Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

The Human Element- Cyber Security’s Great Challenge

According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.

Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.

Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.

Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]

Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows

Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.

The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.

Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.

Sources [Computer Weekly]  [Beta News] [Beta News]

Despite Increasing Ransomware Attacks, Some Companies are in Denial

A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.

Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.

In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.

Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]

A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People

It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.

In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.

Sources: [The Register] [Computer Weekly]

The True Cost of a Ransomware Attack

While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.

For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [ITPro]

Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk

A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.

The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.

Source: [TechXplore]

Cyber Security Investment Involves More Than Just Technology

C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Dark Reading]

Questions Leaders Must Ask Themselves on Security Culture

In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.

Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.

Source: [AT&T]

There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime

The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.

Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.

Sources: [The Currency]

Cyber Attack on British Library Highlights Lack of UK Resilience

A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).

The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.

Source: [FT]

Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements

The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.

With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.

Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.

Sources: [Help Net Security] [Help Net Security]

The Cyber Security Lawsuit Boards are Talking About

For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.

Source: [The New York Times]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget

• Accelerating Security Risk Management (trendmicro.com)

• Companies step up investment in ransomware protection (betanews.com)

• CISOs can marry security and business success - Help Net Security

• 7 must-ask questions for leaders on security culture (att.com)

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Cyber security Investment Involves More Than Just Technology (darkreading.com)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Corporate Boards Mulling Effects of SEC Cyber Enforcement and CISO Exposure, and Possibly Hacker Complaints to SEC | Jackson Lewis P.C. - JDSupra

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Inflation, cyber risks the biggest worry for firms | Nation

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Why transparency and accountability are important in cyber security | Computer Weekly

• ‘I employ a lot of hackers’: how a stock exchange chief deters cyber attacks | Cyberwar | The Guardian

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• Humans Are Notoriously Bad at Assessing Risk - SecurityWeek

• The role experience plays in risk mitigation (betanews.com)

• Internal audit leaders are wary of key tech investments - Help Net Security

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Stressed staff put enterprises at risk of cyber attack (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)

• More than money: The true cost of a ransomware attack | ITPro

• Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert

• Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Companies step up investment in ransomware protection (betanews.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)

• The shifting sands of the war against cyber extortion - Help Net Security

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Ransomware groups rack up victims among corporate America | CyberScoop

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio

• UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology

• Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)

• Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)

• 4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal

Ransomware Victims

• Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor

• British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• ‘Sex life data’ stolen from UK government among record number of ransomware attacks (therecord.media)

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International

• London & Zurich ransomware attack causes customer chaos • The Register

• CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek

• Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Rhysida claims it hacked the British Library - Tech Monitor

• Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)

• Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar

• Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)

• St Helens Council suspected cyber attack caused significant disruption - BBC News

• Western Isles Council backup systems 'inaccessible' following cyber attack | STV News

• Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)

• BlackCat claims attack on Fidelity National Financial • The Register

Phishing & Email Based Attacks

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert

• How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon

Artificial Intelligence

• Cyber threats reached a new high this year, with AI playing a major role | TechRadar

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)

• Smaller businesses embrace GenAI, overlook security measures - Help Net Security

• AI Solutions Are the New Shadow IT (thehackernews.com)

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• OII | Large Language Models pose risk to science with false answers, says Oxford study

Malware

• 5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)

• Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE

• Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• MySQL servers hit by DDoS malware botnet | TechRadar

• 27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts (thehackernews.com)

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)

• Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)

• Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)

• How Ducktail steals Facebook accounts | Kaspersky official blog

• Cyber criminals turn to ready-made bots for quick attacks - Help Net Security

• 3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)

Mobile

• FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek

• Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog

• Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)

Denial of Service/DoS/DDOS

• NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate (databreaches.net)

• MySQL servers hit by DDoS malware botnet | TechRadar

Internet of Things – IoT

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

Data Breaches/Leaks

• 4 data loss examples keeping backup admins up at night | TechTarget

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

• Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)

