Black Arrow Cyber Threat Briefing 26 January 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.

Sources: [Help Net Security] [Security Boulevard]

94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

A recent study found that while 94% of CISOs are concerned with third-party cyber security threats,  including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.

Sources: [Dark Reading]

Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.

Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]

81% of Security Professionals Say Phishing Is Top Threat

A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.

Sources: [ITPro] [Beta News] [Security Magazine]

Ransomware Attacks Cause Significant Psychological Harm

One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.

Sources: [The Record Media] [TechRadar]

Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.

Sources: [ITPro] [Business Wire] [Security Magazine]

NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.

Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]

Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.

One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations;  in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.

Sources: [ITPro] [Help Net Security] [ITPro]

Historic Data Leak Reveals 26 billion Records: Check What is Exposed

In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com

Source: [Security Affairs]

Boardroom Cyber Expertise Comes Under Scrutiny

Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.

Source: [Security Intelligence]

“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.

These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.

Source: [The Currency]

Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.

Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]

Governance, Risk and Compliance

• Treat cyber risk like financial or legal issue, says UK government | Computer Weekly

• New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda - Infosecurity Magazine (infosecurity-magazine.com)

• Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)

• Organisations face devastating financial consequences from cyber attacks (betanews.com)

• Cyber attacks more than doubled in 2023, so why are so many firms still not taking security seriously? | ITPro

• Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)

• Boardroom cyber expertise comes under scrutiny (securityintelligence.com)

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• 10 must-have security tips for digital nomads | Computerworld

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• The cost of cyber crime to reach over $12tn by 2025

• Why cyber attacks mustn’t be kept secret - Help Net Security

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• The best cyber defence needs more than tech - eCampus News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)

• Impact of Ransomware attacks take mental health toll on small business owners, report says (therecord.media)

• UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)

• Britons must 'strengthen defences' against growing threat of AI-assisted ransomware, cyber security chief warns | UK News | Sky News

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Ransomware recovery – the need for speed | TechRadar

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Organisations invest more in data protection but recover less - Help Net Security

• Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)

• Hackers target TeamViewer to try and get access to your company's network | TechRadar

• Ransomware Victims

• Major US, UK Water Companies Hit by Ransomware - SecurityWeek

• Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg

• Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)

• Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)

• loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)

• Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek

• Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)

• Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)

• Cyber attack in Merseyside as 'immediate steps taken' (msn.com)

• Housing association confirms 'cyber security incident' but can't confirm if tenants' data was lost | Shropshire Star

Phishing & Email Based Attacks

• Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks | ITPro

• 81 percent of security pros say phishing is the top threat (betanews.com)

• Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• Organisations need to switch gears in their approach to email security - Help Net Security

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security

• Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

• Is This a Phishing Email? 8 Warning Signs to Look Out For

• PHP-less phishing kits that can run on any website | Netcraft

• New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire

Artificial Intelligence

• AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger

• The near-term impact of AI on the cyber threat - NCSC.GOV.UK

• NCSC: AI to boost nation-states’ malware potency • The Register

• AI’s Efficacy is Limitless in Cyber Crime | MSSP Alert

• Top 4 LLM threats to the enterprise | CSO Online

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Battling Misinformation During Election Season (darkreading.com)

• Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Researchers Map AI Threat Landscape, Risks (darkreading.com)

• Misinformation and irresponsible AI: Experts forecast how technology may shape our near future (techxplore.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• More than 1 in 4 Organisations Banned Use of GenAI Over Privacy and Data Security Risks - New Cisco Study (prnewswire.com)

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

Malware

• NCSC: AI to boost nation-states’ malware potency • The Register

• MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• 'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)

• Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security

• SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Mobile

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)

• New method to safeguard against mobile account takeovers - Help Net Security

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News

Denial of Service/DoS/DDOS

• Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS pressure (therecord.media)

Internet of Things – IoT

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Data Breaches/Leaks

• Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)

• Data of 15 million Trello users scraped and offered for sale - Help Net Security

• Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Healthtech firm's cyber attack victim list keeps growing - Digital Journal

• VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek

• Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)

• loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• The growing threat of data breaches in the age of AI and data privacy | TechRadar

• Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

Organised Crime & Criminal Actors

• Winter is coming and so are the hackers (betanews.com)

• Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’

• Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471

• 'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)

• The cost of cyber crime to reach over $12tn by 2025

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• The sophistication of cyber criminals intensifies with emerging strategies for cashing in or causing chaos - IT Security Guru

