Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Group Targeting MSPs Worldwide in New Campaign

Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.

The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.

Source [Dark Reading]

As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable

Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.

Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.

This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.

Sources [WWD] [InfoSecurity Magazine] [CRN]

Business Email Compromise Attack Costs Far Exceeding Ransomware Losses

Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.

Source [ITPro]

Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible

According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.

A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.

With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.

Sources [Tech Radar] [Makeuseof]

Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations

In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.

Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.

Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]

LinkedIn Suffers Significant Wave of Account Hacks

LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.

With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.

Source [Dark Reading]

High Net-Worth Families are at Risk of Cyber Crime

A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.

A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.

Source [Campdenfb]

Cyber Attack Rule Raises Insurance Risks for Corporate Officers

The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.

Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.

Whilst this is only in the US at the moment, other developed nations are likely to follow suit.

Source [Bloomberg Law]

PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously

The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.

The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.

Source [The Guardian]

The Imperative of Cyber Preparedness: The Power of Tabletop Exercises

Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.

A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.

Source [JDSupra]

Why Are Phones a Cyber Security Weak Spot?

Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.

Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.

Source [Tech Shout]

Governance, Risk and Compliance

• Hedge Fund Cyber security Trends Report says Majority Firms Report a Surge in Cyber Attacks - ITSecurityWire

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• 1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru

• Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• The Imperative of Cyber Preparedness: The Power of Tabletop Exercises | Bradley Arant Boult Cummings LLP - JDSupra

• Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)

• Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• 4 reasons to understand technology risks when buying a business (businessplus.ie)

• What did you say? Boards tackle corporate jargon | Fortune

• Boards Don't Want Security Promises — They Want Action (darkreading.com)

• Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)

• How threats to mid-sized businesses impact us all - Help Net Security

• 7 Reasons People Don't Understand What You Tell Them (darkreading.com)

• 6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Threats

Ransomware, Extortion and Destructive Attacks

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)

• Ransomware Surges With 1500 Confirmed Victims This Year - Infosecurity Magazine (infosecurity-magazine.com)

• 'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)

• As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN

• Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)

• Companies are finding it harder to detect ransomware | TechRadar

• Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)

• Ransomware: To pay or not to pay - Help Net Security

• Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW

• 'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• It's time for companies to double down on cyber security measures as ransomware attacks rise, say experts | CBC News

• Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek

• Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)

• Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the US and IT Integrator in Latin America (databreaches.net)

• Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)

• 3 strategies that can help stop ransomware before it becomes a crisis | CSO Online

• Latitude Financial takes profit hit from major cyber attack | The West Australian

• MOVEit cyber attack ignites worry about retirement plan fiduciary responsibility | Pensions & Investments (pionline.com)

• Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)

• Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)

• HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED

• Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)

• How to Create a Ransomware Incident Response Plan (techtarget.com)

Ransomware Victims

• Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)

• Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)

• Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• LockBit claims seven new victims in ransomware spree (techmonitor.ai)

• Cyber attack strikes Prince George's County schools, district says - The Washington Post

• Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Inside Housing - News - Hackney to procure new IT system after cyber attack

• Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)

• Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)

• Alberta dental benefits administrator hit by cyber attack | Edmonton Sun

Phishing & Email Based Attacks

• Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)

• If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine

• Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)

• Email – The System Running Since 71’ - SecurityWeek

• 3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)

• Most consumers can't spot phishing scams | TechRadar

• Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)

• Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)

• What Is a Blank Image Phishing Scam? (makeuseof.com)

• Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

• Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE

• Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)

• 30% of phishing threats involve newly registered domains - Help Net Security

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)

BEC – Business Email Compromise

• Business email compromise attack costs far exceeding ransomware losses | ITPro

Artificial Intelligence

• Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt

• 66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices - IT Security Guru

• ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)

• AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)

• New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru

• Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine

• Navigating generative AI risks and regulatory challenges - Help Net Security

• Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Top 10 AI Security Risks According to OWASP (trendmicro.com)

• AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)

• Cyber security practitioners' generative AI dilemma (iapp.org)

• People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

2FA/MFA

• How to prevent multifactor authentication fatigue attacks - SiliconANGLE

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

Malware

• Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)

• Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• Malware could be hiding on your Mac thanks to faults in Apple’s Background Task Manager | Tom's Guide (tomsguide.com)

• An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED

• Macs are getting compromised to act as proxy exit nodes - Help Net Security

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealers-Security Affairs

• Malware Dwell Time: Everything You Need to Know (makeuseof.com)

• Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)

• Security Researchers Publish Gigabud Banking Malware Analysis - Infosecurity Magazine (infosecurity-magazine.com)

• Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)

• Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag

• New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

• Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)

• Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | Cyber scoop

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Turns out AI probably isn't very good at writing malware • The Register

• Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)

Mobile

• Why Are Phones A Cyber security Weak Spot? - TechShout

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)

• 3 Mobile or Client-Side Security Myths Debunked (darkreading.com)

• Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)

• Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)

• FBI warns of money-stealing fake beta-release mobile apps • The Register

• Three reasons why your smartphone needs security protection (securitybrief.co.nz)

• Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)

• This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch

Botnets

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)

Denial of Service/DoS/DDOS

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (therecord.media)

Internet of Things – IoT

• Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)

• Is YOUR electric car vulnerable to hackers? How cyber criminals could steal personal data because of weak security at charging hubs and 'flaws' in vehicles' outdated software | Daily Mail Online

• Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)

Data Breaches/Leaks

• Electoral Commission had unpatched vulnerability on server • The Register

• PSNI and UK voter breaches show data security should be taken more seriously | Data and computer security | The Guardian

• UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)

• UK govt contractor MPD FM leaks employee passport data-Security Affairs

• Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)

