Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 09 February 2024
Black Arrow Cyber Threat Intelligence Briefing 09 February 2024:
-Over Half of Companies Experienced Cyber Security Incidents Last Year
-Deepfake Video Conference Costs Business $25 Million
-Watershed Year for Ransomware as Victims Rose by Almost 50% and Payments Hit $1 Billion All-Time High
-Malware-as-a-Service Now the Top Threat to Organisations
-Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances
-Chinese State Hackers Hid in National Infrastructure for at Least 5 Years
-Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor
-Security Leaders, C-Suite Unite to Tackle Cyber Threats
-UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons
-What Does a ‘Cyber Security Culture’ Actually Entail?
-Beyond Checkboxes: Security Compliance as a Business Enabler
-No One in Cyber Security Is Ready for the SolarWinds Prosecution
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Over Half of Companies Experienced Cyber Security Incidents Last Year
According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.
Sources: [Beta News] [Verdict]
Deepfake Video Conference Costs Business $25 Million
There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.
Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]
Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High
Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.
Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]
Malware-as-a-Service Now the Top Threat to Organisations
Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.
Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]
Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances
A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.
Sources: [The FinTech Times] [ Help Net Security]
Chinese State Hackers Hid in National Infrastructure for at Least 5 Years
US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.
Sources: [NTD] [Washington Times]
Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor
Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.
The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.
Sources: [New Electronics] [TechRadar]
Security Leaders, C-Suite Unite to Tackle Cyber Threats
A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.
Source: [Security Boulevard]
UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons
UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.
Source: [The Guardian]
What Does a ‘Cyber Security Culture’ Actually Entail?
Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.
Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.
Source: [ITPro Today]
Beyond Checkboxes: Security Compliance as a Business Enabler
In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.
Source: [Forbes]
No One in Cyber Security Is Ready for the SolarWinds Prosecution
The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.
Source:[Council on Foreign Relations]
Governance, Risk and Compliance
Over half of companies experienced cyber security incidents last year (betanews.com)
Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)
Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard
The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)
Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard
Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)
How CISOs navigate policies and access across enterprises - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The ransomware business is booming, even as enforcers shut down some players - The Verge
Paying ransoms is becoming a cost of doing business for many - Help Net Security
Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget
The hidden cost of ransomware is more painful than many realize | ITPro
Is critical infrastructure prepared for OT ransomware? • The Register
Akira and 8Base are the ransomware gangs to watch in 2024 • The Register
Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)
NCC Group records the most ransomware victims ever in 2023 | TechTarget
US govt ups bounty on Hive ransomware gang members to $15M • The Register
Ransomware Victims
Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)
Blackbaud blasted for failing to prevent customer breaches | Computer Weekly
Lurie Children's Hospital cyber attack forces systems offline • The Register
Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)
California union confirms ransomware attack following LockBit claims (therecord.media)
Another Chicago hospital announces cyber attack (therecord.media)
Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)
Phishing & Email Based Attacks
Fake board meeting nets cyber criminals more than €28m - TechCentral.ie
QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)
Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar
South African Railways Lost Over $1M in Phishing Scam (darkreading.com)
Artificial Intelligence
Fake board meeting nets cyber criminals more than €28m - TechCentral.ie
Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire
Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar
Could a threat actor socially engineer ChatGPT? (securityintelligence.com)
Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)
Malware
Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)
China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)
Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times
Mobile
Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar
Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek
'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)
February 2024 Android security patch here for Pixels - Android Authority
Google fixed an Android critical remote code execution flaw (securityaffairs.com)
Warning from LastPass as fake app found on Apple App Store | Malwarebytes
Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)
Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch
FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch
Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek
'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)
Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)
Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek
Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)
Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)
HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch
Organised Crime & Criminal Actors
Over half of companies experienced cyber security incidents last year (betanews.com)
As-a-Service tools empower criminals with limited tech skills - Help Net Security
Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)
Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)
Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)
US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW
Report: Blocked IP addresses increased by 116.42% | Security Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pig-butchering scams morph into DeFi threats (cointelegraph.com)
Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)
Insider Risk and Insider Threats
Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register
How bias can undermine insider threat monitoring | TechRadar
What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard
Supply Chain and Third Parties
Blackbaud blasted for failing to prevent customer breaches | Computer Weekly
Removing the weakest link: Strengthen the security of your supply chain (techuk.org)
Cloud/SaaS
Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)
Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard
Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing
Identity and Access Management
Encryption
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard
Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)
AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)
Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard
Social Media
Regulations, Fines and Legislation
How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)
No one's happy with latest US cyber incident reporting plan • The Register
2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Combatting Stress In The Cyber Security Industry (forbes.com)
IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)
Law Enforcement Action and Take Downs
Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register
Romance fraudster jailed after conning women out of £300k - BBC News
Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica
US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW
Report: Blocked IP addresses increased by 116.42% | Security Magazine
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)
Nation State Actors
China
Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)
Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com
China's Cyber Attackers Target US and Allied Militaries (newsweek.com)
FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard
Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)
Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD
China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)
Top US venture capitalists invest in China tech for big returns (nypost.com)
Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times
Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg
Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)
Russia
Iran
Designating Iranian Cyber Officials - United States Department of State
Microsoft: Iran is refining its cyber operations | CyberScoop
US sanctions Iranian officials over cyber attacks on water plants - BBC News
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)
Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)
Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)
Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)
Critical vulnerability in Mastodon sparks patching frenzy • The Register
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)
February 2024 Android security patch here for Pixels - Android Authority
Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch
JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)
Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica
Google fixed an Android critical remote code execution flaw (securityaffairs.com)
Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)
QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek
Tools and Controls
What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard
How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)
Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire
Close security gaps with attack path analysis and management | TechTarget
Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard
A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)
Reports Published in the Last Week
Other News
Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac
Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine
Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek
What Will the Future of Cyber Security Bring? - Security Boulevard
Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)
McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)
A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)
Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)
NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly
Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)
We Need Cyber Security in Space to Protect Satellites | Scientific American
Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly
Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly
How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 January 2024
Black Arrow Cyber Threat Intelligence Briefing 05 January 2024:
-A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier
-Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns
-23andMe Tells Victim It’s Their Fault Their Data Was Breached
-Financial Sector Faces More Cyber Attacks Than Other Sectors
-An Innocent-Looking Instagram Trend Could Be a Gift to Hackers
-Cyber Criminals Shared Millions of Stolen Records During Holiday Break
-Law Firm that Handles Data Breaches was Itself Hit by Data Breach
-Nigerian Hacker Arrested for Stealing Millions from Charities
-Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud
-Shadow IT Threatens Corporate Cyber Security, Study Reveals
-Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge
-Putin has Declared a Cyber War on Britain
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier
Spain’s second largest mobile operator, Orange España, suffered a major outage after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the network that delivers the company’s internet traffic. The attacker had posted the account they had compromised, and researchers found that the associated system had been infected with a Raccoon type infostealer back in September of 2023. The compromised account was Orange’s RIPE administrator account, with the password “ripeadmin”. The incident led to a 50% drop in connections for a 4 hour period, and underscores the critical importance of robust cyber security measures, including strong passwords, and serves as a stark reminder that even seemingly minor oversights can lead to significant disruptions.
Source: [Ars Technica]
Russia Kyivstar Hack Should Alarm the West, Ukraine Security Chief Warns
If Ukraine's core telephone network can be taken out, organisations in the West could easily be next, Ukraine's SBU chief says. December's cyber attack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actor ‘Sandworm’ dealt a catastrophic blow to the telecoms provider, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cyber security department. It is believed that although the attack took place in December 2023, the threat actors likely had access to Kyivstar systems since May 2023.
Source: [Dark Reading]
23andMe Tells Victims It’s Their Fault Their Data Was Breached
A cyber incident at DNA data firm 23andMe started with credential stuffing 14,000 user accounts. Credential stuffing is the process by which a malicious actor uses previously harvested usernames and passwords from earlier unrelated breaches to break into other sites and services. Many of the 14,000 accounts had opted-in for a feature whereby information is shared with relatives, which meant that once compromised, attackers had access to 6.9 million users: nearly half of the user base.
Facing over 30 lawsuits from victims, 23andMe is now blaming victims, according to letters seen by victims. 23andMe stated “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe”. This has caused divide in the cyber world; on one side, recycling and failing to update passwords is poor cyber hygiene and on the other hand, there are technical controls that could have better prevented this type of well known and common attack.
Source: [TechCrunch] [The Register]
Financial Sector Faces More Cyber Attacks Than Other Sectors
A recent study found that more than three-quarters (77%) of financial organisations detected an attack on their infrastructures in 2023, compared with around two-thirds (68%) of other sectors. In particular, the study found that financial workers were at a higher than average risk of phishing compared to other workers. Despite their target attractiveness, only three-quarters (73%) of the financial sector respondents said that they have a cyber security policy in place or will do so within the next year. A separate report from Kaspersky stated that the financial sector is poised to experience an influx of artificial intelligence based attacks 2024, adding to the fire.
