Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 26 January 2024
Black Arrow Cyber Threat Intelligence Briefing 26 January 2024:
-Russian Hackers' Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call
-94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures
-Cyber Risks Needs to be Prioritised as a Key Business Risk Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda
-81% of Security Professionals Say Phishing Is Top Threat
-Ransomware Attacks Cause Significant Psychological Harm
-Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password
-NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime
-Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk
-Historic Data Leak Reveals 26 billion Records: Check What is Exposed
-Boardroom Cyber Expertise Comes Under Scrutiny
-“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules
-Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%
Black Arrow Cyber Threat Briefing 26 January 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call
Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.
Sources: [Help Net Security] [Security Boulevard]
94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures
A recent study found that while 94% of CISOs are concerned with third-party cyber security threats, including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.
Sources: [Dark Reading]
Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda
The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.
Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]
81% of Security Professionals Say Phishing Is Top Threat
A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.
Sources: [ITPro] [Beta News] [Security Magazine]
Ransomware Attacks Cause Significant Psychological Harm
One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.
Sources: [The Record Media] [TechRadar]
Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password
A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.
Sources: [ITPro] [Business Wire] [Security Magazine]
NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime
An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.
Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]
Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk
Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.
One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations; in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.
Sources: [ITPro] [Help Net Security] [ITPro]
Historic Data Leak Reveals 26 billion Records: Check What is Exposed
In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com
Source: [Security Affairs]
Boardroom Cyber Expertise Comes Under Scrutiny
Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.
Source: [Security Intelligence]
“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules
The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.
These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.
Source: [The Currency]
Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%
In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.
Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]
Governance, Risk and Compliance
Treat cyber risk like financial or legal issue, says UK government | Computer Weekly
Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)
Organisations face devastating financial consequences from cyber attacks (betanews.com)
Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire
The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)
Boardroom cyber expertise comes under scrutiny (securityintelligence.com)
Resilience: The New Priority for Your Security Model (inforisktoday.com)
10 must-have security tips for digital nomads | Computerworld
CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)
Why cyber attacks mustn’t be kept secret - Help Net Security
Business continuity vs. disaster recovery vs. incident response | TechTarget
Why resilience leaders must prepare for polycrises - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)
UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)
Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News
UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar
Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)
Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)
Organisations invest more in data protection but recover less - Help Net Security
Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)
Hackers target TeamViewer to try and get access to your company's network | TechRadar
Ransomware Victims
Major US, UK Water Companies Hit by Ransomware - SecurityWeek
Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg
Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)
Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)
LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)
loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)
Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek
Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)
Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)
Cyber attack in Merseyside as 'immediate steps taken' (msn.com)
Phishing & Email Based Attacks
81 percent of security pros say phishing is the top threat (betanews.com)
Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)
Organisations need to switch gears in their approach to email security - Help Net Security
HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek
Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security
Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra
Trezor reveals 66,000 users could face phishing attack (coinjournal.net)
PHP-less phishing kits that can run on any website | Netcraft
New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire
Artificial Intelligence
AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger
The near-term impact of AI on the cyber threat - NCSC.GOV.UK
NCSC: AI to boost nation-states’ malware potency • The Register
Battling Misinformation During Election Season (darkreading.com)
Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)
AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)
Researchers Map AI Threat Landscape, Risks (darkreading.com)
The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard
Malware
NCSC: AI to boost nation-states’ malware potency • The Register
MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)
'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)
Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)
Mobile
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)
iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)
New method to safeguard against mobile account takeovers - Help Net Security
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)
Data of 15 million Trello users scraped and offered for sale - Help Net Security
Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)
BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)
Healthtech firm's cyber attack victim list keeps growing - Digital Journal
VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek
Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)
loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)
Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)
The growing threat of data breaches in the age of AI and data privacy | TechRadar
23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)
Organised Crime & Criminal Actors
Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’
Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471
'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)
Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US regulator admits cyber security lapse before rogue Bitcoin post - BBC News