• PSNI: Leaked Data Will be Used to Target Police Officers - Infosecurity Magazine (infosecurity-magazine.com)

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Over 100 Court Service agency workers warned of payslip security breach after cyber attack | BelfastTelegraph.co.uk

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• Alberta Dental Services Security Breach Exposes 1.47M Records - Infosecurity Magazine (infosecurity-magazine.com)

• The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)

• Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Man arrested in Northern Ireland police data leak • The Register

• teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company

• Here’s what you need to do after your personal data is breached (telegraph.co.uk)

Organised Crime & Criminal Actors

• Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)

• Cyber security researchers become target of criminal hackers | Financial Times (ft.com)

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealersSecurity Affairs

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

• File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• Web3 projects suffered from forty-two exploits within a week (coinpaper.com)

Insider Risk and Insider Threats

• The Data Behind Human Cyber Risk - GovInfoSecurity

Fraud, Scams & Financial Crime

• A Third of UK University Students Targeted By Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)

• “Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)

• Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)

• The road ahead for ecommerce fraud prevention - Help Net Security

• A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED

Insurance

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

Dark Web

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

Supply Chain and Third Parties

• Building Cyber security into the supply chain is essential as threats mount (att.com)

• Why the public sector still loves Capita (even though it got hacked) - Tech Monitor

• How to Ensure Cyber Resilience Across the Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)

• PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)

Software Supply Chain

• Study reveals staggering cost of vulnerable software supply chains - Plant & Works Engineering (pwemag.co.uk)

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

Cloud/SaaS

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing

• Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

Containers

• Kubernetes clusters face widespread attacks across numerous organisations - Help Net Security

Encryption

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• WhatsApp is right to be angry about the UK’s encryption mess | The Spectator

• Google adds post-quantum encryption key protection to Chrome • The Register

API

• The Evolution of API: From Commerce to Cloud-Security Affairs

• How financial services cyber regulations are hotting up for API security (betanews.com)

Open Source

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

• Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 6 best practices to defend against corporate account takeover attacks | CSO Online

• What's the State of Credential theft in 2023? (thehackernews.com)

• Building a secure future without traditional passwords - Help Net Security

• Are browser-stored passwords secure? | Kaspersky official blog

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

Social Media

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

Malvertising

• Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser

• Malvertisers up their game against researchers (malwarebytes.com)

Training, Education and Awareness

• Tips on employee cyber security training, risks and how to manage them - Albany Business Review (bizjournals.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Sextortion suspects on trial after one victim dies • The Register

• Digital Safety Advice is Not Getting Through to Women - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Navigating generative AI risks and regulatory challenges - Help Net Security

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra

• Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)

• How do we define “cyber worker”? The SEC’s rationale behind its new cyberincident disclosure rule. (thecyberwire.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• How financial services cyber regulations are hotting up for API security (betanews.com)

• A closer look at the new TSA oil and gas pipeline regulations - Help Net Security

• New York’s Department of Financial Services Moves to Further Bolster Cyber security Requirements | Jackson Lewis P.C. - JDSupra

Models, Frameworks and Standards

• Center for Internet Security announces secretive Microsoft partnership | StateScoop

• What's New in the NIST Cyber security Framework 2.0 (darkreading.com)

Data Protection

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Careers, Working in Cyber and Information Security

• 650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)

• Effectively upskilling cyber security professionals to help close the skills gap | CSO Online

• How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE

• Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)

• Vietnam admits massive shortage of infosec pros • The Register

• Heavy workloads driving IT professionals to resign - Help Net Security

• ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)

Law Enforcement Action and Take Downs

• Polish police arrest five in swoop on Cyber Crime site - TVN24

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Sextortion suspects on trial after one victim dies • The Register

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)

• Man arrested in Northern Ireland police data leak • The Register

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

Misinformation, Disinformation and Propaganda

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Foreign Office cyber attacks may have risked safety of civil servants and UK's allies, Tory MPs say (inews.co.uk)

• APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs

• Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)

• Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)

• Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Suspected spies for Russia held in major UK security investigation - BBC News

• Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian

China

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (thehackernews.com)

• DHS to Review Microsoft’s Security in Chinese Email Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)

• New Zealand says it is aware of China-linked intelligence activity in country | Reuters

• China teases imminent exposé of seismic US spying scheme • The Register

• Wide-ranging cyberespionage campaign by China's Ministry of State Security. Vulnerabilities in CPUs. MacOS threat trends. (thecyberwire.com)

• Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)

• 15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan

• China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says (therecord.media)

• US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch

• China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons (thehackernews.com)

Iran

• German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)

• Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)

• Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)

North Korea

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

Misc/Other/Unknown

• APTs use of lesser-known TTPs are no less of a headache - Help Net Security

Vulnerability Management

• Electoral Commission had unpatched vulnerability on server • The Register

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

Vulnerabilities

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)

• Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)

• Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations (thehackernews.com)

• Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)

• Magento shopping cart attack targets critical vulnerability • The Register

• New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)

• Data centers at risk due to flaws in power management software | CyberScoop

• Bugs in transportation app Moovit gave hackers free rides | TechCrunch

• Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability (thehackernews.com)

• Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News

• Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)

• AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar

• Windows 11 update install failures are reportedly happening again – and it’s breaking the built-in antivirus | TechRadar

• Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro

• Multiple Flaws Found in the Avada WordPress Theme and Plugin - Infosecurity Magazine (infosecurity-magazine.com)

• Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica

Tools and Controls

• What is Cyber security Monitoring? - MSSP Alert

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• AI-powered fraud detection: Strengthening security in fintech | The Financial Express

• Microsoft Teams Rooms on Windows to enhance security with meeting ID and passcode requirement - OnMSFT.com

• MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)

• Evaluate the risks and benefits of AI in cyber security | TechTarget

• How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)