Sources: [SC Media] [TechRadar ]
An Innocent-Looking Instagram Trend Could Be a Gift to Hackers
A recent trend that has picked up traction at the end of December on social media apps such as Instagram and TikTok, encourages their followers to “get to know them better”. This trend gets people to answer a popular template, freely giving away personal information such as their height, date of birth, and various details that they feel strongly about including favourite food and phobias. While these questions may seem harmless, these sorts of personal details are used by companies for security questions, for example when a person wants to reset their password. Hackers can use this information to easily social engineer victims or impersonate them to get access to their accounts.
Source: [Business Insider]
Cyber Criminals Shared Millions of Stolen Records During Holiday Break
While many people unwind and enjoy their time off during the festive season, cyber criminals remain active. In fact, they leaked approximately 50 million records containing sensitive personal information during this period. These data breaches were not limited to the West; they had a global impact, affecting individuals in various countries such as Peru, Australia, South Africa, and more. It is important to note that not all the data leaks were recent; some appeared to be remnants of older incidents. For instance, some of the leaked data belonged to customers of the credit company Klarna, which was rumoured to have experienced a breach back in 2022, although it was never publicly confirmed. This ‘Free Leaksmas’ event, as it’s been dubbed, underscores the extensive global reach and serious consequences of these cyber criminal activities.
Sources: [Security Affairs] [Dark Reading]
Law Firm that Handles Data Breaches was Itself Hit by Data Breach
Orrick, Herrington & Sutcliffe, a law firm specialising in managing security incidents for other companies, has disclosed more details of the cyber attack it itself experienced in March 2023. The breach compromised the sensitive health and personal information of over 637,000 individuals. The stolen data was linked to client organisations and included the names of individuals alongside their social security numbers, medical details, and financial information. Despite the firm's expertise in cyber security, the attack highlights the pervasive risk of data breaches, even among those who advise on such matters. Orrick's delayed response and subsequent legal settlements underscore the importance of proactive security measures and swift action in the wake of a breach. This incident serves as a stark reminder to all organisations of the need for robust cyber defences and transparent communication strategies in today's digital landscape. The law firm has recently settled in principle to resolve four class action lawsuits that accused Orrick of failing to inform victims of the breach until months after the incident.
Source: [TechCrunch]
Nigerian Hacker Arrested for Stealing Millions from Charities
A Nigerian national, Olusegun Samson Adejorin, has been arrested for charges relating to business email compromise attacks that caused a charitable organisation in the US to lose more than $7.5 million. Adejorin had purchased a credential harvesting tool to steal login credentials, which were used to send emails to the charity’s financial service provider. The emails requested and authorised a transfer of $7.5 million, which the investment services provider believed it was paying to the charity whereas it was paying into a bank account controlled by the attacker.
Source: [Bleeping Computer]
Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud
A cyber criminal gang known as GXC Team has been seen selling an artificial intelligence tool for creating fraudulent invoices. The tool, known as Business Invoice Swapper, scrutinises compromised emails that are fed to it, looking for emails which mention invoices or include invoice attachments. It then alters the details of the intended recipient to details specified by the perpetrator. This altered invoice then either replaces the compromised one, or is sent to a predetermined set of contacts.
Source: [Security Affairs]
Shadow IT Threatens Corporate Cyber Security, Study Reveals
With remote working becoming more and more prevalent, organisations are finding themselves at risk of cyber threats due to what is known as shadow IT; this is any software, hardware or IT resource used without the IT department’s approval, knowledge or oversight. A study by Kaspersky found of the 77% of companies that had suffered from cyber incidents over the past two years, 11% of these were directly caused by the unauthorised use of shadow IT.
Source: [Security Brief]
Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge
In the constantly evolving cyber threat landscape, 2023 has witnessed a notable surge in the use of bots, fraud farms, and cryptojacking. A new report found that 73% of web and app traffic this year has been attributed to malicious bots and fraud farms, indicating a significant shift towards automated cyber attacks. This trend poses a heightened risk to the ecommerce sector, where cyber criminals exploit API connections and third-party dependencies.
Furthermore, the surge in cryptojacking, marked by a 399% increase, reveals a diversifying strategy among cyber criminals, targeting critical infrastructure with sophisticated methods. These developments serve as a crucial reminder for organisations to bolster their cyber defences and adopt a proactive stance against these emerging and increasingly automated threats.