Trezor reveals 66,000 users could face phishing attack (coinjournal.net)
Insider Risk and Insider Threats
Majority of companies not prepared for insider threats (betanews.com)
Fighting insider threats is tricky but essential work - Help Net Security
Insurance
Supply Chain and Third Parties
From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)
Supply chain security: Responding to emerging cyber threats (techuk.org)
CISOs' role in identifying tech components and managing supply chains - Help Net Security
Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)
Cloud/SaaS
On premises vs. cloud pros and cons, key differences | TechTarget
The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)
Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)
88% of organisations use passwords as primary authentication method | Security Magazine
The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro
Social Media
Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)
Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
Malvertising
Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED
Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED
Regulations, Fines and Legislation
Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
US regulator admits cyber security lapse before rogue Bitcoin post - BBC News
Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)
Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek
Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop
Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek
The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Russia
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)
HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek
Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)
Massive cyber attack targets Ukrainian online bank (kyivindependent.com)
Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)
Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News
Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)
Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)
Iran
North Korea
Vulnerability Management
45% of critical CVEs left unpatched in 2023 - Help Net Security
Patch management: Why firms ignore vulnerabilities at their own risk | ITPro
What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard
Security vendors are accused of bending CVE assignment rules • The Register
German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)
The effect of omission bias on vulnerability management - Help Net Security
52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)
Vulnerabilities
Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)
CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)
Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)
Chrome 121 ships with security updates and new AI tools - gHacks Tech News
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)
Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek
Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)
High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek
Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)
Security vendors are accused of bending CVE assignment rules • The Register
Mozilla Releases Security Updates for Thunderbird and Firefox | CISA
5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)
Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)
Tools and Controls
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Resilience: The New Priority for Your Security Model (inforisktoday.com)
With so much data at hand, should cyber defences be more effective? | TechRadar
How to Shine in Your Next Cyber Security Audit - Security Boulevard
AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)
Business continuity vs. disaster recovery vs. incident response | TechTarget
Why resilience leaders must prepare for polycrises - Help Net Security
Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)
German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)
The 9 best incident response metrics and how to use them | TechTarget
The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard
We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA
Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)
Emerging trends and strategies in digital forensics - Help Net Security
Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard
Reports Published in the Last Week
Other News
With so much data at hand, should cyber defences be more effective? | TechRadar
Threat actors are exploiting web applications - Security Boulevard
Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru
Cyber Security Challenges at the World Economic Forum (govtech.com)
The Threat Landscape Is Always Changing: What to Expect in 2024 | Proofpoint US
What is Lateral Movement in Cyber Security? - Security Boulevard
Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon
US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine
US continues to be leading cyber threat target | SC Media (scmagazine.com)
Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)
Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 March 2023
Black Arrow Cyber Threat Briefing 24 March 2023:
-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority
-IT Security Spending to Reach Nearly $300 Billion by 2026
-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
-Board Cyber Shortage: Don’t Get Caught Swimming Naked
-Should Your Organisation Be Worried About Insider Threats?
-UK Ransomware Incident Volumes Surge 17% in 2022
-Financial Industry Hit by Rising Ransomware Attacks and BEC
-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
-Security Researchers Spot $36m BEC Attack
-New Victims Come Forward After Mass Ransomware Attack
-Ransomware Gangs’ Harassment of Victims is Increasing
-Wartime Hacktivism is Spilling Over Into the Financial Services Industry
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.
Controlling Third-Party Data Risk Should be a Top Cyber Security Priority
Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.
IT Security Spending to Reach Nearly $300 Billion by 2026
Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.
https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/
2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.
https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html
Board Cyber Shortage: Don’t Get Caught Swimming Naked
The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors.
Should your Organisation be Worried about Insider Threats?
Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.
https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/
UK Ransomware Incident Volumes Surge 17% in 2022
According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.
https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/
Financial Industry Hit by Rising Ransomware Attacks and BEC
According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.
55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.
Security Researchers Spot $36m BEC Attack
Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.
https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/
New Victims Come Forward After Mass Ransomware Attack
Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.
https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
Ransomware Gangs’ Harassment of Victims is Increasing
Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.
https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/
Wartime Hacktivism is Spilling Over into the Financial Services Industry
The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.