• Lock Down APIs to Prevent Breaches (darkreading.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• Building a secure future without traditional passwords - Help Net Security

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• SEC cyber security rules shape the future of incident management - Help Net Security

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam

• SASE and requirements of business | Professional Security

• Why You Need Continuous Network Monitoring? (thehackernews.com)

• CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Other News

• Cyber attacks against the UK Electoral Commission reveal an ongoing threat to democracy (techxplore.com)

• Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News

• Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)

• Government highlights cyber threat to health and social care | UKAuthority

• Why is the Education Sector a Target for Cyber Attacks? | UpGuard

• Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard

• What would an OT cyber attack really cost your organisation? | CSO Online

• Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)

• Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)

• Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)

• Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)

• Documentary shines spotlight on a central bank heist and threats from cyber criminals - BNN Bloomberg

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

• Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

• SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

• IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

• Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

• Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

• Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

• Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

• Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

• Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Governance, Risk and Compliance

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)

• Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times

• Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)

• Cyber Defence: Council conclusions stress the importance of further strengthening the EU resilience to face cyber threats - Consilium (europa.eu)

• 5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)

• Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek

• The biggest threats are always those we fail to predict - Big Think

• How continuous security monitoring is changing the compliance game - Help Net Security

• Forrester predicts 2023's top cyber security threats: From generative AI to geopolitical tensions | VentureBeat

• 50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy - Infosecurity Magazine (infosecurity-magazine.com)

• Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)

Threats

Ransomware, Extortion and Destructive Attacks

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Backup Repositories Targeted in 93% of Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)

• FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs

• Fortinet survey finds 78% of organisations felt prepared for ransomware attacks, yet half still fell victim | ITWeb

• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)

• Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims

• Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget

• The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)

• US saw 45% fewer ransomware victims posted on the dark web | Security Magazine

• BlackCat ransomware takes control of protected computers via new kernel driver | SC Media (scmagazine.com)

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)

• Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)

Ransomware Victims

• Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek

• Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million - Security Affairs

• Iowa hospital discloses breach following Royal ransomware leak | TechTarget

• Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)

• Mazars Group allegedly breached by BlackCat | Cybernews

• Dish Network says February ransomware attack impacted +300K - Security Affairs

• Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register

• Dorchester school IT system held to ransom in cyber attack - BBC News

• BlackByte lists city of Augusta after cyber 'incident' • The Register

Phishing & Email Based Attacks

• Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)

• Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• Threat actors exploit new channels for advanced phishing attacks - Help Net Security

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Phishing campaign targets ChatGPT users - Help Net Security

BEC – Business Email Compromise

• Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog

• Microsoft reports jump in business email compromise activity | CSO Online

• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool (darkreading.com)

Artificial Intelligence

• Employees are banned from using ChatGPT at these companies | Fortune

• When the tech boys start asking for new regulations, you know something’s up | John Naughton | The Guardian

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• 6 ChatGPT risks for legal and compliance leaders - Help Net Security

• 5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

• How to avoid shadow AI in your SOC - Help Net Security

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets ChatGPT users - Help Net Security

• The Security Hole at the Heart of ChatGPT and Bing | WIRED UK

2FA/MFA

• Cyber criminals masquerading as MFA vendors - Help Net Security

Malware

• New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)

• Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)

• Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Threat actors leverage kernel drivers in new attacks | TechTarget

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Google Unveils Bug Bounty Program For Android Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Botnets

• How smart bots are infecting and exploiting the internet - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Denial of Service/DoS/DDOS

• Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry (thehackernews.com)

Internet of Things – IoT

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• How Connected Car Cyber Risk will Evolve (trendmicro.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

Data Breaches/Leaks

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)

• Hackers steal the SSN of nearly 6 million people (pandasecurity.com)

• Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek

Organised Crime & Criminal Actors

• Inside the Mind of a Cyber Attacker | Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know

• IT employee piggybacked on cyber attack for personal gain - Help Net Security

• Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• Cyber criminals masquerading as MFA vendors - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

Insider Risk and Insider Threats

• How to prevent against the 5 main types of insider threats - IT Security Guru

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)

• Uncle Sam tries to wrangle 'money mules' • The Register

• Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Ads for lucrative jobs in Asia may be tech slavery scams • The Register

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Banking, tech and telecoms groups combine to gather intelligence on scammers | Financial Times (ft.com)

Supply Chain and Third Parties

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC

Software Supply Chain

• GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)

Cloud/SaaS

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)

Attack Surface Management

• The Need to Isolate Branch Offices in High-Risk Countries (darkreading.com)

Identity and Access Management

• 7 access management challenges during M&A - Help Net Security

• Think security first when switching from traditional Active Directory to Azure AD | CSO Online

Encryption

• Quantum attack would trigger Great Depression, think tank warns | SC Media (scmagazine.com)

API

• API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• What is API Security? | Definition from TechTarget

• The fragmented nature of API security ownership - Help Net Security

Open Source

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inactive accounts pose significant account takeover security risks | CSO Online

• What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)

• Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)

Biometrics

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Social Media

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

Training, Education and Awareness

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Realistic simulations are transforming cyber security training - Help Net Security

Travel

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Four ways your devices can be hacked in hotels and how to stay safe | This is Money

• Tips to Protect Against Holiday and Airline Scams - IT Security Guru

Parental Controls and Child Safety

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Regulations, Fines and Legislation

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

Models, Frameworks and Standards

• NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)

• New security model launched to eliminate 95% of cyber breaches - IT Security Guru

Backup and Recovery

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

Data Protection

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How to become a bug bounty hunter: Getting started | TechTarget

Law Enforcement Action and Take Downs

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

Privacy, Surveillance and Mass Monitoring

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• UK police to 'embed' facial recog but oversight is at risk • The Register