• US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Sabre Insurance hit by cyber attack | Insurance Times

• Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)

• Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)

• Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)

• Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Sumo Logic says customer data untouched during breach • The Register

Organised Crime & Criminal Actors

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)

• Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

Insider Risk and Insider Threats

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• cyber security: Security violations by employees as harmful as hacking: Report - The Economic Times (indiatimes.com)

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)

Cloud/SaaS

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)

Encryption

• Some unbreakable RSA encryption keys are accidentally leaking online | New Scientist

Passwords, Credential Stuffing & Brute Force Attacks

• Largest study of its kind shows outdated password practices are putting millions at risk (techxplore.com)

• Your password hygiene remains atrocious, says NordPass • The Register

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

Social Media

• How Ducktail steals Facebook accounts | Kaspersky official blog

Malvertising

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

Training, Education and Awareness

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

Regulations, Fines and Legislation

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• What CISOs Need to Know About Materiality | Mimecast

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Does claiming you were hacked when you had really just screwed up violate the FTC Act? (databreaches.net)

• Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records | WIRED

• UK watchdog threatens enforcement action over ad cookies • The Register

Models, Frameworks and Standards

• NIS2 and its global ramifications - Help Net Security

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru

Data Protection

• 1 in 5 executives question their own data protection programs - Help Net Security

Careers, Working in Cyber and Information Security

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Half of Cyber security Professionals Kept Awake By Workload Worries - IT Security Guru

Law Enforcement Action and Take Downs

• Wirecard hacker sentenced to 80 months in prison (ft.com)

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• AI Helps Uncover Russian State-Sponsored Disinformation in Hungary (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Why cyber war readiness is critical for democracies - Help Net Security

• Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)

Nation State Actors

China

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions (thehackernews.com)

Russia

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)

• Embezzlement Scandal Consumes a Top Ukrainian Cyber Official, Jolting Relationship With US - The Messenger

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• The Defence Intelligence of Ukraine Reveals that Russia’s Civil Aviation Industry Is on the Brink of Collapse | Defence Express (defence-ua.com)

Iran

• Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

North Korea

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors (paloaltonetworks.com)

• DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)

• Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

Vulnerability Management

• Reflecting on 20 years of Patch Tuesday | MSRC Blog | Microsoft Security Response Center

Vulnerabilities

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg

• Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)

• Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)

• Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Adobe Releases Security Updates for ColdFusion | CISA

• Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)

Tools and Controls

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Accelerating Security Risk Management (trendmicro.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)

• Companies step up investment in ransomware protection (betanews.com)

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• The role experience plays in risk mitigation (betanews.com)

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

• Identity And Access Management: 18 Important Trends And Considerations

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• MFA under fire, attackers undermine trust in security measures - Help Net Security

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• 6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)

• The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)

Other News

• Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)

• Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)

• UK proposes 'super-complaints' to help keep internet safe • The Register

• Consumers plan to be more consistent with their security in 2024 - Help Net Security

• Security trends public sector leaders are watching | CyberScoop

• Even gas pumps aren't safe from cyber attacks at the moment | TechRadar

• Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider

• Cyber security: New plan to tackle ‘fastest-growing threat’ confronting Australia | The West Australian

• The US government wants to offer better cyber security to major infrastructure firms | TechRadar

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• Australia’s cyber security strategy focuses on protecting small businesses and critical infrastructure | CSO Online

• Cyber security at EU institutions: European Parliament adopt proposed Cyber security Regulation and EU institutions organise cyber security exercise | Practical Law (thomsonreuters.com)

• The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar

• Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)

• Shields Ready: Critical Infrastructure Security and Resilience

• Crimeware and financial cyberthreat predictions for 2024 | Securelist

• Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters

• Read again: Decoding cyber security, safeguarding educational institutions | Edexec

• What direction for the EU Cyber security Competence Centre? – EURACTIV.com

• Unveiling the Most Common Cyber Threats in Retail – International Supermarket News

• Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• 29% of organisations cite data loss as top security breach result | Security Magazine