Source: [Help Net Security]
Putin has Declared a Cyber War on Britain
This year over 2 billion people will vote for new governments across the world, and it is crucial to be aware of upcoming threats to these elections from foreign powers. In particular, Russia is notorious for deploying bots, trolls, and deepfakes, which are techniques used to manipulate information and influence public opinion. These malicious actors are adept at spreading misinformation and disinformation, often with the goal of interfering in elections. With the upcoming UK General Election in 2024 and the US Presidential Election also falling this year, it is imperative to exercise caution and discernment when consuming online content. Not everything we see can be taken at face value.
Source: [Telegraph]
Governance, Risk and Compliance
Thoughts for Boards: Key Issues in Corporate Governance for 2024 (harvard.edu)
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security
Navigating the New Age of Cyber Security Enforcement (darkreading.com)
Facts and misconceptions about cyber security budgets - Help Net Security
Budget cuts take a toll on IT decision makers' mental health - Help Net Security
Consumers prepared to ditch brands after cyber security issues - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Firms urged to stop ransomware payments as attacks become “astronomical” (emergingrisks.co.uk)
How ransomware could cripple countries, not just companies (economist.com)
New Black Basta decryptor exploits ransomware flaw to recover files (bleepingcomputer.com)
Sophos reports spike in ransomware groups using remote encryption (securitybrief.co.nz)
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop (securityaffairs.com)
Police locate missing Chinese student who was victim of ‘cyber kidnapping’ (msn.com)
Kai Zhuang: Cyber kidnapping in US illustrates growing crime trend - BBC News
Ban on ransomware payments? The alternative isn't working • The Register
December ransomware attacks disrupt healthcare organisations | TechTarget
Study: Ransomware Is Actually Killing One American Per Month (tech.co)
Zeppelin ransomware source code sold for $500 on hacking forum (bleepingcomputer.com)
Ransomware Victims
Hospitals ask courts to force cloud storage firm to return stolen data (bleepingcomputer.com)
Software Used by Hundreds of Museums Taken Down by Ransomware Attack (pcmag.com)
CTS cyber attack: Disruption to home sales now over - BBC News
Xerox says subsidiary XBS US breached after ransomware gang leaks data (bleepingcomputer.com)
Cyber attackers breach trove of Victoria court recordings • The Register
Estes refuses to pay off ransomware crew, says data stolen • The Register
Phishing & Email Based Attacks
Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)
Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails (thehackernews.com)
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)
Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)
Artificial Intelligence
Cyber Criminals Implemented Artificial Intelligence (AI) for Invoice Fraud (securityaffairs.com)
The Imperative of Cyber Security in the Era of AI (thefastmode.com)
Finance orgs to face increasingly prevalent AI cyber attacks | SC Media (scmagazine.com)
Enterprise cyber security in 2024: The AI play comes to the fore - Verdict
NIST Identifies Types of Cyber Attacks That Manipulate Behaviour of AI Systems | NIST
Use of generative AI in the legal profession accelerating despite accuracy concerns | ITPro
A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless. - POLITICO
CISO Planning for 2024 May Struggle When It Comes to AI (darkreading.com)
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security
AI Is Driving a Silent Cyber Security Arms Race (govtech.com)
Malware
Google accounts may be vulnerable to new hack, changing password won’t help | Cybernews
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts (bleepingcomputer.com)
Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser
Microsoft disables Windows app installation, again • The Register
New Version of Meduza Stealer Released in Dark Web (securityaffairs.com)
Weak password and infostealer blamed for Orange Spain outage • The Register
Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)
Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)
Activity of Rugmi malware loader spikes | SC Media (scmagazine.com)
Kronos Malware Reemerges with Increased Functionality (securityintelligence.com)
Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections (thehackernews.com)
29 malware families target 1,800 banking apps worldwide - Help Net Security
Google password resets not enough to stop this malware • The Register
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)
New Bandook RAT Variant Resurfaces, Targeting Windows Machines (thehackernews.com)
Mobile
Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week
How to prevent hackers from breaking into your Android, stealing bank info (nypost.com)
QR code hacking: How to protect yourself from rogue QR codes (androidpolice.com)
29 malware families target 1,800 banking apps worldwide - Help Net Security
Denial of Service/DoS/DDOS
Internet of Things – IoT
Study Finds IoT Cyber Security Risk Increased 400 Percent Last Year - RFID JOURNAL
4 essential smart home cameras tips to protect your sensitive data
Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)
Data Breaches/Leaks
23andMe tells victims it’s their fault that their data was breached | TechCrunch
Law firm that handles data breaches was hit by data breach | TechCrunch
Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week
Here we go again: 2023’s badly handled data breaches | TechCrunch
Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service - Security Week
Data breach at healthcare tech firm impacts 4.5 million patients (bleepingcomputer.com)
'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)
Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)
Accounting Firm Battling Cyber Security Lawsuit Seeks Dismissal (bloomberglaw.com)
Organised Crime & Criminal Actors
Nigerian hacker arrested for stealing $7.5M from charities (bleepingcomputer.com)
Hackers employ nuanced tactics to evade detection - Help Net Security
The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)
What’s It Like to Be the Victim of Cyber Crimes? (govtech.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)
Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam | Tripwire
Cyber criminals set their sights on crypto markets - Help Net Security
Orbit Chain loses $86 million in the last fintech hack of 2023 (bleepingcomputer.com)
Crypto-crook Sam Bankman-Fried spared a second trial • The Register
Bitconned review — Netflix documentary about a fortune built on brazen lies
Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)
Insurance
Supply Chain and Third Parties
Online museum collections down after cyber attack on service provider (bleepingcomputer.com)
A new framework for third-party risk in the European Union | ITPro
Cloud/SaaS
Identity and Access Management
The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat
Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)
Encryption
Quantum Risks and Rewards: Forward-Defending Cyber Security (govinfosecurity.com)
Saving Schrödinger’s Cat: Getting serious about post-quantum encryption in 2024 - Breaking Defence
Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica
23andMe tells victims it’s their fault that their data was breached | TechCrunch
The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat
Social Media
Instagram Trend Could Be a Gift to Hackers (businessinsider.com)
Cyber Attackers Target Nuclear Waste Company via LinkedIn (darkreading.com)
Cyber Criminals Flood Dark Web with X (Twitter) Gold Accounts (darkreading.com)
Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)
Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack (thehackernews.com)
Malvertising
Regulations, Fines and Legislation
New risk management framework helps with SEC mandate compliance | CSO Online
A new framework for third-party risk in the European Union | ITPro
Navigating the New Age of Cyber Security Enforcement (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Cyber security skills gap poses threat to business protection measures (securitybrief.co.nz)
Many cyber security workers feel burnt out and worry about understaffing | TechRadar
Law Enforcement Action and Take Downs
Police investigate virtual sex assault on girl's avatar - BBC News
The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)
Additional cyber agents to be deployed by FBI | SC Media (scmagazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
BT Miss Deadline to Remove All Huawei Kit from UK Core Network UPDATE - ISPreview UK
Three Chinese balloons float near Taiwanese airbase • The Register
Russia
Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns (darkreading.com)
Russian hackers were inside Ukraine telecoms giant for months – cyber spy chief – Euractiv
Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)
UK exposes Russia for attempted political interference (ukdefencejournal.org.uk)
Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)
Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)
Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)
Massive missile strike disrupts Kyiv's internet and power supply (therecord.media)
The "Tallinn Mechanism" is Designed to Enhance Civilian Cyber Assistance to Ukraine
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)
Iran
Multiple organisations in Iran breached by a mysterious hacker (securityaffairs.com)
Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)
Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online (darkreading.com)
North Korea
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)
Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)
Vulnerability management remains a moving target | SC Media (scmagazine.com)
Vulnerabilities
Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Security Week
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)
Ivanti warns critical EPM bug lets hackers hijack enrolled devices (bleepingcomputer.com)
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover - Security Week
Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)
Qualcomm chip vulnerability enables remote attack by voice call | SC Media (scmagazine.com)
Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)
WordPress Google Fonts Plugin Vulnerability Affects Up To +300,000 Sites (searchenginejournal.com)
January Android Security Bulletin Arrives, So Does Pixel Update (droid-life.com)
Tools and Controls
Why training LLMs with endpoint data will strengthen cyber security | VentureBeat
Cyber security challenges emerge in the wake of API expansion - Help Net Security
Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security Week
Guarding against DDoS attacks during high-traffic periods | CSO Online
8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)
Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)
Other News
IT and OT cyber security: A holistic approach (securityintelligence.com)
The FBI is adding more cyber focused agents to US embassies | CyberScoop
Hackers hit Australian state's court recording database | Reuters
Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)
Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.