• Abuse of government spying powers: What's to worry about? • The Register

• Reflections on Ten Years Past The Snowden Revelations (ietf.org)

Misinformation, Disinformation and Propaganda

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Opinion: Cyber war and (no) peace (insuranceinsider.com)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• What’s Russia Planning? (informationsecuritybuzz.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• What’s Russia Planning? (informationsecuritybuzz.com)

• United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Nation State Actors

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)

• SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• GoldenJackal: Threat Risk For Organisations In Middle East & South Asia (informationsecuritybuzz.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (thehackernews.com)

• Fata Morgana Watering Hole Attack Targets Shipping, Logistics Firms - Infosecurity Magazine (infosecurity-magazine.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• Five Eyes and Microsoft accuse China US infrastructure raids • The Register

• Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security

• Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)

• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)

Vulnerability Management

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Fresh perspectives needed to manage growing vulnerabilities - Help Net Security

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• How to check for new exploits in real time? VulnCheck has an answer | CSO Online

Vulnerabilities

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites (searchenginejournal.com)

• Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)

• Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)

• Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)

• Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)

• GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)

• 83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)

• CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs

• Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security

• Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Tools and Controls

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• CMOs & CISOs: Uniting for Stronger Brands (cmswire.com)

• Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• How continuous security monitoring is changing the compliance game - Help Net Security

• Blacklist untrustworthy apps that peek behind your firewall - Help Net Security

• How generative AI is reshaping the identity verification landscape - Help Net Security

• What is API Security? | Definition from TechTarget

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• The fragmented nature of API security ownership - Help Net Security

• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)

• Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• 6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Attributes of a mature cyber-threat intelligence program | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

• 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

• Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

• Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

• AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

• Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

• Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

• BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

• CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

• UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

• Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks

Threats

Ransomware, Extortion and Destructive Attacks

• Make them pay: Hackers devise new tactics to ensure ransomware payment | CSO Online

• Ransomware gangs display ruthless extortion tactics in April | TechTarget

• Our appetite for data increases the risk of being held to ransom (thetimes.co.uk)

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows - MSSP Alert

• Ransomware review: May 2023 (malwarebytes.com)

• Ransomware Attacks Adapt With New Techniques: Kaspersky Report - Infosecurity Magazine (infosecurity-magazine.com)

• The new ransomware strain is picking off big businesses one by one - and yours could be next | TechRadar

• Refined methodologies of ransomware attacks - Help Net Security

• Ranking ransomware: The gangs, the malware and the ever-present risks | CyberScoop

• Ransomware Encryption Rates Reach New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (therecord.media)

• Royal ransomware gang quickly expands reign | SC Media (scmagazine.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• Ransomware attack confirmed at Rochester Public Schools, FBI alerted - Bring Me The News

• Constellation Struck By Ransomware Attack, ALPHV Lays Claim (informationsecuritybuzz.com)

• New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (thehackernews.com)

• New Akira Ransomware Operation Hits Corporate Networks | Black Hat Ethical Hacking

• Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (bleepingcomputer.com)

• $1.1M Paid to Resolve Ransomware Attack on California County - SecurityWeek

• Western Digital store offline due to March breach - Help Net Security

• Western Digital Confirms Ransomware Group Stole Customer Information - SecurityWeek

• Former Conti members are behind latest Royal ransomware hacking spree, report finds (axios.com)

• Hackers Contacted Dragos CEO’s Son, Wife in Extortion Attempt - Bloomberg

• Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs (darkreading.com)

• Australian software giant won’t say if customers affected by hack | TechCrunch

• Multinational tech firm ABB hit by Black Basta ransomware attack (bleepingcomputer.com)

• Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band's songs -Security Affairs

Phishing & Email Based Attacks

• Q1 Cofense Phishing Intelligence Report - Cofense

• "Greatness" Phishing Tool Exploits Microsoft 365 Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• This dangerous phishing attack is targeting Microsoft users everywhere, so be on your guard | TechRadar

• Gmail gets blue verification checks to protect against spoofing and phishing | ZDNET

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

BEC – Business Email Compromise

• Exploring the Rise of Israel-Based BEC Attacks | Abnormal (abnormalsecurity.com)

2FA/MFA

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

Malware

• Chrome users, stay alert: Malware may be just one click away - gHacks Tech News

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• Millions of mobile phones come pre-infected with malware • The Register

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fake system update drops Aurora stealer via Invalid Printer loader (malwarebytes.com)

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Mobile

• Millions of mobile phones come pre-infected with malware • The Register

• Mobile hacking and spyware – understanding the risks - TechHQ

• Google Announces New Privacy, Safety, and Security Features Across Its Services (thehackernews.com)

• Google Improves Android Security With New APIs - SecurityWeek

• New Android FluHorse malware steals your passwords, 2FA codes (bleepingcomputer.com)

• Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads (thehackernews.com)

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

Botnets

• Bad Bots Now Account For 30% of All Internet Traffic - Infosecurity Magazine (infosecurity-magazine.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Internet of Things – IoT

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

Data Breaches/Leaks

• Security researcher finds trove of Capita data exposed online | TechCrunch

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• Why the 'Why' of a Data Breach Matters (darkreading.com)

• OpenAI confirms ChatGPT data breach (cshub.com)

• Western Digital says hackers stole customer data in March cyber attack (bleepingcomputer.com)

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

• Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable | Tom's Hardware(tomshardware.com)

• 1 Million Impacted by Data Breach at NextGen Healthcare - SecurityWeek

• Twitter admits 'security incident' broke Circle privacy • The Register

• Food distribution giant Sysco warns of data breach after cyber attack (bleepingcomputer.com)

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• Brightly warns of SchoolDude data breach exposing credentials (bleepingcomputer.com)