Threats
Ransomware, Extortion and Destructive Attacks
LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)
UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg
BianLian ransomware crew swaps encryption for extortion • The Register
New victims come forward after mass-ransomware attack | TechCrunch
Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)
LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)
Free decryptor released for Conti-based ransomware following data leak | Tripwire
New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek
Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert
US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs
Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online
Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)
Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)
Prevent Ransomware with Cyber security Monitoring (trendmicro.com)
Ferrari in a spin as crims steal customer data • The Register
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)
Phishing & Email Based Attacks
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)
Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)
Mobile
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Android apps are spying on you — with no easy way to stop them | Digital Trends
Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar
How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)
Botnets
Denial of Service/DoS/DDOS
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Internet of Things – IoT
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Google sounds alarm on Samsung modem bugs in Android devices • The Register
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Data Breaches/Leaks
Complacency of staff to blame for data breaches (thesundaily.my)
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
Data breaches cost businesses nearly $6M on average: Mastercard | CTV News
Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)
NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs
Lowe’s Market chain leaves client data up for grabs- Security Affairs
Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)
South Korea fines McDonalds for data leak from raw SMB share • The Register
A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt
General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Insider Risk and Insider Threats
Should Your Organisation Be Worried About Insider Threats? - IT Security Guru
Top 5 Insider Threats to Look Out For in 2023- Security Affairs
Preventing Insider Threats in Your Active Directory (thehackernews.com)
Fraud, Scams & Financial Crime
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)
Deepfakes
Insurance
SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET
Cyber insurance carriers expanding role in incident response | TechTarget
Supply Chain and Third Parties
Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)
Companies vulnerable to cyber-attack via suppliers - research | RNZ News
Why you should treat ChatGPT like any other vendor service - Help Net Security
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Software Supply Chain
Cloud/SaaS
How access management helps protect identities in the cloud | VentureBeat
Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)
The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch
Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)
The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley
New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)
4 Tips for Better AWS Cloud Workload Security (trendmicro.com)
Hybrid/Remote Working
Identity and Access Management
How access management helps protect identities in the cloud | VentureBeat
The impact of AI on the future of ID verification - Help Net Security
Preventing Insider Threats in Your Active Directory (thehackernews.com)
CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)
API
Open Source
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
BBC presses staff to uninstall TikTok from corporate kit • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Training, Education and Awareness
Regulations, Fines and Legislation
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
India’s infosec reporting rules observed by just 15 orgs • The Register
Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)
Governance, Risk and Compliance
How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)
How to best allocate IT and cyber security budgets in 2023 - Help Net Security
IT security spending to reach nearly $300 billion by 2026 - Help Net Security
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
How Your Cyber security Strategy Enables Better Business (trendmicro.com)
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
How Can CISOs Connect With the Board of Directors? (darkreading.com)
Achieving The Five Levels Of Information Security Governance (forbes.com)
Enhance security while lowering IT overhead in times of recession - Help Net Security
Why organisations shouldn't fold to cyber criminal requests - Help Net Security
Models, Frameworks and Standards
Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Backup and Recovery
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch
How to protect online privacy in the age of pixel trackers - Help Net Security
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
French govt clears AI facial scans for Paris Olympics • The Register
Artificial Intelligence
EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews
ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
We need to create guardrails for AI | Financial Times (ft.com)
GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)
Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom
The impact of AI on the future of ID verification - Help Net Security
7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online
Why you should treat ChatGPT like any other vendor service - Help Net Security
Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch
French govt clears AI facial scans for Paris Olympics • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)
BBC presses staff to uninstall TikTok from corporate kit • The Register
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Nation State Actors
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
BBC presses staff to uninstall TikTok from corporate kit • The Register
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
The pressing threat of Chinese-made drones flying above US critical infrastructure | CyberScoop
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online
Vulnerability Management
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant
10 Vulnerabilities Types to Focus On This Year (darkreading.com)
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Vulnerabilities
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)
CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)
Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)
Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs
Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)
Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs
WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)
Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)
Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar
Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)
ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)
Tools and Controls
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Complacency of staff to blame for data breaches (thesundaily.my)
How access management helps protect identities in the cloud | VentureBeat
Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware
The Ethics of Network and Security Monitoring (darkreading.com)
Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica
How network perimeters secure enterprise networks | TechTarget
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Other News
Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News
Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica
What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)
Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)
Top ways attackers are targeting your endpoints - Help Net Security
What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)
Techno-nationalism explained: What you need to know (techtarget.com)
How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru
Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 March 2023
Black Arrow Cyber Threat Briefing 17 March 2023:
-Almost Half of IT Leaders Consider Security as an Afterthought
-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
-Over 721 Million Passwords Were Leaked in 2022
-How Much of a Cyber Security Risk are Suppliers?
