyber hygiene and why businesses should know about it - Security Boulevard

• Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard

• What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)

• Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)

• Essential Guide To Information Security Compliance (informationsecuritybuzz.com)

• Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)

• The CISO: 2024’s Most Important C-Suite Officer (forbes.com)

• UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)

• How to Prioritize Cyber Security Spending: A Risk-Based Strategy for the Highest ROI (thehackernews.com)

• Cyber security 'blind spot' leaves businesses exposed - Accountancy Age

• MTTR: The Most Important Security Metric (darkreading.com)

• Building Your Cyber Incident Response Team - Security Boulevard

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• AWS on why CISOs should track 'the metric of no' | TechTarget

• 2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey (databreaches.net)

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying - Infosecurity Magazine (infosecurity-magazine.com)

• 69% of Organisations Infected by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)

• What CISOs Need To Know About The Lockbit Takedown - Security Boulevard

• Ransomware crews lean into infostealers for initial access • The Register

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Do ransomware attackers keep their word? - TechCentral.ie

• What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg

• Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)

• FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)

• What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future

• 3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)

• What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)

• Cyber criminals follow the money to hit manufacturing sector • The Register

• Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)

Ransomware Victims

• Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week

• Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)

• Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)

• Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)

• Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie

• Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)

• German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week

• US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)

• MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)

Phishing & Email Based Attacks

• European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar

• Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)

• Unmasking 2024's Email Security Landscape (securityaffairs.com)

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot

Other Social Engineering

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• How to stay safe from cyber criminal "quishing" attacks | TechRadar

• Scammers Often Rely on This Psychological Trick | TIME

Artificial Intelligence

• Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune

• AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• AI in cyber security presents a complex duality - Help Net Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

• BEAST AI attack can break LLM guardrails in a minute • The Register

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

• Ransomware crews lean into infostealers for initial access • The Register

• BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)

• GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

• Pikabot returns with new tricks up its sleeve - Help Net Security

• TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Cloud-focused malware campaigns on the increase (betanews.com)

• Hackers are infecting Macs with malware using calendar invites and meeting links | Tom's Guide (tomsguide.com)

• New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)

Mobile

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)

• Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)

Denial of Service/DoS/DDOS

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• DDoS attacks against web apps and APIs surge (betanews.com)

Internet of Things – IoT

• Half of IT Leaders Identify IoT as Security Weak Point - Infosecurity Magazine (infosecurity-magazine.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

Data Breaches/Leaks

• U-Haul says 67K customers' data was stolen in cyber attack • The Register

• Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar

Organised Crime & Criminal Actors

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• 8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)

• It’s only February and cyber crime is already running rampant (techinformed.com)

• Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)

• How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

Insider Risk and Insider Threats

• US man accused of making $1.8m from listening in on wife’s remote work calls | Securities and Exchange Commission | The Guardian

• Are remote workers at greater risk of cyber security threats? | TechRadar

• Over Half of UK Firms Concerned About Insider Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding employees' motivations behind risky actions - Help Net Security

• The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)

Insurance

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• A Cyber Insurance Backstop - Schneier on Security

Supply Chain and Third Parties

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• 98% of businesses linked to breached third parties - Help Net Security

Cloud/SaaS

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• CIOs rethink all-in cloud strategies | CIO

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

• Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert

• Cloud-focused malware campaigns on the increase (betanews.com)

Identity and Access Management

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)

Linux and Open Source

• From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

Social Media

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

Malvertising

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

• Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)

Training, Education and Awareness

• Cyber awareness education is a change-management initiative | CSO Online

• Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)

• 4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)

• Creating a cyber security training curriculum for SMBs and MSPs | TechRadar

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

Regulations, Fines and Legislation

• 81% of security leaders predict SEC rules will impact their businesses | Security Magazine

• Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)

• Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard

• NIST Publishes Final “Cyber Security Resource Guide” on Implementing the HIPAA Security Rule | Foley & Lardner LLP - JDSupra

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Backup and Recovery

• MTTR: The Most Important Security Metric (darkreading.com)

Models, Frameworks and Standards

• NIST CSF 2.0 released, to help all organisations, not just those in critical infrastructure - Help Net Security

• NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert

• Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)

• Preparing for the NIS2 Directive - Help Net Security

Data Protection

• UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• A Perfect Cyber Storm is Leading to Burnout | Network Computing

• The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)

• Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard

Law Enforcement Action and Take Downs

• Is the LockBit gang resuming its operation? (securityaffairs.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• US leading global alliance to counter foreign government disinformation | Cyberwar | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 15 Countries with Cyber Warfare Capabilities (yahoo.com)

• Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review

• When Hackers Are Hacked, A Chinese Spy Story - Worldcrunch

• Chinese Cyber Attacks:A 12-month Outlook (greydynamics.com)

• Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)

• The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

• Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

Russia

• Two Years On: How Ukraine's Cyber Warfront Is Redefining Global Cyber Security Strategies | HackerNoon

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia may have just carried out its first direct action against the West (yahoo.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• Ukraine signs security deals with Western allies to help counter Russian cyber attacks (therecord.media)

• Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies (therecord.media)

• Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

• Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

• Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (therecord.media)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

• Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

Iran

• Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defence Sectors (thehackernews.com)

North Korea

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

Vulnerability Management

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• CVE count set to rise by 25% in 2024 - Help Net Security

• Most Commercial Code Contains High-Risk Open Source Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• The rising threat of zero-day attacks | Security Magazine

Vulnerabilities

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)

• One of Apple's best iOS productivity tools had a pretty concerning security flaw, so patch now | TechRadar

• Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

• MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)

• Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)

• Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop

• Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)

Tools and Controls

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Cyber awareness education is a change-management initiative | CSO Online

• Why Cyber Security Must Include Protective DNS (hyas.com)

• Championing ethical hackers: a vital defence for the financial industry during turbulent times (finextra.com)

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard

• APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• MTTR: The Most Important Security Metric (darkreading.com)

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week

• Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)

• Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)

Reports Published in the Last Week

• A Comparative Study on Cyber Risk: Business vs. Security Perspectives (inforisktoday.com)

• Cyber threat landscape report | Professional Security

• Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE

Other News

• Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)

• IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)

• It's time to stop trusting your antivirus software | Digital Trends

• Three new advanced threat groups targeted industrial organisations last year | CSO Online

• What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard

• Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)

• Why Health Care Is Top Target for Cyber Criminals (govtech.com)

• RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)

• Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Despite Recent NCA and FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

There has been a lot of high profile coverage this week of the infamous and prolific LockBit gang’s infrastructure having been seized by law enforcement following an international Police operation led by the UK’s National Crime Agency. Whilst the international operation shows the seriousness of the matter, and the success of the operation should be celebrated, those celebrations should be muted and organisations should not become lax. Like the Hydra of Greek mythology, when one head disappears, a few more appear in its place. Ransomware really is a case of if, not when, and your organisation needs to be prepared.

Further, a recent threat report has found that the median ransom demand rose by 20% year on year, hitting an average of $600,000 and it is expected that 2024 will be even more volatile. Ransomware groups are expanding their target lists and exploring new pressure tactics in response to increasingly effective law enforcement efforts, and this is coupled with the increasing regulatory impact on organisations.

Sources: [Sky News] [GOV Infosecurity] [Bleeping Computer] [Infosecurity Magazine] [Cyber Reason]

The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

In the latest IBM X-Force Threat Intelligence Index, it was revealed that basic security issues remain the most significant threat to enterprises. Cyber criminals are increasingly turning to credential stuffing, using and exploiting valid accounts harvested from the darkweb and previous breaches, with a 266% uptick in info-stealing malware. This tactic is harder to detect and elicits a costly response from enterprises. On the other hand, it is also important to adopt an attacker mindset for effective security. Understanding the attacker’s tools, motives, and efforts can help in limiting access, compartmentalising the impact of any successful attack, and minimising the time to attack detection. In essence, while organisations continue to grapple with complex cyber threats, the biggest security problem boils down to the basic and the already known. Therefore, it is crucial to focus on strengthening basic security measures and thinking like an attacker to proactively mitigate the risk for a more secure attack surface.

Source: [Help Net Security] [Forbes]

Reevaluating Your Cyber Security Priorities

Both technology and cyber criminals are evolving, yet many companies and organisations are not. For many corporate leaders, they may not know where to begin. Organisations looking to evolve their cyber security posture should look to elevate cyber to the C-suite and board, conduct audits of their sensitive information, create or update and test their incident response plan and finally, revisit their cyber hygiene training to ensure it is doing more than just ticking boxes. Organisations doing the above will find themselves improving their cyber security posture, and mitigating their risk to threats.

Source: [Dark Reading]

Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

A new study has found that extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are amongst the greatest threats to cyber security defences currently. The report, conducted by Mimecast, highlights how individual ransom groups have claimed over 1,000 victims and over $300 million in payments. Regarding SMBs, the report found that these businesses encountered twice the normal number of threats, at over 30 threats per user, as compared to larger companies who saw approximately 15. Not only are SMBs at more risk, but they also do not have the same resources a large company would have to mitigate such threats. SMBs must be efficient in the way they prioritise and address their cyber risk as part of their larger risk management strategy.