• Simplify data hack cost the firm almost £7m - Property Industry Eye

Organised Crime & Criminal Actors

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• How hackers are recruiting on the dark web (thetimes.co.uk)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Briton pleads guilty in US to 2020 Twitter hack - BBC News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison - SecurityWeek

• UK cops score another legal win in EncroChat spying case • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Exploit Hardware Wallet to Steal Almost $30,000 - Infosecurity Magazine (infosecurity-magazine.com)

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Insider Risk and Insider Threats

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

Fraud, Scams & Financial Crime

• Banks warn of big increase in online scams - BBC News

• Fraud victims risk more than money - Help Net Security

• Five Things Scammers Are Hoping You Google (lifehacker.com)

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

• QR codes used in fake parking tickets, surveys to steal your money (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

Insurance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• Court Rules in Favour of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyber attack - SecurityWeek

Dark Web

• How hackers are recruiting on the dark web (thetimes.co.uk)

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

Supply Chain and Third Parties

• Security researcher finds trove of Capita data exposed online | TechCrunch

• Cyber hack to cost UK outsourcer Capita up to $25 mln | Reuters

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

Software Supply Chain

• The SBOM Bombshell - SecurityWeek

• 5 SBOM tools to start securing the software supply chain | TechTarget

Cloud/SaaS

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• How to reduce risk with cloud attack surface management | TechTarget

• ENISA leans into EU clouds with draft cyber security label • The Register

Hybrid/Remote Working

• 8 habits of highly-secure remote workers | ZDNET

Attack Surface Management

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Identity and Access Management

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

• Review your on-prem ADCS infrastructure before attackers do it for you | CSO Online

• Why the FTX Collapse Was an Identity Problem (darkreading.com)

Asset Management

• CISOs confront mounting obstacles in tracking cyber assets - Help Net Security

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Encryption

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

API

• Google Improves Android Security With New APIs - SecurityWeek

Open Source

• India bans open source messaging apps on security grounds • The Register

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 83% of Americans’ Passwords Can Be Hacked in Less Than a Second, Study Shows (thedailybeast.com)

• Top 5 Password Cracking Techniques Used by Hackers (bleepingcomputer.com)

Social Media

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Parental Controls and Child Safety

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• AI needs superintelligent regulation | Financial Times

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• India bans open source messaging apps on security grounds • The Register

• PEGA committee calls for EU level regulation of spyware • The Register

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

• ENISA leans into EU clouds with draft cyber security label • The Register

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

Governance, Risk and Compliance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Company executives can't afford to ignore cyber security anymore - Help Net Security

• Majority of US, UK CISOs unable to protect company 'secrets': Report | CSO Online

• Small- and medium-sized businesses: don’t give up on cyber security | CSO Online

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cyber security in Business Success (darkreading.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Why more transparency around cyber attacks is good for everyone - NCSC

• CISOs face mounting pressures, expectations post-pandemic | TechTarget

• CISOs' confidence in post-pandemic security landscape fades - Help Net Security

• This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT - SecurityWeek

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

• Key Trends and Insights from RSAC 2023 (trendmicro.com)

• NCSC and ICO Dispel Incident Reporting Myths - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• ENISA leans into EU clouds with draft cyber security label • The Register

Data Protection

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

Careers, Working in Cyber and Information Security

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• 7 ways to mitigate CISO liability and risk | TechTarget

• Google Launches New Cyber security Analyst Training Program - SecurityWeek

Law Enforcement Action and Take Downs

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Briton pleads guilty to hacking stars' Twitter accounts to steal Bitcoin | Science & Tech News | Sky News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• UK cops score another legal win in EncroChat spying case • The Register

Privacy, Surveillance and Mass Monitoring

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Artificial Intelligence

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Top US cyber official warns AI may be the 'most powerful weapon of our time' | CyberScoop

• ‘A race it might be impossible to stop’: how worried should we be about AI? | Artificial intelligence (AI) | The Guardian

• OpenAI confirms ChatGPT data breach (cshub.com)

• AI needs superintelligent regulation | Financial Times

• Amazon Is Being Flooded With Books Entirely Written by AI (futurism.com)

• Your voice could be your biggest vulnerability - Help Net Security

• The security and privacy risks of large language models - Help Net Security

• Rethinking democracy for the age of AI | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NCSC and allies expose Snake malware threat - NCSC.GOV.UK

• It’s being called Russia's most sophisticated cyber espionage tool. What is Snake, and why is it so dangerous? (theconversation.com)

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Mobile hacking and spyware – understanding the risks - TechHQ

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• PEGA committee calls for EU level regulation of spyware • The Register

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• How one of Vladimir Putin’s most prized hacking units got pwned by the FBI | Ars Technica

Nation State Actors

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries - Infosecurity Magazine (infosecurity-magazine.com)

• Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon (theconversation.com)

• Microsoft warns Iran increasing its cyber-enabled influence operations | SC Media (scmagazine.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• LinkedIn shuts service in China, lays off employees | Fortune

• Microsoft: Iranian hacking groups join Papercut attack spree (bleepingcomputer.com)

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Beijing raids consultancy firm Capvision, promises more • The Register

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry (thehackernews.com)

• SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack (darkreading.com)

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA

Vulnerability Management

• The Problem of Old Vulnerabilities — and What to Do About It (darkreading.com)

Vulnerabilities

• Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug (thehackernews.com)

• Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) - Help Net Security

• Microsoft warns of two bugs under active exploit • The Register

• Light May Patch Tuesday will weigh heavily on Windows admins | TechTarget

• New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyber attacks (thehackernews.com)

• Fortinet fixed two severe issues in FortiADC and FortiOS-Security Affairs

• Azure API Management flaws highlight server-side request forgery risks in API development | CSO Online