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber criminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated (therecord.media)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

Insider Risk and Insider Threats

• Majority of companies not prepared for insider threats (betanews.com)

• Amid Rising Insider Threats, Most Companies are Vulnerable and Lack the Strategies to Protect Themselves, New Research Finds | Business Wire

• Fighting insider threats is tricky but essential work - Help Net Security

Insurance

• Insurance industry responds to evolving risks with innovation and collaboration: Allianz - Reinsurance News

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

Supply Chain and Third Parties

• Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures (darkreading.com)

• From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)

• Bolstering global supply chains: Enhancing resilience, digital logistics, and national security harmony (techuk.org)

• Supply chain security: Responding to emerging cyber threats (techuk.org)

• CISOs' role in identifying tech components and managing supply chains - Help Net Security

• Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)

Cloud/SaaS

• On premises vs. cloud pros and cons, key differences | TechTarget

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Identity and Access Management

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

Encryption

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Passwords, Credential Stuffing & Brute Force Attacks

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• There's no excuse for having a weak password in 2024

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• 88% of organisations use passwords as primary authentication method | Security Magazine

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Social Media

• Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)

• Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

Malvertising

• Intro to Digital Fingerprints: Understanding, Manipulating, and Defending Against Online Tracking | HackerNoon

• Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Regulations, Fines and Legislation

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

• Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update

Models, Frameworks and Standards

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Prioritising CIS Controls for effective cyber security across organisations - Help Net Security

Careers, Working in Cyber and Information Security

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Why we need more continuous hands-on training and fewer cyber security certifications | SC Media (scmagazine.com)

Law Enforcement Action and Take Downs

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

Misinformation, Disinformation and Propaganda

• Battling Misinformation During Election Season (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• NCSC: AI to boost nation-states’ malware potency • The Register

China

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)

• Michael Rogers on China's Cyber Threat - The Wire China

• China’s feared spy agency steps out of the shadows

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

Russia

• Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)

• Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes | ITPro

• Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)

• HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft (engadget.com)

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)

• Massive cyber attack targets Ukrainian online bank (kyivindependent.com)

• Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• Ukrainian energy giant, postal service, transportation agencies hit by cyber attacks (therecord.media)

• Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)

Iran

• Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers (darkreading.com)

• With Iran's cyber attacks on rise since Gaza war, Israel looks to private industry - Al-Monitor: Independent, trusted coverage of the Middle East

North Korea

• North Korea's ScarCruft Attackers Gear Up to Target Cyber Security Pros (darkreading.com)

Vulnerability Management

• 45% of critical CVEs left unpatched in 2023 - Help Net Security

• Patch management: Why firms ignore vulnerabilities at their own risk | ITPro

• What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard

• Security vendors are accused of bending CVE assignment rules • The Register

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The effect of omission bias on vulnerability management - Help Net Security

• 52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)

Vulnerabilities

• Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)

• CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)

• Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)

• Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)

• Chrome 121 ships with security updates and new AI tools - gHacks Tech News

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek

• Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek

• Patch Your Fortra GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin (thehackernews.com)

• Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)

• Security vendors are accused of bending CVE assignment rules • The Register

• Mozilla Releases Security Updates for Thunderbird and Firefox | CISA

• 5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)

• Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)

Tools and Controls

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Ransomware recovery – the need for speed | TechRadar

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Password Manager Statistics 2024 (coolest-gadgets.com)

• How to Shine in Your Next Cyber Security Audit - Security Boulevard

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The 9 best incident response metrics and how to use them | TechTarget

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

• We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

• Emerging trends and strategies in digital forensics - Help Net Security

• Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Reports Published in the Last Week

• Cloudflare Releases 2024 API Security and Management Report (infoq.com)

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Other News

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Threat actors are exploiting web applications - Security Boulevard

• Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru

• Cyber Security Challenges at the World Economic Forum (govtech.com)

• Much-Needed Cyber Security Help for Hospitals May Have Strings Attached | Corporate Counsel (law.com)

• The Threat Landscape Is Always Changing: What to Expect in 2024  | Proofpoint US

• What is Lateral Movement in Cyber Security? - Security Boulevard

• Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine

• US continues to be leading cyber threat target | SC Media (scmagazine.com)

• Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)

• Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)

• Government Security Vulnerabilities Surge By 151%, Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.