Sources: [Emerging Risks] [The HR Director]

Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

A new report has found that the number of reported cyber breaches on UK law firms has increased 30% from the previous year, as attackers increasingly target the profession. As a note, this does not include firms who may be unaware that they have been breached. Law firms are an attractive target to attackers due to the sensitive information such as M&A activity, divorce information and big ticket litigation; many attackers believe that law firms will pay handsomely to have this data back.

Sources: [Emerging Risks] [Legal Cheek]

It’s Not Only Ransomware Seeing Huge Rises: Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise. Is Your Business Prepared?

A recent report found that business email compromise (BEC) saw a staggering increase of 10 time the amount compared to the previous year. BEC involves a genuine business email account being compromised by a threat actor; this could be your supplier, a client, or anyone you have legitimate contact with. With such an increase, organisations must consider if they would be able to spot and mitigate BEC in their corporate environment through robust operational controls such as callback procedures for example. Due to the rise in deep fake fraud with voice cloning and video, the efficacy of traditional safeguards such as callbacks are not providing the assurance they once did. Firms and employees need to be on their guard to these changing tactics to safeguard the business.

Source: [TechRadar]

Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

Phishing remains one of the most prevalent cyber security threats, and with the emergence of artificial intelligence it is only going to carry on getting worse. According to a recent report, the number of deepfake fraud attempts rose by 3,000%. In one instance, the CEO of an energy enterprise sent €220,000 to a supplier after getting a call from the parent company’s leader requesting the exchange; the call was a deepfake.

Source: [HackerNoon]

Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever. New Report Signals the Threats to Businesses, Supply Chains, and Democracy

A recent report from CrowdStrike sheds light on the increasing speed and sophistication of cyber attacks. Breakout times have plummeted to an average of 62 minutes, with a record time of just two minutes and seven seconds observed. Hackers are now targeting the cloud, exploiting its vulnerabilities and leveraging AI assistance to escalate attacks. The human factor remains a primary entry point for threat actors, with social engineering and phishing campaigns on the rise. As organisations transition to the cloud, threat actors follow suit, with cloud intrusions soaring by 75%. CrowdStrike warns of state-sponsored adversaries targeting critical elections, emphasising the need for a platform-based approach bolstered by threat intelligence to safeguard against evolving threats.

Source: [TechRadar]

Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

A report by Cofense has found a 105% increase in malicious emails that successfully bypassed Secure Email Gateways (SEGs), with approximately one malicious email navigating their way past SEGs every 57 seconds. The report suggests that phishing efforts are outpacing that of SEGs, and such phishing efforts are responsible for 90% of data breaches. Whilst SEGs may be filtering out a number of malicious emails, they, like everything in cyber security, are not a silver bullet. Organisations should not fall foul of believing that they are impenetrable because they have a SEG.

Sources: [SiliconANGLE] [Security Magazine] [Help Net Security]

Rising Cyber Threats Identified as Major Business Risk for 2024

In the latest Allianz risk barometer, cyber incidents have been identified as the most significant concern for companies globally in 2024. This is particularly true for remote desktop connections, which have become a prime target for cyber attacks since the shift to a work-from-home environment. The report also highlights that the risk landscape is being shaped by digitalisation, climate change, and geopolitical uncertainties. Meanwhile, a report from Coalition reveals that the cyber attack surface has expanded due to new ways of working. The report found that smaller businesses often lack the resources to prepare for a wide range of risk scenarios, which can lead to longer recovery times after an unexpected incident. These findings underscore the importance of robust cyber security measures and the need for continuous monitoring and improvement of an organisation’s digital defences.

Sources: [Reinsurance News] [Allianz]

Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

A huge leak of data from a Chinese cyber security firm, iSoon, has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including the likes of foreign governments, and the leak shows this has been going on for years. Since the release, CrowdStrike has drawn overlaps between the firm and multiple known Chinese threat actors who are well resourced and conduct attacks over an extended period (referred to as advanced persistent threats, APTs). Among some of the 500 leaked documents are product manuals, lists of clients and employees, and WeChat instant messages. The leaks show over 14 governments have been attacked, as well as gambling and telecommunications companies.

Sources: [Dark Reading] [The Guardian]

Fifth of British Kids Have Broken the Law Online

In a recent study by the UK National Crime Agency (NCA), one in five children aged 10 to 16 have engaged in online offences with the figure rising to 25% among online gamers. These "low-level" cyber crimes, such as attempting to access protected servers or launching distributed denial of service (DDoS) attacks, may not be perceived by young individuals as violating the Computer Misuse Act. The consequences, however, are severe, including potential arrest, criminal records, and restrictions on future opportunities. The NCA stresses the importance of educating both children and adults about the legal and ethical implications of such actions, highlighting the transition from minor offences to more serious cyber crimes. With a significant shortage of cyber security professionals globally, fostering positive digital skills among young individuals is crucial for meeting industry demands and deterring cyber crime. Parents, teachers, and children are encouraged to explore resources provided by the NCA's Cyber Choices website to prevent inadvertent involvement in illegal online activities.

Source: [Infosecurity Magazine]

Over 40% of Firms Struggle with Cyber Security Talent Shortage

A recent report from Kaspersky has unveiled a critical global challenge: over 40% of companies are struggling to fill essential cyber security roles, with information security research and malware analysis roles particularly affected. This scarcity is felt most acutely in Europe and Latin America. Roles within security operations centres (SOCs) and network security are also understaffed, with figures around 35% and 33% respectively. The government sector faces the most significant demand for cyber security experts, followed closely by the telecoms and media sectors. While efforts like offering competitive salaries and enhanced training are underway, the gap persists due to the rapid pace of technological advancement outstripping educational initiatives. The report emphasises the need for innovative solutions to bridge this shortfall, highlighting recruitment, training, and technological advancements as key components of a comprehensive strategy to bolster cyber security resilience in the face of evolving threats.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever | TechRadar

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• Cyber security professionals admit “knowledge gaps” have led to serious security blunders | ITPro

• The old, not the new: Basic security issues still biggest threat to enterprises - Help Net Security

• Cyber threat environment more dangerous then ever - Mimecast (emergingrisks.co.uk)

• Over two-thirds of IT security decision-makers report an increase in cyber security budgets for 2024 | IT Reseller Magazine (itrportal.com)

• Geopolitical tension, extortion and attacks present biggest cyber security risks | theHRD (thehrdirector.com)

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Barracuda report highlights rise of high-risk business security threats in 2023 (securitybrief.co.nz)

• Coalition report reveals rising cyber threats amidst business vulnerabilities - Reinsurance News

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• Thinking Like An Attacker—Another Look At Enterprise Security (forbes.com)

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• The evolution of the CISO - Compare the Cloud

• How CISOs Balance Business Growth, Security in Cyber Threat Landscape (darkreading.com)

• Allianz Risk Barometer: Identifying the major business risks for 2024

• How to mitigate C-Suite cyber risks | Professional Security

• Why cyber security can boost organisational innovation | TechRadar

• 4 Key Steps to Reevaluate Your Cyber Security Priorities (darkreading.com)

• Cyber security success -- elevate your defence against cyber threats (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransom demands surge by 20% in 2023, hitting key industries hardest - SiliconANGLE

• Police arrests LockBit ransomware members, release decryptor in global crackdown (bleepingcomputer.com)

• LockBit takedown is a “huge win for law enforcement”, but let’s not celebrate too soon, security experts warn | ITPro

• LockBit Attempts to Stay Afloat with a New Version (trendmicro.com)

• LockBit registered nearly 200 "affiliates" over the past two years | TechRadar

• 2024 will be a volatile year for cyber security as ransomware groups evolve - Help Net Security

• Ransomware Experts See Problems With Banning Ransom Payments (govinfosecurity.com)

• Initial Ransomware Demands Jump 20% to $600,000 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: True Cost to Business 2024 (cybereason.com)

• Ransomware and BEC are seeing a huge rise — is your business ready? | TechRadar

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• 3 trends set to drive cyber attacks and ransomware in 2024 | World Economic Forum (weforum.org)

• Year-over-year, the median initial ransom has risen by 20% | Security Magazine

• Alpha ransomware linked to NetWalker operation dismantled in 2021 (bleepingcomputer.com)

• Why are ransomware gangs making so much money? | TechCrunch

• Akira Ransomware Exploiting Cisco Anyconnect Vulnerability (gbhackers.com)

• Knight ransomware source code for sale after leak site shuts down (bleepingcomputer.com)

• Exclusive: eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• Why some cyber attacks hit harder than others - BBC News

• Report: Manufacturing bears the brunt of industrial ransomware | CyberScoop

Ransomware Victims

• eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Why some cyber attacks hit harder than others - BBC News

• ALPHV ransomware claims loanDepot, Prudential Financial breaches (bleepingcomputer.com)

• Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric (securityaffairs.com)

• Dead Man's Fingers maker cuts over 500 jobs and enters the red after cyber attack hits sales (cityam.com)

• 147 ransomware attacks on large Dutch companies, institutions last year; 18% paid ransom | NL Times

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

Phishing & Email Based Attacks

• New report warns of ongoing rise of malicious emails bypassing secure email gateways - SiliconANGLE

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• The phishing bait you're most likely to take (betanews.com)

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• SMBs at Risk From SendGrid-Focused Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• What ‘psychological warfare’ tactics do scammers use, and how can you protect yourself? (theconversation.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• What Is Social Engineering? Types Of Attacks To Beware Of (forbes.com)

Artificial Intelligence

• AI models can be weaponized to hack websites on their own • The Register

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• As adversaries harness AI, tech firms peer through chat logs to catch them - Defense One

• Here Comes the Flood of AI-Generated Clickbait | WIRED

• Air Canada Has to Honor a Refund Policy Its Chatbot Made Up | WIRED

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Employees input sensitive data into generative AI tools despite the risks | ZDNET

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Global AI Regulatory Update - Lexology

Malware

• PDF Malware on the Rise, Used to Spread WikiLoader, Ursnif and DarkGat - Infosecurity Magazine (infosecurity-magazine.com)

• FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty (thehackernews.com)

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• Anatsa Android malware downloaded 150,000 times via Google Play (bleepingcomputer.com)

• 'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers (darkreading.com)

• What are Botnets and Why are MSSPs So Concerned? | MSSP Alert

• New SSH-Snake malware steals SSH keys to spread across the network (bleepingcomputer.com)

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Your Mac Is Not Virus Proof. It Never Has Been. (gizmodo.com)

• Click: Your innocent mouse could be a cyber criminal's silent weapon - Digital Journal

• Vibrator virus steals your personal information | Malwarebytes

Mobile

• Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices (thehackernews.com)

• New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe (darkreading.com)

• Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks | Tom's Hardware (tomshardware.com)

• VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (bleepingcomputer.com)

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

Denial of Service/DoS/DDOS

• Cyber attacks in Malta, Hungary, Ukraine, Bosnia are a 'wake-up call', IPI warns (timesofmalta.com)

• Average DDoS attack cost businesses £325,000 in 2023, according to new Zayo data | IT Reseller Magazine (itrportal.com)

• Top UK Universities Recovering Following Targeted DDoS Attack - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 'Anywhere there's a camera, now there's a risk': Billions of users at risk of Peeping Toms — scientists devise incredibly simple eavesdropping system costing only a few hundred dollars | TechRadar

• Wyze camera glitch gave 13,000 users a peek into other homes (bleepingcomputer.com)

• As Cyber attacks Ramp Up, Electric Vehicles Are Vulnerable (autoweek.com)

• Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire | Tom's Hardware (tomshardware.com)

• Is new technology making cars less secure? - Verdict

Data Breaches/Leaks

• Bank of America Suffers Massive Data Breach, Exposing Social Security Numbers, Addresses and Additional Sensitive Data To Hackers - The Daily Hodl

• Infosys subsidiary named as source of Bank of America leak • The Register

• Why Data Breaches Spiked in 2023 (hbr.org)

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• UK council's sneaky insider steals 79k email addresses • The Register

• Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million - SecurityWeek

Cyber Crime General & Criminal Actors

• Fifth of British Kids Have Broken the Law Online - Infosecurity Magazine (infosecurity-magazine.com)

• Despite Knowing Risks, Brits Continue to Expose Themselves to Cyber Criminals Finds IDnow | The Fintech Times

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Are Employing New Tactics To Launder Money, Warns Report - Benzinga

Insider Risk and Insider Threats

• UK council's sneaky insider steals 79k email addresses • The Register

Insurance

• Personal cyber insurance nascent but growing in demand as digital crimes increase - Victoria Times Colonist

• Insurers Use Claims Data to Recommend Cyber Security Technologies (darkreading.com)

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• What is Cyber Insurance and Does Your Small Business Need It? (smallbiztrends.com)

Supply Chain and Third Parties

• Infosys subsidiary named as source of Bank of America leak • The Register

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

Cloud/SaaS

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Cyber security report reveals 75% spike in cloud attacks (securitybrief.co.nz)

• Cyber security fears drive a return to on-premise infrastructure from cloud computing - Help Net Security

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Cyber attacks follow businesses to the cloud (betanews.com)

• Six steps for stronger cloud security | SC Media (scmagazine.com)

Identity and Access Management

• Why identity fraud costs organisations millions - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

Encryption

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

Linux and Open Source

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• How to proactively prevent password-spray attacks on legacy email accounts | CSO Online

Social Media

• EU Watchdog Urged to Reject Meta 'Pay for Privacy' Scheme - SecurityWeek

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• 76% of Super Bowl Traffic From Elon Musk's X to Advertisers Could Be Fake (thewrap.com)

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• European Union deepens its investigation of TikTok • The Register

Training, Education and Awareness

• People cannot be patched (betanews.com)

Regulations, Fines and Legislation

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

• Hedge Funds Warn SEC Cyber Lapses Risk Exposing Trading Secrets (bloomberglaw.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• European Union deepens its investigation of TikTok • The Register

• Decoding DORA: Navigating the digital regulatory landscape | World Finance

• 81 Percent of Security Leaders Say SEC Cyber Security Rules Will Substantially Impact Their Business | Business Wire

• FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus (404media.co)

• Avast settles claims of customer data peddling for $17M • The Register

• Global AI Regulatory Update - Lexology

Careers, Working in Cyber and Information Security

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Psychology of Cyber Security Burnout (informationweek.com)

• How can we adapt work practices to protect CISO mental health? | Computer Weekly

Misinformation, Disinformation and Propaganda

• Feds deliver stark warnings to state election officials ahead of November - Iowa Capital Dispatch

• UK election cyber attack warning after Putin's hackers target US (inews.co.uk)

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• Election security threats in 2024 range from AI to … anthrax • The Register

• 76 percent of Super Bowl LVIII traffic from Twitter dubbed 'fake' (awfulannouncing.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Countries fear state-sponsored cyber war | The World from PRX

• Cyberwar: What Is It Good For? - GovInfoSecurity

Nation State Actors

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever — new report signals the threats to businesses, supply chains, and democracy | TechRadar

• Countries fear state-sponsored cyber war | The World from PRX

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

China

• In the evolving cyberwar, China aims to take down our critical infrastructure | SC Media (scmagazine.com)

• 'Major Chinese hack' on Foreign Office urgently investigated by UK spies (inews.co.uk)

• Leaked Chinese Hacking Files Reveal How Compromised the US Could Be (businessinsider.com)

• iSoon's Secret APT Status Exposes China's Foreign Hacking Machination (darkreading.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• China’s Cyber Security and Statecraft – The Diplomat

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• China’s Spy Agency Sees Threats Everywhere in Data Security Push - Bloomberg

Russia

• FBI disrupts hacking network 'linked to Russian intelligence services' | US News | Sky News

• Russian APT 'Winter Vivern' Targets European Governments, Military (darkreading.com)

• Russian Cyber attackers Launch Multiphase PsyOps Campaign (darkreading.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers | Tom's Hardware (tomshardware.com)

• NHS hospitals ‘easy targets’ for Russian hackers (thetimes.co.uk)

• Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (recordedfuture.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Russian Turla Cyber Spies Target Polish NGOs With New Backdoor - SecurityWeek

• Russian-Aligned Network Doppelgänger Targets German Elections - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

• NATO's chief information officer on what Ukraine did right in its cyberwar with Russia (therecord.media)

• Russian Government Software Backdoored to Deploy Konni RAT Malware (thehackernews.com)

• Three terms sure to grab attention: Russia, nuclear, anti-satellite weapon | Ars Technica

Iran

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops (darkreading.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets (darkreading.com)

• Israeli Aircraft Survive “Cyber Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Russian Government Software Backdoored to Deploy North Korean Konni RAT Malware (thehackernews.com)

Vulnerability Management

• CVEs expected to increase 25% in 2024 | Security Magazine

• Coalition: Vulnerability scoring systems falling short | TechTarget

Vulnerabilities

• Ransomware Warning as CVSS 10.0 ConnectWise ScreenConnect Bug is Exploited - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• Exploiting critical ConnectWise bug is 'embarrassingly easy' • The Register

• Akira Ransomware Exploiting Cisco AnyConnect Vulnerability (gbhackers.com)

• New Ivanti Vulnerability Observed as Widespread Security Concerns Grow - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers (securityaffairs.com)

• VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (thehackernews.com)

• VMware issues no-patch advisory for critical flaw in old SSO plugin | SC Media (scmagazine.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• ESET fixed high-severity local privilege escalation bug in Windows products (securityaffairs.com)

• SolarWinds addressed critical RCEs in Access Rights Manager (securityaffairs.com)

• Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities - SecurityWeek

• Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking (darkreading.com)

• Joomla XSS Bugs Open Millions of Websites to RCE (darkreading.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

• Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

• Hackers exploit critical RCE flaw in Bricks WordPress site builder (bleepingcomputer.com)

Tools and Controls

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• NCSC Sounds Alarm Over Private Branch Exchange Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• New Google Chrome feature blocks attacks against home networks (bleepingcomputer.com)

• How Businesses Can Safeguard Their Communication Channels Against Hackers (thehackernews.com)

• Limiting remote access exposure in hybrid work environments | CSO Online

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• The double-edged sword of zero trust - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

• SOC Landscapes: Insights from SANS' 2023 SOC Report (trendmicro.com)

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Microsoft expands free logging capabilities after May breach (bleepingcomputer.com)

• Why ransomware gangs love using RMM tools—and how to stop them | Malwarebytes

• People cannot be patched (betanews.com)

• “Ruthlessly prioritize what’s critical”: Check Point expert on CISOs and the evolving attack surface | ITPro

Reports Published in the Last Week

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• CrowdStrike 2024 Global Threat Report | CrowdStrike

• IBM XForce Threat Intelligence Index 2024.pdf

• Cyber Threat Index 2024: Scans, Honeypots, and CVEs  (coalitioninc.com)

Other News

• Israeli Aircraft Survive “Cyber-Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

• The Power Sector’s High-Stakes Battle for Cyber-Resiliency (powermag.com)

• Ways to elevate public sector cyber security | Professional Security

• Increasing Europe's cyber resilience - government.lu (gouvernement.lu)

• Industries most targeted by active adversaries | SC Media (scmagazine.com)

• Library Cyber Defences Are Falling Down (darkreading.com)

• How conveyancers can protect themselves against a cyber attack | Today's Conveyancer (todaysconveyancer.co.uk)

• US govt shares cyber attack defence tips for water utilities (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads

Proofpoint have released an alert relating to an active hacking operation in which cyber criminals are employing phishing traps and shared Office 365 documents to steal credentials. Hackers have been threading together credential phishing and account takeover (ATO) tactics to gain access to enterprise resources, with multiple organisations already hit. One of the identified methods in use involves attackers inserting links that direct users to click to view a document. This subsequently links them to a phishing page controlled by the attacker.

In another currently active phishing campaign, threat actors are targeting potential victims via email and SMS, with personalised content to match victim roles within their organisation. But instead of phishing for information directly, they are convincing victims to download remote monitoring and management software. Victims were directed to newly registered websites mimicking various financial institutions and asked to download a “live chat application”, which turned out to be an old version of AnyDesk. Once downloaded, the software would then allow full access to victim’s machine and network resources.

Sources: [Verdict] [Help Net Security]

Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business

A cyber attack is a matter of when, not if, and as such businesses must prepare for such an event happening to them. Whilst cyber security aims to defend the organisation, cyber resilience is about ensuring that your digital operations, which are the heart of your organisation, can withstand and quickly recover from any cyber attack, technical malfunction, or even deliberate tampering. If we think back to Covid, a lot of organisations suddenly had to adapt, to ensure that they could function as close to normal as possible. How many have tested their organisation’s ability to continue work since, or prepared for a loss of access to critical systems for an extended period of time? It’s the cyber resilient organisations that know they’ve made the right investments to significantly reduce the risk of their operations grinding to a halt.

Source: [Security Brief]

Leveraging Threat Intelligence for Regulatory Compliance

The collective improvement of cyber security is a high international priority and a wealth of EU legislation, such as NIS2 and the Digital Operational Resilience Act (DORA) is in the pipeline, to oblige organisations to understand and manage their cyber risks appropriately. As part of these regulations, threat intelligence is often a feature that can be leveraged to improve cyber resilience.

Threat intelligence can be collected from a variety of sources such as governmental advisories, dark web monitoring, private sector feeds, intelligence-sharing communities and open source information. The key for organisations is to be able to digest this, and apply it accordingly to their specific organisation, to improve their cyber resilience efforts.

Black Arrow provides weekly threat intelligence free of charge through our online blog and weekly subscription summary email. To sign up, visit https://www.blackarrowcyber.com/subscribe

Source: [BetaNews]

The Risks of Quishing and How Enterprises Can Stay Secure

QR codes have surged in popularity in the past two years, mainly due to their convenient and touchless features that streamline daily transactions, making it easy for users to scan and access information quickly. However, this surge in popularity has also caught the attention of cyber criminals, who exploit QR codes to perpetrate phishing attacks, known as "quishing." Attackers use tactics, such as disguising malicious QR codes in seemingly legitimate contexts; these pose substantial risks, leading to compromised personal and corporate data, financial loss, and reputational damage. Organisations must prioritise understanding and fortifying defences against quishing, as these attacks pose significant risks to both individuals and organisations. By educating employees on discerning phishing attempts, enforcing device security measures, and leveraging specialised solutions, organisations can bolster their resilience against QR code-based cyber threats and safeguard their digital assets effectively.

Source: [Zimperium]

Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks

A recent report found that phishing attempts increased 106% year on year, with malware detections up 40%. In a separate report on phishing, it was found that 91% of organisation were impacted by AI-enhanced phishing attacks. Such numbers reinforce the reason for organisations to implement effective phishing training, and this should include training regarding AI-enhanced phishing emails.

Sources: [The Fintech Times] [Security Magazine]

Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks

Microsoft has released a report detailing how prominent state-linked actors are using generative AI to enhance their attack methods. Russian, North Korean, Iranian, and Chinese-backed threat actors are attempting to use generative AI to inform, enhance, and refine their attacks, according to the report. It’s clear that AI is a double-edged sword, and organisations must implement processes to reduce their risk and increase their resilience to it.

Source: [ITPro]

Cyber Risk Management: Bring Security to the Boardroom

Organisations are facing the dual challenge of managing business risk and aligning with ever-expanding cyber security goals; as such, the need for a robust cyber risk management strategy is more critical than ever. This calls for organisations to effectively communicate their security posture to the board with relevant metrics.

Engaging the board requires a strategic approach, emphasising clear communication and contextual visibility. Board members are already increasingly recognising the impact of poor security on an organisation’s reputation, budget, and overall well-being; it is essential to translate security concerns into tangible metrics that resonate with the board. Real-time metrics, alignment with business goals, and educating the board on cyber security nuances can help build the foundation for such a strategy.

Source: [Trend Micro]

Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes

Recent changes in the National Cyber Security Centre's (NCSC) threat reporting framework have prompted a call to action for pension scheme advisors.

Cyber security has fast become one of the biggest threats to pension schemes. Data breeches, scamming, ransomware, fraud: these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defence measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and ensure that reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.

Source: [The HR Director]

Nation State Actors Intensify Focus on NATO Member States

The head of threat research and analysis at Google Cloud has highlighted that nation state actors consider cyber warfare as another tool in their box, noting the current ongoing cyber warfare between Russia and Ukraine. Separate reports have found that the cyber war has extended to NATO member states, with initial access brokers (individuals who sell credentials to organisations) increasingly targeting entities within NATO member states.

Sources: [Help Net Security] [World Economic Forum ] [Inforisktoday] [Help Net Security]

Governance, Risk and Compliance

• The ROI of Investing in Cyber Security - Security Boulevard

• Leveraging threat intelligence for regulatory compliance (betanews.com)

• Getting a grip on cyber resilience – PublicTechnology

• It's Time to Rethink Third-Party Risk Assessment (darkreading.com)

• Cyber Risk Management: Bring Security to the Boardroom (trendmicro.com)

• A changing world requires CISOs to rethink cyber preparedness | CSO Online

• Cyber Security teams recognized as key enablers of business goals - Help Net Security

• 26 Cyber Security Stats Every User Should Be Aware Of in 2024 (securityaffairs.com)

• Cyber Security's Transformative Shift (darkreading.com)

• Fortifying Businesses Against Modern Information Threats (forbes.com)

• Executives must face down state-sponsored hacking groups targeting firmware | Computer Weekly

• Do you have a cyber security comms plan? | PR Week

• Cyber Security is your defensive strategy, cyber resilience is your business (securitybrief.co.nz)

• Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• New macOS Backdoor Linked to Prominent Ransomware Groups - SecurityWeek

• Ransomware tactics evolve, become scrappier - Help Net Security

• Rhysida Ransomware Cracked, Free Decryption Tool Released (thehackernews.com)

• Resiliency to ransomware | Professional Security

• Dual Ransomware Attacks: A Quicker Route to Extortion - Security Boulevard

• How To Prepare For A Ransomware Attack (forbes.com)

• 2023 Ransomware Attack Report - Security Boulevard

• The State of Ransomware in 2023 | BlackFog

• Cyber Security firm Check Point reports an increase in wiper-ware attacks amid geopolitical uncertainty - The Economic Times (indiatimes.com)

Ransomware Victims

• Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union (darkreading.com)