• New PaperCut RCE exploit created that bypasses existing detections (bleepingcomputer.com)

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• Adobe Patches 14 Vulnerabilities in Substance 3D Painter - SecurityWeek

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• CyberGhost VPN patches command injection vulnerability | SC Media (scmagazine.com)

• A Linux NetFilter kernel flaw allows escalating privileges to 'root'-Security Affairs

• SAP Patches Critical Vulnerabilities With May 2023 Security Updates - SecurityWeek

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet-Security Affairs

Tools and Controls

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Identifying Compromised Data Can Be a Logistical Nightmare (darkreading.com)

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent attackers from using legitimate tools against you - Help Net Security

• Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts (thehackernews.com)

• How to implement principle of least privilege in Azure AD | TechTarget

• How to start handling Azure network security | TechTarget

• What is Digital Forensics? Tools, Types, Phases & History (cybersecuritynews.com)

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

• AI Will Take Many Cyber security Jobs, But It's Not a Complete Disaster | PCMag

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

• 5 SBOM tools to start securing the software supply chain | TechTarget

• The Industrywide Consequences of Making Security Products Inaccessible (darkreading.com)

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

Reports Published in the Last Week

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• Q1 Cofense Phishing Intelligence Report - Cofense

• 2023 AT&T Cyber security Insights Report: Edge Ecosystem (darkreading.com)

• 2023 Voice of the CISO | Proofpoint UK

Other News

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Why Should You Take IT Security Seriously? - IT Security Guru

• To enable ethical hackers, a law reform is needed - Help Net Security

• How datacentre operators can fend off cyber attacks | Computer Weekly

• US Advances Cyber Defences Since Colonial Pipeline Attack But More Work Remains, CISA Director Says - MSSP Alert

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

• 'Windows for Gamers' Rolls Dice With Your Security (vice.com)

• Risk of cyber attack is main Eurovision worry, says BBC executive | Eurovision 2023 | The Guardian

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Boards Need Better Conversations About Cyber Security

In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.

Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.

As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.

https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

• Uber’s Ex-Security Chief Sentenced for Security Breach

Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.

The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.

https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347

• Global Cyber Attacks Rise by 7% in Q1 2023

Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.

The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.

https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/

• Three-Quarters of Firms Predict a Breach in the Coming Year

Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.

While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.

Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.

https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/

• The Costly Threat That Many Businesses Fail to Address

Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.

Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.

Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.

https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/

• European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.

Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.

Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.

https://www.itsecurityguru.org/2023/05/03/european-data-at-risk-with-tick-box-gdpr-compliance-and-high-cyberattack-volumes

• Understanding Cyber Threat Intelligence for Business Security

Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.

Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.

https://www.forbes.com/sites/forbestechcouncil/2023/05/04/understanding-cyber-threat-intelligence-for-business-security

• Hackers Are Finding Ways to Evade Latest Cyber Security Tools

As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.

Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.

https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html

• Study Shows a 27% Spike in Publicly Known Ransomware Victims

A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.

The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.

https://www.msspalert.com/cybersecurity-news/guidepoint-study-shows-a-27-spike-in-public-ransomware-victims/

• Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).

Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.

https://www.theregister.com/2023/05/02/data_breach_costs_rise/

• Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.

https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/

• 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.

• Recognise that priorities have evolved.

• Understand that security burdens have changed.

• Understand why, despite best efforts, criminals are still successful.

• Evaluate the ways in which you are protecting your most vulnerable data.

https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2023/05/02/4-ways-leaders-should-reevaluate-their-cybersecuritys-focus/

Threats

Ransomware, Extortion and Destructive Attacks

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• Merck's $1.4B NotPetya insurance payout upheld by court • The Register

• GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert

• Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)

• The Tragic Fallout From a School District’s Ransomware Breach | WIRED

• Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)

• ‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

• BlackCat group releases screenshots of stolen Western Digital data | CSO Online

• Ransomware Attack Affects Dallas Police, Court Websites – Security Week

• Studies show ransomware has already caused patient deaths | TechTarget

• Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)

• Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch

• Ransomware Attack Disrupts IT Network at Hardenhuish School - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)

• Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)

• Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette

• Bitmarck Halts Operations Due to Cyber security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom

Phishing & Email Based Attacks

• Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)

• A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Crooks show they don't need ChatGPT to scam victims • The Register

Malware

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Security experts are using malware's own code to protect potential victims | TechSpot

• New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)

• How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)

• Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)

• Anatomy of a Malicious Package Attack (darkreading.com)

Mobile

• Android Apps Fail to Protect User Data During Device Transfer - Infosecurity Magazine (infosecurity-magazine.com)

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Google fought a mountain of malware in 2022 | Android Central

• Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)

• Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

Botnets

• Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security

• Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert

Denial of Service/DoS/DDOS

• What’s the Difference Between a DOS and DDoS Attack? (howtogeek.com)

Internet of Things – IoT

• Top 5 IoT Security Risks In 2023 - The Cyber Express

• Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

• Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)

Data Breaches/Leaks

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attack sparks fears that criminals could target UK gun owners for firearms | Cyber crime | The Guardian

• UK Gun Owners May Be Targeted After Rifle Association Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi

• T-Mobile suffered the second data breach in 2023 - Security Affairs

• Sensitive data is being leaked from servers running Salesforce software | Ars Technica

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• Sensitive files about Royal Navy submarine reportedly found in pub toilet | Royal Navy | The Guardian

• Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

Organised Crime & Criminal Actors

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market-Security Affairs

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Man Gets Four Years for Stealing Bitcoin Seized by Feds - Infosecurity Magazine (infosecurity-magazine.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• Hackers stole $93M from crypto projects in April (cryptoslate.com)