-90% of £5m+ Businesses Hit by Cyber Attacks
-Rushed Cloud Migrations Result in Escalating Technical Debt
-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
-Microsoft Warns of Large-Scale Use of Phishing Kits
-BEC Volumes Double on Phishing Surge
-The Risk of Pasting Confidential Company Data in ChatGPT
-Ransomware Attacks have Entered a New Phase
-MI5 Launches New Agency to Tackle State-Backed Attacks
-Why Cyber Awareness Training is an Ongoing Process
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Almost Half of IT Leaders Consider Security as an Afterthought
A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.
Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.
Over 721 Million Passwords were Leaked in 2022
A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.
https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/
How Much of a Cyber Security Risk are Suppliers?
When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.
https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2
90% of £5m+ Businesses Hit by Cyber Attacks
A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.
https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/
Rushed Cloud Migrations Result in Escalating Technical Debt
A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.
https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.
Microsoft Warns of Large-Scale Use of Phishing Kits
Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.
https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html
BEC Volumes Double on Phishing Surge
The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.
https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/
The Risk of Pasting Confidential Company Data in ChatGPT
Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.
https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html
Ransomware Attacks have Entered a Heinous New Phase
With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.
https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/
MI5 Launches New Agency to Tackle State-Backed Attacks
British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.
https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/
Why Cyber Awareness Training is an Ongoing Process
A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.
Threats
Ransomware, Extortion and Destructive Attacks
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)
Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)
CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)
Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs
Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register
Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
Dish customers kept in the dark as ransomware fallout continues | TechCrunch
Cancer patient sues hospital over stolen naked photos • The Register
ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)
Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert
Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)
Universities and colleges cope silently with ransomware attacks | CSO Online
Phishing & Email Based Attacks
Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica
Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)
6 reasons why your anti-phishing strategy isn’t working | CSO Online
Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
How two-step phishing attacks evade detection and what you can do about it - Help Net Security
BEC – Business Email Compromise
Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)
Organizations need to re-examine their approach to BEC protection - Help Net Security
BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)
2FA/MFA
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica
Malware
Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)
Law enforcement seized the website selling the NetWire RAT- - Security Affairs
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)
Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)
Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)
Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)
Mobile
Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)
GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)
Botnets
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Denial of Service/DoS/DDOS
Internet of Things – IoT
Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)
Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)
Data Breaches/Leaks
Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert
Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)
BMW exposes data of clients in Italy, experts warn- - Security Affairs
Acronis states that only one customer's account was compromised- - Security Affairs
Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch
LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
The SVB demise is a fraudster's paradise, so take precautions - Help Net Security
Fighting financial fraud through fusion centers - Help Net Security
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Impersonation Attacks
Deepfakes
AML/CFT/Sanctions
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Dark Web
Supply Chain and Third Parties
Top 10 operational risks: focus on third-party risk - Risk.net
How much of a cyber security risk are my suppliers? (thetimes.co.uk)
Software Supply Chain
We can't wait for SBOMs to be demanded by regulation - Help Net Security
Best practices for securing the software application supply chain - Help Net Security
Cloud/SaaS
Rushed cloud migrations result in escalating technical debt - Help Net Security
CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)
Navigating the future of digital identity - Help Net Security
Encryption
Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Passwords, Credential Stuffing & Brute Force Attacks
Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert
Study: Over 721 million passwords were leaked in 2022 - Neowin
Social Media
UK bans TikTok from government mobile phones | TikTok | The Guardian
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop
Governance, Risk and Compliance
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)
6 principles for building engaged security governance | TechTarget
Models, Frameworks and Standards
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Data Protection
Law Enforcement Action and Take Downs
International authorities bring NetWire's malware infrastructure to a standstill | TechSpot
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Privacy, Surveillance and Mass Monitoring
German states rethink reliance on Palantir technology | Financial Times (ft.com)
Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Artificial Intelligence
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek
How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)
UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News
Why red team exercises for AI should be on a CISO's radar | CSO Online
GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop
UK bans TikTok from government mobile phones | TikTok | The Guardian
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Polish intelligence dismantled a network of Russian spies- Security Affairs
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Nation State Actors
UK bans TikTok from government mobile phones | TikTok | The Guardian
North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop
A new Chinese era: security and control | Financial Times (ft.com)
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
APT29 abuses EU information exchange systems in recent attacks- Security Affairs
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Vulnerabilities
Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)
Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
Microsoft and Fortinet fix bugs under active exploit • The Register
CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)
Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)
Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek
Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)
Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Tools and Controls
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)
Set up PowerShell script block logging for added security | TechTarget
Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
5 Steps to Effective Cloud Detection and Response - The New Stack
Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)
ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)
Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.