• Cyber Attack hits Swedish cloud provider Advania, healthcare services impacted | Cybernews

• Ransomware Attack Takes 100 Hospitals Offline (forbes.com)

• PR industry affected as media monitoring firm Onclusive hit by cyber attack | PR Week

• German battery maker Varta says five plants hit by cyber attack - CNA (channelnewsasia.com)

• UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers | TechCrunch

• The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro

Phishing & Email Based Attacks

• 91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times

• VIPRE Security Group's Annual Email Threat Landscape Shows Advanced Methods Needed for Security (prnewswire.com)

• Corporate users getting tricked into downloading AnyDesk - Help Net Security

• Phishing attacks increased 106% year over year | Security Magazine

• Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security

• Remote Monitoring & Management software used in phishing attacks | Malwarebytes

• What Is Phishing? Understanding Cyber Attacks (forbes.com)

• How are attackers using QR codes in phishing emails and lure documents? (talosintelligence.com)

• Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)

• 2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)

• London police block 43 crypto phishing web domains (cointelegraph.com)

• This new Android feature could help save you from phishing and malware – here's how | TechRadar

Other Social Engineering

• The War for Headspace: NextGen cyberattacks aim to manipulate people’s minds  | SC Media (scmagazine.com)

• 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

• QR code attacks target organizations in ways they least expect - Help Net Security

• QR Phishing. Fact or Fiction? | Pen Test Partners

• The Risks of Quishing and How Enterprises Can Stay Secure - Zimperium

Artificial Intelligence

• Deepfake CFO Video Calls Result in $25MM in Damages (trendmicro.com)

• 91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times

• Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)

• Microsoft and OpenAI warn state-backed threat actors are using generative AI en masse to wage cyber attacks | ITPro

• 55% of Generative AI Inputs Include Sensitive Data: Menlo Security - Security Boulevard

• We're at a Pivotal Moment for AI and Cyber Security (darkreading.com)

• Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)

• Tech Companies Turned Ukraine Into an AI War Lab | TIME

• Deepfake threats are on the rise - new research shows worrying rise in dangerous new scams | TechRadar

• Cyber criminals get productivity boost with AI - Help Net Security

• Stolen Face ID scans used to break into bank accounts • The Register

• AI outsourcing: A strategic guide to managing third-party risks - Help Net Security

• The Coming End of Biometrics Hastens AI-Driven Security - Security Boulevard

• Rental scams could soar as AI spreads, warns industry... (lettingagenttoday.co.uk)

• Cyber Security Threats: How To Fight AI With AI (forbes.com)

• The rise of AI threats and cyber security: predictions for 2024 | World Economic Forum (weforum.org)

2FA/MFA

• MFA isn't always keeping businesses safe from cyber attack | TechRadar

• 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

• Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica

Malware

• RustDoor malware targets macOS users by posing as a Visual Studio Update - gHacks Tech News

• Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)

• VexTrio network of hijacked websites used to spread malware • The Register

• Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks (darkreading.com)

• Suspected Warzone RAT hackers arrested | SC Media (scmagazine.com)

• From Cracked to Hacked: Malware Spread via YouTube Videos (cybereason.com)

• Apple Mac computers are not virus proof: The myth (qz.com)

• Bumblebee malware attacks are back after 4-month break (bleepingcomputer.com)

• Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)

• Glupteba Botnet Adds UEFI Bootkit to Cyber Attack Toolbox (darkreading.com)

• Understanding the tactics of stealthy hunter-killer malware - Help Net Security

• Water Hydra’s Zero-Day Attack Chain Targets Financial Traders - Infosecurity Magazine (infosecurity-magazine.com)

• Miscreants turn to ad tech to measure malware metrics • The Register

• New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer.com)

• “TicTacToe Dropper” Malware Distribution Tactics Revealed - Infosecurity Magazine (infosecurity-magazine.com)

• This new Android feature could help save you from phishing and malware – here's how | TechRadar

Mobile

• Stolen Face ID scans used to break into bank accounts • The Register

• Google Chrome Warning Suddenly Issued For All Android Users (forbes.com)

• Russian banks beat App Store Review using fake apps (appleinsider.com)

• Meta brushes off risk of account theft via number recycling • The Register

• This new Android feature could help save you from phishing and malware – here's how | TechRadar

Denial of Service/DoS/DDOS

• Cyber Security sectors adjust as DDoS attacks reach new heights - Help Net Security

• How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog

• Telecoms was the most targeted sector for DDoS attacks in 2023

• Average DDoS Attack Cost Businesses Nearly Half a Million Dollars in 2023, According to New Zayo Data | Business Wire

• DDoS Hacktivism is Back With a Geopolitical Vengeance - SecurityWeek

Internet of Things – IoT

• Canada to ban the Flipper Zero to stop surge in car thefts (bleepingcomputer.com)

• How secure is your security camera? Hackers can spy on cameras through walls, new research finds (techxplore.com)

Data Breaches/Leaks

• Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)

• Caravan club admits members' personal data possibly accessed • The Register

• DOD notifying people who may be impacted by a year-old data breach | DefenseScoop

• Southern Water Notifies Customers and Employees of Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro

• 200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)

• Prudential says hackers gained access to its computer systems | The Star

• Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru

• Thousands of DoD personnel may have had their private data leaked — US government admits 20,000 could be affected | TechRadar

• Hackers got nearly 7 million people’s data from 23andMe. The firm blamed users in ‘very dumb’ move | Hacking | The Guardian

• DNA testing: What happens if your genetic data is hacked? - BBC Future

• BMW security error left valuable private company data exposed online | TechRadar

Organised Crime & Criminal Actors

• 5 Things Movies Always Get Wrong About Computer Hackers (slashgear.com)

• 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data (securityaffairs.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• London police block 43 crypto phishing web domains (cointelegraph.com)

Insider Risk and Insider Threats

• Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru

• Insider threat greatest mid-market cyber security concern - CIR Magazine

Supply Chain and Third Parties

• Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)

• It's Time to Rethink Third-Party Risk Assessment (darkreading.com)

• Jet engine dealer to major airlines discloses cyber snafu • The Register

• AI outsourcing: A strategic guide to managing third-party risks - Help Net Security

• 6 best practices for third-party risk management | CSO Online

• Software security debt piles up for organisations even as critical flaws drop | CSO Online

Cloud/SaaS

• Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)

• Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica

• Benefits and challenges of managed cloud security services | TechTarget

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

Encryption

• Beating Bitlocker In 43 Seconds | Hackaday

Social Media

• Inside X's content moderation dilemma | Fortune

• 20 Years of Facebook, but Trust in Social Media Remains Rock Bottom - Infosecurity Magazine (infosecurity-magazine.com)

• Meta brushes off risk of account theft via number recycling • The Register

• 200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)

Malvertising

• Hackers Exploit Ad Tools to Track Victims, Boosting Scam Efforts (bloomberglaw.com)

Training, Education and Awareness

• The importance of security training in the zero trust era (betanews.com)

Regulations, Fines and Legislation

• Security experts: Investigatory powers plans will delay security updates | Computer Weekly

• FCC orders telecom carriers to report PII data breaches within 30 days (bleepingcomputer.com)

• When it comes to the new SEC ‘materiality’ rules, assume that OT and IoT breaches qualify | SC Media (scmagazine.com)

• A Quick Roadmap to NIS2 Directives - Security Boulevard

Models, Frameworks and Standards

• Benefits And Cautions Of Aligning With Cyber Security Frameworks (forbes.com)

• Key strategies for ISO 27001 compliance adoption - Help Net Security

• A Quick Roadmap to NIS2 Directives - Security Boulevard

Data Protection

• PII Input Sparks Cyber Security Alarm in 55% of DLP Events - Infosecurity Magazine (infosecurity-magazine.com)

• How companies are misjudging their data privacy preparedness - Help Net Security

Careers, Working in Cyber and Information Security

• UK cyber skills gap risk to businesses and national security | TechRadar

• Higher education offers limited benefit to many infosec pros | SC Media (scmagazine.com)

• We can’t risk losing staff to alert fatigue - Help Net Security

Law Enforcement Action and Take Downs

• London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime | WIRED

Misinformation, Disinformation and Propaganda

• Why we fall for fake news and how can we change that? - Help Net Security

• France uncovers a vast Russian disinformation campaign in Europe (economist.com)

• Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)

• Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters

• Cyber threats cast shadow over 2024 elections - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)

• Microsoft and OpenAI warn state-backed threat actors are using generative AI en masse to wage cyber attacks | ITPro

• Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek

• Cyber Arms Control and Global Security (greydynamics.com)

• Rise in cyberwarfare tactics fueled by geopolitical tensions - Help Net Security

• Threat actors intensify focus on NATO member states - Help Net Security

Nation State Actors

China

• Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)

• Ukraine claims Russia uses its cooperation with China to carry out cyber attacks | International | EL PAÍS English (elpais.com)

• Microsoft and OpenAI warn state-backed threat actors are using generative AI en masse to wage cyber attacks | ITPro