Insider Risk and Insider Threats

• The costly threat that many businesses fail to address - Help Net Security

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

Fraud, Scams & Financial Crime

• Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)

• Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security

• UK to ban all cold calls selling financial products - BBC News

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

• UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)

• National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)

• Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian

AML/CFT/Sanctions

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

Dark Web

• Why the Things You Don't Know about the Dark Web May Be Your Biggest Cyber security Threat (thehackernews.com)

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Supply Chain and Third Parties

• How to keep calm and carry on in a supply chain attack • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED

• DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED

• Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)

Cloud/SaaS

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Cloud security threats are growing faster than ever | TechRadar

Hybrid/Remote Working

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• White House seeks information on tools used for automated employee surveillance | Computerworld

Attack Surface Management

• Reigning in ‘Out-of-Control’ Devices – Security Week

Encryption

• The UK’s online safety bill will not keep us safe | Financial Times (ft.com)

API

• Report shows 92% of orgs experienced an API security incident last year | VentureBeat

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• OpenAI Threatens Popular GitHub Project With Lawsuit Over API Use | Tom's Hardware (tomshardware.com)

• 5 API security best practices you must implement - Help Net Security

• Enterprise Strategy Group Research Reveals 75% of Organisations Change or Update APIs on a Daily or Weekly Basis (darkreading.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

Open Source

• Unpaid open source maintainers struggle with increased security demands - Help Net Security

• Anatomy of a Malicious Package Attack (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Your passwords could be cracked using thermal cameras powered by AI | TechRadar

• Your Google Account is getting rid of its password (androidpolice.com)

• PSA. Don’t share your password in your app’s release notes • Graham Cluley

Social Media

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

• Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Malvertising

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads (thehackernews.com)

Regulations, Fines and Legislation

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• UK readers may lose access to Wikipedia amid online safety bill requirements | UK news | The Guardian

• White House unveils AI rules to address safety and privacy | Computerworld

Governance, Risk and Compliance

• Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)

• Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• There’s No Silver Bullet for Cyber security (hbr.org)

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Boards Are Having the Wrong Conversations About Cyber security (hbr.org)

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)

• Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert

• Why Your Detection-First Security Approach Isn't Working (thehackernews.com)

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

• What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)

• 4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)

• Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)

• Malicious content lurks all over the web - Help Net Security

• Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)

• Closing up holes: Infoseccers on being less reactive • The Register

• Organisations brace for cyber attacks despite improved preparedness - Help Net Security

• Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)

• Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)

Secure Disposal

• Your decommissioned routers could be a security disaster | Network World

Careers, Working in Cyber and Information Security

• The importance of being certified • The Register

• UK Cyber Security Council launches certification mapping tool - Help Net Security

• DHS’ cyber talent management system slowly gaining traction | Federal News Network

• The warning signs for security analyst burnout and ways to prevent - Help Net Security

• Google Launches Cyber security Career Certificate Program (darkreading.com)

Law Enforcement Action and Take Downs

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET

• White House seeks information on tools used for automated employee surveillance | Computerworld

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Artificial Intelligence

• 5 ways threat actors can use ChatGPT to enhance attacks | CSO Online

• Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)

• AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)

• Microsoft’s chief economist says A.I. can be dangerous | Fortune

• It's time to harden AI and ML for cyber security | TechTarget

• Stop using generative-AI tools, Samsung orders staff | Digital Trends

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• How AI is reshaping the cyber security landscape - Help Net Security

• White House unveils AI rules to address safety and privacy | Computerworld

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Misinformation, Disinformation and Propaganda

• Is misinformation the newest malware? | CSO Online

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)

• Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek

• Cat and mouse game: Russian satellite appears to chase US military satellite in space (firstpost.com)

• Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs

• Russia’s APT28 targets Ukraine with bogus Windows updates • The Register

• Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)

• Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

Nation State Actors

• APT groups muddying the waters for MSPs | WeLiveSecurity

• China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert

• Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek

• China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)

• 'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)

• APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)

• APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)

• US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business

• China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)

• Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop

• BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups (thehackernews.com)

• Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)

• North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)

• ‘We have survived!’: China’s Huawei goes local in response to US sanctions | Financial Times (ft.com)

• Apple is a Chinese company | Financial Times (ft.com)

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)

Vulnerability Management

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

Vulnerabilities

• WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)

• Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs

• Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)

• Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)

• AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)

• Chrome 113 Released With 15 Security Patches - SecurityWeek

• Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek

• Some of the top AMD chips are suffering a serious security flaw | TechRadar

Tools and Controls

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• 86 percent of developers knowingly deploy vulnerable code (betanews.com)

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reigning in ‘Out-of-Control’ Devices – Security Week

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• The pros and cons of VPNs for enterprises | TechTarget

• It's time to harden AI and ML for cyber security | TechTarget

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Using multiple solutions adds complexity to your zero trust strategy - Help Net Security

• Your decommissioned routers could be a security disaster | Network World

• Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)

• 5 API security best practices you must implement - Help Net Security

• 3 questions CISOs expect you to answer during a security pitch | TechCrunch

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• 4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• AppSec Making Progress or Spinning Its Wheels? (darkreading.com)

• Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

• How AI is reshaping the cyber security landscape - Help Net Security

• Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat

• Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• New Generative AI Tools Aim to Improve Security (darkreading.com)

Other News

• Firmware Looms as the Next Frontier for Cyber security (darkreading.com)

• Open Banking: A Perfect Storm for Security and Privacy? – Security Week

• Malicious content lurks all over the web - Help Net Security

• How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)

• Eric Idle tells RSAC to look in the bright side of life • The Register

• Your decommissioned routers could be a security disaster | Network World

• FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)

• Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

• The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

• Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

• Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

• Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

• 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

• Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

• Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

• Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

• City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

• JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79

Threats

Ransomware, Extortion and Destructive Attacks

• City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)

