Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 23rd June 2023

Black Arrow Cyber Threat Briefing 23 June 2023:

-How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

-Attackers Discovering Exposed Cloud Assets Within Minutes

-Majority of Users Neglect Best Password Practices

-One in Three Workers Susceptible to Phishing

-Ransomware Misconceptions Abound, to the Benefit of Attackers

-Threat Actors Scale and Commoditise Uncommon Tools and Techniques

-Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

-Security Budget Hikes are Missing the Mark, CISOs Say

-Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

-Emerging Ransomware Group 8Base Releasing Data on SMBs Globally

-Cyber Security Industry Still Fighting to Recruit and Retain Talent

-Financial Firms to Build Resilience in Face of Growing Cyber-Threats

-Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Security Industry Still Fighting to Recruit and Retain Talent

Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.

https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/

  • How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.

Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.

https://www.reuters.com/technology/how-moveit-breach-shows-hackers-interest-corporate-file-transfer-tools-2023-06-16/

  • Attackers Discovering Exposed Cloud Assets within Minutes

The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.

https://www.techtarget.com/searchsecurity/news/366542352/Attackers-discovering-exposed-cloud-assets-within-minutes

https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface

  • Majority of Users Neglect Best Password Practices

The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.

https://www.infosecurity-magazine.com/news/users-neglect-best-password/

  • One in Three Workers Susceptible to Phishing

More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.

Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.

https://www.infosecurity-magazine.com/news/one-in-three-phishing/

  • Ransomware Misconceptions Abound, to the Benefit of Attackers

There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.

Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.

https://www.darkreading.com/vulnerabilities-threats/ransomware-misconceptions-abound-to-the-benefit-of-attackers

  • Threat Actors Scale and Commoditise Uncommon Tools and Techniques

Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.

Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.

https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2023-human-factor-report-threat-actors-scale-and-commoditise

  • Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.

https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/

  • Security Budget Hikes are Missing the Mark, CISOs Say

Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.

The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.

https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html

https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/

  • Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.

Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.

https://informationsecuritybuzz.com/understanding-cyber-resilience-building-a-holistic-approach-to-cybersecurity/

  • Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally

A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.

Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.

https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally

  • Financial Firms to Build Resilience in Face of Growing Cyber-Threats

Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.

Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.

https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/

  • Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.

https://www.securityweek.com/fulfilling-expected-sec-requirements-for-cybersecurity-expertise-at-board-level/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Digital Transformation

Regulations, Fines and Legislation

Models, Frameworks and Standards

Secure Disposal

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 April 2023

Black Arrow Cyber Threat Briefing 14 April 2023:

-Almost Half of Former Employees Say Their Passwords Still Work

-Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

-Printers Pose Persistent Yet Overlooked Threat

-Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

-Over 90% of Organisations Find Threat Hunting a Challenge

-75% of Organisations Have Suffered a Cyber Security Breach

-Leak Shows Evolving Russian Cyber War Capabilities

-Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

-When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

-Insider Threat and Ransomware: A Growing Issue

-How LockBit Changed Cyber Security Forever

-Hybrid Work Environments Are Stressing CISOs

-Protect Your Data with a USB Condom

-Strategising Cyber Security: Why a Risk-based Approach is Key

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

  • Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

  • Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

  • Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

  • Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

  • 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

  • 97% of organisations indicated they are experiencing private cloud problems.

  • 75% have experienced a cyber security breach, threat and/or theft of data.

  • 75% said shadow IT “impairs their ability to keep data secure.”

  • 60% allow employees to download sensitive data to their personal devices.

  • 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

  • 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

  • Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

  • Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

  • When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

  • Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

  • How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

  • Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

  • Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

  • Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities



Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 April 2023

Black Arrow Cyber Threat Briefing 07 April 2023:

-15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

-New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

-Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

-IT and Security Pros Pressured to Keep Quiet About Data Breaches

-Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard"

-Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

-MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

-Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

-GCHQ Updates Security Guidance for Boards

-More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

-For Cyber Crime Gangs, Professionnalisation Comes With “Corporate” Headaches

-UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

-Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

-Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.

Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.

https://www.bleepingcomputer.com/news/security/15-million-public-facing-services-vulnerable-to-cisa-kev-flaws/

  • New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.

https://www.itsecurityguru.org/2023/04/03/new-research-highlights-increased-security-risks-posed-by-remote-working-and-bring-your-own-device-policies/

  • Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.

54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.

A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.

https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/

  • IT and Security Pros Pressured to Keep Quiet About Data Breaches

It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.

At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.

52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.

Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.

https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/

  • Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard

Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.

https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard

  • Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.

https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/

  • MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.

When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.

ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.

Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.

https://www.msspalert.com/cybersecurity-research/msps-a-favored-target-of-supply-chain-and-infrastructure-attacks-connectwise-reports/

  • Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

  • GCHQ Updates Security Guidance for Boards

The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.

Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.

https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/

  • More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.

https://www.msspalert.com/cybersecurity-research/splunk-details-increase-in-data-breaches-downtime-due-to-cybersecurity-issues/

  • For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches

Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.

https://www.darkreading.com/vulnerabilities-threats/cybercrime-professionalization-gangs-corporate-headaches

  • UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.

https://www.theguardian.com/technology/2023/apr/03/uks-offensive-hacking-unit-takes-on-military-opponents-and-terrorist-groups

  • Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.

https://www.euronews.com/next/2023/03/31/man-ends-his-life-after-an-ai-chatbot-encouraged-him-to-sacrifice-himself-to-stop-climate-

  • Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress.  Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.

https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors






Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links

Read More