• US Official Warns of China’s Growing Offensive Cyber Power – The Diplomat

• China Targets US Hacking Ops in Media Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Explainer: what is Volt Typhoon and why is it the ‘defining threat of our generation’? | Hacking | The Guardian

• Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do it | ITPro

• Threat actors intensify focus on NATO member states - Help Net Security

• Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek

• Top US Venture Firms Funded Blacklisted Chinese Companies, House Committee Says | Mint

Russia

• Microsoft and OpenAI thwart AI use by state-affiliated hackers (geekwire.com)

• Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)

• Russia Continues to Focus on Cyber Operations and Espionage (inforisktoday.com)

• Russian banks beat App Store Review using fake apps (appleinsider.com)

• Ukraine claims Russia uses its cooperation with China to carry out cyber attacks | International | EL PAÍS English (elpais.com)

• France uncovers a vast Russian disinformation campaign in Europe (economist.com)

• Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters

• The methods of Russian interference in Scottish politics (ukdefencejournal.org.uk)

• Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (thehackernews.com)

• Tech Companies Turned Ukraine Into an AI War Lab | TIME

Iran

• How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)

• Iranian cyber attacks targeting US and Israeli entities | TechTarget

North Korea

• How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)

• Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)

• North Korea turns to designing gambling websites for cash • The Register

• North Korea successfully hacks email of South Korean President's aide, gains access to sensitive information (bitdefender.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Striking the Right Balance: How to Publicly Attribute a Cyber Operation to Another State | directions blog

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

Vulnerability Management

• Security experts: Investigatory powers plans will delay security updates | Computer Weekly

• Seeing is Believing… and Securing - SecurityWeek

• Three critical application security flaws scanners can’t detect (bleepingcomputer.com)

Vulnerabilities

• Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (bleepingcomputer.com)

• Zoom stomps critical privilege escalation bug, 6 other flaws • The Register

• Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices (thehackernews.com)

• Some Canon printers have seven critical security vulnerabilities — i-Sensys printer vulns rank at 9.8 severity | Tom's Hardware (tomshardware.com)

• Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)

• ESET Patches High-Severity Privilege Escalation Vulnerability - SecurityWeek

• CISA: Roundcube email server bug now exploited in attacks (bleepingcomputer.com)

• Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

Tools and Controls

• The ROI of Investing in Cyber Security - Security Boulevard

• Leveraging threat intelligence for regulatory compliance (betanews.com)

• Serious Vulnerability in the Internet Infrastructure / Fundamental design flaw in DNSSEC discovered (prleap.com)

• Remote Monitoring & Management software used in phishing attacks | Malwarebytes

• Getting a grip on cyber resilience – PublicTechnology

• It's Time to Rethink Third-Party Risk Assessment (darkreading.com)

• Do you have a cyber security comms plan? | PR Week

• MFA isn't always keeping businesses safe from cyber attack | TechRadar

• Understand the pros and cons of enterprise password managers | TechTarget

• Beating Bitlocker In 43 Seconds | Hackaday

• 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

• This botched migration shows why you need to deal with legacy tech | ZDNET

• How purple teaming enhances inter-team collaboration and effectiveness in cyber security - Help Net Security

• Benefits and challenges of managed cloud security services | TechTarget

• PII Input Sparks Cyber Security Alarm in 55% of DLP Events - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Steps to Improve Your Security Posture in Microsoft Teams (bleepingcomputer.com)

• No Security Scrutiny for Half of Major Code Changes: AppSec Survey - SecurityWeek

• 10 Security Metrics Categories CISOs Should Present to the Board (darkreading.com)

• Three critical application security flaws scanners can’t detect (bleepingcomputer.com)

• What is Threat Detection and Incident Response? - Security Boulevard

Reports Published in the Last Week

• VIPRE Security Group’s Annual Email Threat Landscape Research Shines Light on the Advanced Methods Needed to Secure Corporate Email Environment in 2024 - VIPRE

• 2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)

• HP Wolf Security Threat Insights Report Q4 2023 | HP Wolf Security

• The State of Ransomware in 2023 | BlackFog

Other News

• Trustees open to cyber risks by not responding to NCSC reporting changes | theHRD (thehrdirector.com)

• Top 5 Cyber security Concerns for HR Professionals: How to Safeguard Your Organisation | The HR World

• This botched migration shows why you need to deal with legacy tech | ZDNET

• Cyber attacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - SecurityWeek

• What is Threat Detection and Incident Response? - Security Boulevard

• Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do it | ITPro

• How Non-Profits and NGOs Deal with Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Here's how we get young people to rally for cyber security | World Economic Forum (weforum.org)

• Types of Cyber security Threats and Vulnerabilities - Security Boulevard

• Hacking the flow: The consequences of compromised water systems - Help Net Security

• Dutch insurers still requiring nudes from cancer patients • The Register

• Cyber threats to marketing | Kaspersky official blog

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling·        

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Enterprises prepare for the inevitable cyber attack - Help Net Security

• Board Support Critical For Cyber Security Defence | Silicon UK

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• The Role of the CISO in Digital Transformation (darkreading.com)

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security—Do We See Risks Increasing? | ETF Trends

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)

• Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)

• Allianz cyber head warns ransomware is "back with a vengeance" | Insurance Business America (insurancebusinessmag.com)

• Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• The crazy world of ransomware • Graham Cluley

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (databreaches.net)

• DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

• Only 4% of UK housing associations feel sector is fully prepared for ransomware attack | Scottish Housing News

• Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)

Ransomware Victims

• Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette

• Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International

• Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)

• British Library contacts users after Rhysida leaks data • The Register

• Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News

• Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial (therecord.media)

• University of Manchester CISO Speaks Out on Summer Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)

• GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)

• English council spent £1.1 million recovering from ransomware attack (therecord.media)

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)

• Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)

• New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd

• Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)

• Ardent Health Services Grapples With Ransomware Disruption - Infosecurity Magazine (infosecurity-magazine.com)

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Top instant money provider service hacked, over a million users possibly affected | TechRadar

• Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)

Phishing & Email Based Attacks

• Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing makes up 43% of email attacks | Security Magazine

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• Organisations can't ignore the surge in malicious web links - Help Net Security

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Booking.com Customers Scammed in Novel Social Engineering Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• What custom GPTs mean for the future of phishing - Help Net Security

• A reality check on email security threats in healthcare (securitybrief.co.nz)

Artificial Intelligence

• Released: AI security guidelines backed by 18 countries - Help Net Security

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• CISA and NCSC lead efforts to raise AI security standards • The Register

• Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• Securing generative AI across the technology stack | TechCrunch

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• What custom GPTs mean for the future of phishing - Help Net Security

• 8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)

Malware

• Implications of “malware free” attacks on SMBs (databreaches.net)

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Hacked Microsoft Word documents being used to trick Windows users | TechRadar

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - Infosecurity Magazine (infosecurity-magazine.com)

• A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)

• LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)

Mobile

• Busting 6 Myths About Mobile Device Security | MSSP Alert

• Surge in counterfeit app risk as cyber crime exploits rising digital consumption (securitybrief.co.nz)

• NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)

• 200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)

Denial of Service/DoS/DDOS

• Same threat, new stakes: DDoS in an evolving telecoms sector

Internet of Things – IoT

• Cyber pros avoid smart devices: there is a good reason | Cybernews

• Navigating IoT security in a connected world - EDN

• IoT Security Labeling Improving, But More Collaboration Needed - EE Times

Data Breaches/Leaks

• Okta security breach much worse than originally disclosed – all customers' data potentially affected | Mashable

• Nuclear lab faces niche cyber threat (computing.co.uk)

• App used by hundreds of schools leaking children's data (securityaffairs.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Gulf Air exposed to data breach, 'vital operations not affected' | Reuters

• General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Leader of Killnet 'unmasked' by Russian state media • The Register

• A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

• Security official: Romania is an exporter of cyber security in its part of the word (stiripesurse.ro)

• I'm a hacker who was jailed for a decade for heading up a cyber criminal organisation - I started the group to fight back against bullies but got hooked on the power | Daily Mail Online

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch

• US imprisons Ukrainian SSNDOB administrator for 8 years • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Insurance

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

Supply Chain and Third Parties

• Cyber attack on managed service provider potentially affects hundreds of law firms | Scottish Legal News

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• Telecom Industry Association Advances Supply Chain Security | MSSP Alert

Cloud/SaaS

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)

• Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)

• Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon

• 90+ Key Password Breach Statistics in 2023 (techreport.com)

Social Media

• Google, Meta, allege China cyber attacks • The Register

Training, Education and Awareness

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

Regulations, Fines and Legislation

• European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)

• Released: AI security guidelines backed by 18 countries - Help Net Security

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• EU considers widening scope of cyber security regulation (finextra.com)

• Newly-proposed cyber security rules could affect cloud banking services in the EU - PaymentExpert.com