• New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)

• City of London on High Alert After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Copycat Criminals mimicking Lockbit gang in northern Europe security affairs

• Ransom-what? Learning from Hacked Hackers (secureworld.io)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• Council leader 'put her foot down' and refused to pay multi-million pound ransom demand from hackers - Teesside Live (gazettelive.co.uk)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)

• Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)

• Schools don't pay, but ransomware attacks still increasing | TechTarget

• Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

• Nevada Ransomware Has Released Upgraded Locker security affairs

• LockBit Green ransomware variant borrows code from Conti one security affairs

• Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)

• Ransomware attacks on public sector persist in January | TechTarget

• Ransomware attack on data firm ION could take days to fix -sources | Reuters

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Phishing & Email Based Attacks

• Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• Long Con Impersonates Financial Advisers to Target Victims (darkreading.com)

2FA/MFA

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malware

• How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)

• Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

• PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)

• Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (thehackernews.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

• Malvertising attacks are distributing .NET malware loaders • The Register

• Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)

Mobile

• Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)

• Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

Botnets

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

Denial of Service/DoS/DDOS

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)

Internet of Things – IoT

• IoT, connected devices biggest contributors to expanding application attack surface | CSO Online

• European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• Anker finally comes clean about its Eufy security cameras - The Verge

Data Breaches/Leaks

• JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)

• If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can • Graham Cluley

Organised Crime & Criminal Actors

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Cyber Insights 2023: Criminal Gangs - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

Insider Risk and Insider Threats

• Insider attacks becoming more frequent, more difficult to detect - Help Net Security

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber security Breach Will Come from the Inside (darkreading.com)

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

• The next cyber threat may come from within - Help Net Security

• Insider threats: The cyber risks lurking in the dark (betanews.com)

• Executives Worry Equally About Insider Cyber Errors, Outsider Threats: How MSSPs Can Help - MSSP Alert

• Former Ubiquiti dev pleads guilty to data theft, extortion • The Register

Fraud, Scams & Financial Crime

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire

• Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)

Impersonation Attacks

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

• Why CISOs Should Care About Brand Impersonation Scam Sites (darkreading.com)

AML/CFT/Sanctions

• As the anti-money laundering perimeter expands, who needs to be compliant, and how? - Help Net Security

Insurance

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

Supply Chain and Third Parties

• 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek

• Almost all Organisations are Working with Recently Breached Vendors - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of organisations have indirect relationships with 200+ breached fourth-party vendors - Help Net Security

• Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert

• New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online

• CISA to Open Supply Chain Risk Management Office (darkreading.com)

• Cyber Insights 2023 | Supply Chain Security - SecurityWeek

Cloud/SaaS

• Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online

• Hybrid cloud storage security challenges - Help Net Security

• Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security

Containers

• Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)

• Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk

• Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek

API

• The emergence of trinity attacks on APIs - Help Net Security

• API management (APIM): What It Is and Where It’s Going security affairs

Open Source

• Microsoft upgrades Defender to lock down Linux devices • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News

• KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)

Social Media

• Inside TikTok’s proposal to address US national security concerns | CyberScoop

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malvertising

• Malvertising attacks are distributing .NET malware loaders • The Register

Training, Education and Awareness

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

Regulations, Fines and Legislation

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online

Governance, Risk and Compliance

• Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Financial Services Targeted in 28% of UK Cyber-Attacks Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• 70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security

• Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• You Don't Know Where Your Secrets Are (thehackernews.com)

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• The corporate world is losing its grip on cyber risk | Financial Times (ft.com)

• IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• Thriving Dark Web Trade in Fake Security Certifications - Infosecurity Magazine (infosecurity-magazine.com)

• The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek

• Economic headwinds could deepen the cyber security skills shortage | CSO Online

Law Enforcement Action and Take Downs

• 7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Hacker accused of having stolen personal data of all Austrians security affairs

• Alleged ShinyHunters gang member in US court • The Register

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

Privacy, Surveillance and Mass Monitoring

• On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)

• Hacker accused of having stolen personal data of all Austrians security affairs

• Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)

Artificial Intelligence

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• OpenAI releases tool to detect AI-written text (bleepingcomputer.com)

• Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop

• Cyber Insights 2023: Artificial Intelligence - SecurityWeek

Misinformation, Disinformation and Propaganda

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

• Cyber Insights 2023: The Geopolitical Effect - SecurityWeek

Nation State Actors

Nation State Actors – Russia

• Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)

• Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

Nation State Actors – China

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

• TikTok CEO to testify before US. Congress over security concerns | Reuters

Nation State Actors – North Korea

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

Nation State Actors – Iran

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

Nation State Actors – Misc

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• New APT34 Malware Targets The Middle East (trendmicro.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Vulnerability Management

• The future of vulnerability management and patch compliance - Help Net Security

• What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)

Vulnerabilities

• Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)

• Patch management is crucial to protect Exchange servers, Microsoft warns security affairs

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)

• Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)

• Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)

• Why you might not be done with your January Microsoft security patches | CSO Online

• Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ | The Daily Swig (portswigger.net)

• HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)

• High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs

• Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)

• Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability (thehackernews.com)

• CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)

• Threat activity increasing around Fortinet VPN vulnerability | TechTarget

• Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online

Tools and Controls

• Gartner report shows zero trust isn’t a silver bullet | VentureBeat

Other News

• We can't rely on goodwill to protect our critical infrastructure - Help Net Security

• Playing Military Sim War Thunder May Get You Classed as a National Security Risk

• Cyber attacks in space: How safe are our satellites? | Metro News

• Threat Actors Use ClickFunnels to Bypass Security Services - Infosecurity Magazine (infosecurity-magazine.com)

• Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.