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

• 5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security

• The SEC’s Fraud Suit Against SolarWinds: 3 Cyber security Action Items for Companies to Consider | Orrick, Herrington & Sutcliffe LLP - JDSupra

• False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs

Models, Frameworks and Standards

• CISA Launches Project to Assess Effectiveness of Security Controls - Infosecurity Magazine (infosecurity-magazine.com)

• The challenge of adding governance as a pillar of cyber security (c4isrnet.com)

Data Protection

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

Careers, Working in Cyber and Information Security

• Information overload puts cyber security at risk (betanews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• More than half admit to ignoring cyber security alerts (itsecuritywire.com)

• Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)

• Unhappy network professionals juggling more with less - Help Net Security

Law Enforcement Action and Take Downs

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)

• CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle

• Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week

• New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

Misinformation, Disinformation and Propaganda

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors

China

• Deloitte and KPMG ask staff to use burner phones for Hong Kong trips

• Google, Meta, allege China cyber attacks • The Register

Russia

• Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)

• Leader of Killnet 'unmasked' by Russian state media • The Register

Iran

• Pennsylvania water facility hit by Iran-linked hackers | CyberScoop

• North Texas water utility serving 2 million hit with cyber attack (therecord.media)

• Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium

North Korea

• North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Hamas-linked APT uses Rust-based SysJoker backdoor against Israel (securityaffairs.com)

• Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop

• SysJoker Malware: Hamas-Related Threat Expands With Rust Variant - Infosecurity Magazine (infosecurity-magazine.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Israel’s national water company sees increase in cyber attacks since beginning of war | Ctech (calcalistech.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

Vulnerability Management

• Why it’s the perfect time to reflect on your software update policy - Help Net Security

Vulnerabilities

• Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)

• Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)

• Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security

• Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week

• Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! - Help Net Security

• PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

Tools and Controls

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News

• Building cyber resilience for tomorrow’s threats - Help Net Security

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

• What cyber security pros can learn from first responders (securityintelligence.com)

• Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert

• Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security

• Researcher flags OpenCart security issue, founder rages • The Register

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Reports Published in the Last Week

• 2023 Zscaler ThreatLabz State of Phishing Report | Zscaler

Other News

• Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360

• Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

• Microsoft is at the Heart of US National Security Systems and It’s Vulnerable: Cyber Security Expert | NTD

• Implications of “malware free” attacks on SMBs (databreaches.net)

• Reading Borough Council apologises for dodgy infosec advice • The Register

• Holiday Season Increases Cyber security Risks (forbes.com)

• Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Paris water agency targeted in cyber attack - Emerging Risks Media Ltd

• Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)

• No plain sailing: modern pirates hack superyachts' cyber security | Euronews

• Hackers Hijack Industrial Control System at US Water Utility  - Security Week

• How to Keep Cyber attacks From Taking Off (darkreading.com)

• Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)

• Japan’s space agency suffers cyber attack • The Register

• CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)

• New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

The Human Element- Cyber Security’s Great Challenge

According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.

Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.

Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.

Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]

Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows

Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.

The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.

Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.

Sources [Computer Weekly]  [Beta News] [Beta News]

Despite Increasing Ransomware Attacks, Some Companies are in Denial

A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.

Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.

In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.

Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]

A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People

It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.

In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.

Sources: [The Register] [Computer Weekly]

The True Cost of a Ransomware Attack

While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.

For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [ITPro]

Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk

A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.

The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.

Source: [TechXplore]

Cyber Security Investment Involves More Than Just Technology

C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Dark Reading]

Questions Leaders Must Ask Themselves on Security Culture

In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.

Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.

Source: [AT&T]

There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime

The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.

Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.

Sources: [The Currency]

Cyber Attack on British Library Highlights Lack of UK Resilience

A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).

The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.

Source: [FT]

Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements

The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.

With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.

Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.

Sources: [Help Net Security] [Help Net Security]

The Cyber Security Lawsuit Boards are Talking About

For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.

Source: [The New York Times]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget

• Accelerating Security Risk Management (trendmicro.com)

• Companies step up investment in ransomware protection (betanews.com)

• CISOs can marry security and business success - Help Net Security

• 7 must-ask questions for leaders on security culture (att.com)

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Cyber security Investment Involves More Than Just Technology (darkreading.com)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Corporate Boards Mulling Effects of SEC Cyber Enforcement and CISO Exposure, and Possibly Hacker Complaints to SEC | Jackson Lewis P.C. - JDSupra

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Inflation, cyber risks the biggest worry for firms | Nation

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Why transparency and accountability are important in cyber security | Computer Weekly

• ‘I employ a lot of hackers’: how a stock exchange chief deters cyber attacks | Cyberwar | The Guardian

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• Humans Are Notoriously Bad at Assessing Risk - SecurityWeek

• The role experience plays in risk mitigation (betanews.com)

• Internal audit leaders are wary of key tech investments - Help Net Security

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Stressed staff put enterprises at risk of cyber attack (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)

• More than money: The true cost of a ransomware attack | ITPro

• Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert

• Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Companies step up investment in ransomware protection (betanews.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)

• The shifting sands of the war against cyber extortion - Help Net Security

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Ransomware groups rack up victims among corporate America | CyberScoop

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio

• UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology

• Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)

• Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)

• 4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal

Ransomware Victims

• Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor

• British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• ‘Sex life data’ stolen from UK government among record number of ransomware attacks (therecord.media)

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International

• London & Zurich ransomware attack causes customer chaos • The Register

• CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek

• Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Rhysida claims it hacked the British Library - Tech Monitor

• Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)

• Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar

• Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)

• St Helens Council suspected cyber attack caused significant disruption - BBC News

• Western Isles Council backup systems 'inaccessible' following cyber attack | STV News

• Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)

• BlackCat claims attack on Fidelity National Financial • The Register

Phishing & Email Based Attacks

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert

• How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon

Artificial Intelligence

• Cyber threats reached a new high this year, with AI playing a major role | TechRadar

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)

• Smaller businesses embrace GenAI, overlook security measures - Help Net Security

• AI Solutions Are the New Shadow IT (thehackernews.com)

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• OII | Large Language Models pose risk to science with false answers, says Oxford study

Malware

• 5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)

• Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE

• Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• MySQL servers hit by DDoS malware botnet | TechRadar

• 27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts (thehackernews.com)

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)

• Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)

• Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)

• How Ducktail steals Facebook accounts | Kaspersky official blog

• Cyber criminals turn to ready-made bots for quick attacks - Help Net Security

• 3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)

Mobile

• FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek

• Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog

• Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)

Denial of Service/DoS/DDOS

• NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate (databreaches.net)

• MySQL servers hit by DDoS malware botnet | TechRadar

Internet of Things – IoT

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

Data Breaches/Leaks

• 4 data loss examples keeping backup admins up at night | TechTarget

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

• Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)

• US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Sabre Insurance hit by cyber attack | Insurance Times

• Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)

• Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)

• Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)

• Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Sumo Logic says customer data untouched during breach • The Register

Organised Crime & Criminal Actors

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)

• Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

Insider Risk and Insider Threats

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• cyber security: Security violations by employees as harmful as hacking: Report - The Economic Times (indiatimes.com)

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)

Cloud/SaaS

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)

Encryption

• Some unbreakable RSA encryption keys are accidentally leaking online | New Scientist

Passwords, Credential Stuffing & Brute Force Attacks

• Largest study of its kind shows outdated password practices are putting millions at risk (techxplore.com)

• Your password hygiene remains atrocious, says NordPass • The Register

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

Social Media

• How Ducktail steals Facebook accounts | Kaspersky official blog

Malvertising

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

Training, Education and Awareness

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

Regulations, Fines and Legislation

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• What CISOs Need to Know About Materiality | Mimecast

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Does claiming you were hacked when you had really just screwed up violate the FTC Act? (databreaches.net)

• Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records | WIRED

• UK watchdog threatens enforcement action over ad cookies • The Register

Models, Frameworks and Standards

• NIS2 and its global ramifications - Help Net Security

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru

Data Protection

• 1 in 5 executives question their own data protection programs - Help Net Security

Careers, Working in Cyber and Information Security

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Half of Cyber security Professionals Kept Awake By Workload Worries - IT Security Guru

Law Enforcement Action and Take Downs

• Wirecard hacker sentenced to 80 months in prison (ft.com)

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• AI Helps Uncover Russian State-Sponsored Disinformation in Hungary (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Why cyber war readiness is critical for democracies - Help Net Security

• Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)

Nation State Actors

China

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions (thehackernews.com)

Russia

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)

• Embezzlement Scandal Consumes a Top Ukrainian Cyber Official, Jolting Relationship With US - The Messenger

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• The Defence Intelligence of Ukraine Reveals that Russia’s Civil Aviation Industry Is on the Brink of Collapse | Defence Express (defence-ua.com)

Iran

• Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

North Korea

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors (paloaltonetworks.com)

• DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)

• Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

Vulnerability Management

• Reflecting on 20 years of Patch Tuesday | MSRC Blog | Microsoft Security Response Center

Vulnerabilities

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg

• Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)

• Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)

• Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Adobe Releases Security Updates for ColdFusion | CISA

• Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)

Tools and Controls

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Accelerating Security Risk Management (trendmicro.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)

• Companies step up investment in ransomware protection (betanews.com)

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• The role experience plays in risk mitigation (betanews.com)

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

• Identity And Access Management: 18 Important Trends And Considerations

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• MFA under fire, attackers undermine trust in security measures - Help Net Security

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• 6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)

• The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)

Other News

• Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)

• Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)

• UK proposes 'super-complaints' to help keep internet safe • The Register

• Consumers plan to be more consistent with their security in 2024 - Help Net Security

• Security trends public sector leaders are watching | CyberScoop

• Even gas pumps aren't safe from cyber attacks at the moment | TechRadar

• Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider

• Cyber security: New plan to tackle ‘fastest-growing threat’ confronting Australia | The West Australian

• The US government wants to offer better cyber security to major infrastructure firms | TechRadar

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• Australia’s cyber security strategy focuses on protecting small businesses and critical infrastructure | CSO Online

• Cyber security at EU institutions: European Parliament adopt proposed Cyber security Regulation and EU institutions organise cyber security exercise | Practical Law (thomsonreuters.com)

• The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar

• Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)

• Shields Ready: Critical Infrastructure Security and Resilience

• Crimeware and financial cyberthreat predictions for 2024 | Securelist

• Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters

• Read again: Decoding cyber security, safeguarding educational institutions | Edexec

• What direction for the EU Cyber security Competence Centre? – EURACTIV.com

• Unveiling the Most Common Cyber Threats in Retail – International Supermarket News

• Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• 29% of organisations cite data loss as top security breach result | Security Magazine

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)

• Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar

• Security Is a Process, Not a Tool (darkreading.com)

• 6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• Should cyber security overconfidence be on your threat radar? | TechRadar

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Every Business Owner Should Be Thinking About Improving Online Security | Inc.com

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)

• How to withstand the onslaught of cyber security threats - Help Net Security

• 8 ways to cope with cyber security budget cuts | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Law practices and government agencies experience the largest ransomware spikes - Digital Journal

• Orgs still losing logs, powerless to speedy ransomware • The Register

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• 29 new ransomware groups have emerged in 2023 | ITPro

• 46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine

• Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business

• Half of Ransomware Groups Operating in 2023 Are New - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• The Persistent Menace: Understanding And Combating Ransomware (forbes.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Ransomware tracker: The latest figures [November 2023] (therecord.media)

• Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)

• LockBit ransomware group assemble strike team to breach banks, law firms and governments. | by Kevin Beaumont | Nov, 2023 | DoublePulsar

• Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Uncovering the ransomware threat from global supply chains | ITPro

• Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Success eludes the International Counter Ransomware Initiative - Help Net Security

• New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)

• How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)

• Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK

• FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)

• ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• FBI pumping 'significant' resources into Scattered Spider • The Register

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

• It ain’t what you store, it’s the way you restore it. • The Register

Ransomware Victims

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• How a cyber attack crippled the world's largest bank for hours | Euronews

• ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)

• FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)

• Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)

• Major cyber attack on Australian ports suggests sabotage by a 'foreign state actor' (theconversation.com)

• Tri-City Medical Center cyber attack impacting patient care (10news.com)

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• LockBit leaks Boeing files after failed ransom negotiations • The Register

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• British Library’s Halloween cyber scare was ransomware | Computer Weekly

• Royal Mail ransomware recovery to cost at least $12 million • The Register

• 9 million patients had data stolen after US medical transcription firm hacked | TechCrunch

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)

• Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News

• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)

• Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week

• Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)

• Stellantis production affected by cyber attack at auto supplier - The Columbian

Phishing & Email Based Attacks

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)

Artificial Intelligence

• UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)

• UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK

• AI disinformation campaigns pose major threat to 2024 elections - Help Net Security

• AI poses growing threat to next general election, warns UK cyber security agency | UK News | Sky News

• Microsoft blocks internal access to ChatGPT over security • The Register

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED

• CISA Has a New Road Map for Handling Weaponized AI | WIRED

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)

• How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker

• Top 5 Risks of Artificial Intelligence - IT Security Guru

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Malware

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Infostealers and the high value of stolen data - Help Net Security

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• Ducktail Malware Targets the Fashion Industry (darkreading.com)

Mobile

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com

• Apple and Google have made phones the key to your digital life. Here’s what to do if you lose it. - Vox

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• How to spot a fake data blocker that could hack your computer in seconds | ZDNET

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Denial of Service/DoS/DDOS

• Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online

• How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)

Internet of Things – IoT

• UK Privacy Regulator Issues Black Friday Smart Device Warning - Infosecurity Magazine (infosecurity-magazine.com)

• How to protect your organisation from IoT malware | TechTarget

• Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)

Data Breaches/Leaks

• Infostealers and the high value of stolen data - Help Net Security

• 29% of organisations cite data loss as top security breach result | Security Magazine

• McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)

• Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)

• Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)

• Fourth time unlucky: Okta hit by new cyber attack - Digital Journal

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• The real cost of healthcare cyber security breaches - Help Net Security

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)

• Samsung warns some customers their data may have been stolen by hackers | TechRadar

• Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)

• Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)

• Morgan Stanley fined over computers with personal data (cnbc.com)

• Samsung says hackers accessed customer data during year-long breach | TechCrunch

• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED

• Electric Ireland Confirms Compromise of 8,000 Customers’ Personal and Financial Data - IT Security Guru

Organised Crime & Criminal Actors

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• 'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Ethereum hacked to steal millions from users across the world | TechRadar

• Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)

Insider Risk and Insider Threats

• Employees putting businesses at risk downloading apps and software without consent | theHRD (thehrdirector.com)

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Insurance

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• Cyber insurance predictions for 2024 - Help Net Security

• Cyber ‘Catastrophe Bonds’ Move Step Closer to Hitting Public Debt Markets | Tech News (hindustantimes.com)

• Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News

Supply Chain and Third Parties

• Uncovering the ransomware threat from global supply chains | ITPro

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)

Cloud/SaaS

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• Traditional cloud security isn't up to the task - Help Net Security

• Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security

Identity and Access Management

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

Encryption

• The new frontier in online security: Quantum-safe cryptography (techxplore.com)

• In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

• TETRA encryption algorithms entering the public domain • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)

• Top Passwords Used By Business Executives | NordPass

• Google Workspace security flaws could see hackers easily snaffle your password | TechRadar

• Stop using weak passwords for streaming services - it's riskier than you think | ZDNET

• The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot

Social Media

• Meta and YouTube face criminal surveillance complaints • The Register

• How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)

Malvertising

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Adware activity doubles in Q3 (betanews.com)

Training, Education and Awareness

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Regulations, Fines and Legislation

• EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)

• MPs Dangerously Uninformed About Facial Recognition – Report - Infosecurity Magazine (infosecurity-magazine.com)

• Meta and YouTube face criminal surveillance complaints • The Register

• SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)

• Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Morgan Stanley fined over computers with personal data (cnbc.com)

• White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop

Models, Frameworks and Standards

• What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra

• Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security

Backup and Recovery

• Why backup matters more than ever - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Data Protection

• Web browsing data collected in more detail than previously known, report finds (ft.com)

• Online ad auction data harms national security – claim • The Register

Careers, Working in Cyber and Information Security

• The challenges and opportunities of working in cyber security | TechRadar

• How US SEC legal actions put CISOs at risk and what to do about it | CSO Online

• Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)

Law Enforcement Action and Take Downs

• Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

• NCSC Annual Review on 'state-aligned actors' | Professional Security

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

Nation State Actors

China

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC/ransomware: China’s cyber security industry moves out of the shadows

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• The alarming cyber hack at ICBC (ft.com)

• China proposes auditors undergo cyber security checks if national security involved - CNA (channelnewsasia.com)

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Labour warns against watering down of UK’s takeover screening powers

Russia

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC pays ransom after US hack (finextra.com)

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert

• Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (thehackernews.com)

• Russia will target other countries for web attacks, Ukraine cyber defence chief warns – The Irish Times

• Major hack by Russian gang steals social security numbers and health information from 1.3 million in Maine | Daily Mail Online

• EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)

Iran

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

North Korea

• Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)

• Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Cyber Criminals Exploit Gaza Crisis With Fake Charity - Infosecurity Magazine (infosecurity-magazine.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

Vulnerabilities

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• Juniper networking devices under attack - Help Net Security

• CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)

• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)

• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)

• Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)

• Adobe Releases Security Updates for Multiple Products | CISA

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week

• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week

• Fortinet Releases Security Updates for FortiClient and FortiGate | CISA

• Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)

• New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)

• SAP Patches Critical Vulnerability in Business One Product - Security Week

• Critical flaw fixed in SAP Business One product (securityaffairs.com)

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• Citrix Releases Security Updates for Citrix Hypervisor | CISA

• Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)

• An email vulnerability let hackers steal data from governments around the world (engadget.com)

• Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)

• Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr

• Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)