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)

• Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar

• Security Is a Process, Not a Tool (darkreading.com)

• 6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• Should cyber security overconfidence be on your threat radar? | TechRadar

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Every Business Owner Should Be Thinking About Improving Online Security | Inc.com

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)

• How to withstand the onslaught of cyber security threats - Help Net Security

• 8 ways to cope with cyber security budget cuts | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Law practices and government agencies experience the largest ransomware spikes - Digital Journal

• Orgs still losing logs, powerless to speedy ransomware • The Register

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• 29 new ransomware groups have emerged in 2023 | ITPro

• 46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine

• Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business

• Half of Ransomware Groups Operating in 2023 Are New - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• The Persistent Menace: Understanding And Combating Ransomware (forbes.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Ransomware tracker: The latest figures [November 2023] (therecord.media)

• Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)

• LockBit ransomware group assemble strike team to breach banks, law firms and governments. | by Kevin Beaumont | Nov, 2023 | DoublePulsar

• Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Uncovering the ransomware threat from global supply chains | ITPro

• Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Success eludes the International Counter Ransomware Initiative - Help Net Security

• New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)

• How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)

• Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK

• FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)

• ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• FBI pumping 'significant' resources into Scattered Spider • The Register

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

• It ain’t what you store, it’s the way you restore it. • The Register

Ransomware Victims

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• How a cyber attack crippled the world's largest bank for hours | Euronews

• ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)

• FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)

• Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)

• Major cyber attack on Australian ports suggests sabotage by a 'foreign state actor' (theconversation.com)

• Tri-City Medical Center cyber attack impacting patient care (10news.com)

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• LockBit leaks Boeing files after failed ransom negotiations • The Register

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• British Library’s Halloween cyber scare was ransomware | Computer Weekly

• Royal Mail ransomware recovery to cost at least $12 million • The Register

• 9 million patients had data stolen after US medical transcription firm hacked | TechCrunch

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)

• Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News

• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)

• Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week

• Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)

• Stellantis production affected by cyber attack at auto supplier - The Columbian

Phishing & Email Based Attacks

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)

Artificial Intelligence

• UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)

• UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK

• AI disinformation campaigns pose major threat to 2024 elections - Help Net Security

• AI poses growing threat to next general election, warns UK cyber security agency | UK News | Sky News

• Microsoft blocks internal access to ChatGPT over security • The Register

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED

• CISA Has a New Road Map for Handling Weaponized AI | WIRED

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)

• How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker

• Top 5 Risks of Artificial Intelligence - IT Security Guru

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Malware

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Infostealers and the high value of stolen data - Help Net Security

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• Ducktail Malware Targets the Fashion Industry (darkreading.com)

Mobile

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com

• Apple and Google have made phones the key to your digital life. Here’s what to do if you lose it. - Vox

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• How to spot a fake data blocker that could hack your computer in seconds | ZDNET

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Denial of Service/DoS/DDOS

• Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online

• How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)

Internet of Things – IoT

• UK Privacy Regulator Issues Black Friday Smart Device Warning - Infosecurity Magazine (infosecurity-magazine.com)

• How to protect your organisation from IoT malware | TechTarget

• Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)

Data Breaches/Leaks

• Infostealers and the high value of stolen data - Help Net Security

• 29% of organisations cite data loss as top security breach result | Security Magazine

• McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)

• Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)

• Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)

• Fourth time unlucky: Okta hit by new cyber attack - Digital Journal

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• The real cost of healthcare cyber security breaches - Help Net Security

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)

• Samsung warns some customers their data may have been stolen by hackers | TechRadar

• Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)

• Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)

• Morgan Stanley fined over computers with personal data (cnbc.com)

• Samsung says hackers accessed customer data during year-long breach | TechCrunch

• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED

• Electric Ireland Confirms Compromise of 8,000 Customers’ Personal and Financial Data - IT Security Guru

Organised Crime & Criminal Actors

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• 'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Ethereum hacked to steal millions from users across the world | TechRadar

• Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)

Insider Risk and Insider Threats

• Employees putting businesses at risk downloading apps and software without consent | theHRD (thehrdirector.com)

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Insurance

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• Cyber insurance predictions for 2024 - Help Net Security

• Cyber ‘Catastrophe Bonds’ Move Step Closer to Hitting Public Debt Markets | Tech News (hindustantimes.com)

• Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News

Supply Chain and Third Parties

• Uncovering the ransomware threat from global supply chains | ITPro

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)

Cloud/SaaS

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• Traditional cloud security isn't up to the task - Help Net Security

• Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security

Identity and Access Management

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

Encryption

• The new frontier in online security: Quantum-safe cryptography (techxplore.com)

• In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

• TETRA encryption algorithms entering the public domain • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)

• Top Passwords Used By Business Executives | NordPass

• Google Workspace security flaws could see hackers easily snaffle your password | TechRadar

• Stop using weak passwords for streaming services - it's riskier than you think | ZDNET

• The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot

Social Media

• Meta and YouTube face criminal surveillance complaints • The Register

• How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)

Malvertising

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Adware activity doubles in Q3 (betanews.com)

Training, Education and Awareness

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Regulations, Fines and Legislation

• EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)

• MPs Dangerously Uninformed About Facial Recognition – Report - Infosecurity Magazine (infosecurity-magazine.com)

• Meta and YouTube face criminal surveillance complaints • The Register

• SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)

• Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Morgan Stanley fined over computers with personal data (cnbc.com)

• White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop

Models, Frameworks and Standards

• What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra

• Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security

Backup and Recovery

• Why backup matters more than ever - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Data Protection

• Web browsing data collected in more detail than previously known, report finds (ft.com)

• Online ad auction data harms national security – claim • The Register

Careers, Working in Cyber and Information Security

• The challenges and opportunities of working in cyber security | TechRadar

• How US SEC legal actions put CISOs at risk and what to do about it | CSO Online

• Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)

Law Enforcement Action and Take Downs

• Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

• NCSC Annual Review on 'state-aligned actors' | Professional Security

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

Nation State Actors

China

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC/ransomware: China’s cyber security industry moves out of the shadows

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• The alarming cyber hack at ICBC (ft.com)

• China proposes auditors undergo cyber security checks if national security involved - CNA (channelnewsasia.com)

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Labour warns against watering down of UK’s takeover screening powers

Russia

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC pays ransom after US hack (finextra.com)

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert

• Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (thehackernews.com)

• Russia will target other countries for web attacks, Ukraine cyber defence chief warns – The Irish Times

• Major hack by Russian gang steals social security numbers and health information from 1.3 million in Maine | Daily Mail Online

• EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)

Iran

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

North Korea

• Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)

• Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Cyber Criminals Exploit Gaza Crisis With Fake Charity - Infosecurity Magazine (infosecurity-magazine.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

Vulnerabilities

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• Juniper networking devices under attack - Help Net Security

• CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)

• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)

• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)

• Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)

• Adobe Releases Security Updates for Multiple Products | CISA

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week

• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week

• Fortinet Releases Security Updates for FortiClient and FortiGate | CISA

• Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)

• New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)

• SAP Patches Critical Vulnerability in Business One Product - Security Week

• Critical flaw fixed in SAP Business One product (securityaffairs.com)

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• Citrix Releases Security Updates for Citrix Hypervisor | CISA

• Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)

• An email vulnerability let hackers steal data from governments around the world (engadget.com)

• Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)

• Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr

• Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)

Tools and Controls

• Building resilience to shield your digital transformation from cyber threats - Help Net Security

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Overview of Open Source Intelligence (OSINT) (eweek.com)

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Traditional cloud security isn't up to the task - Help Net Security

• Top 10 API Security Threats for Q3 2023 - Security Week

• National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• The Importance of Continuous Security Monitoring for a Robust Cyber security Strategy (thehackernews.com)

• NCSC backs use of security.txt for cyber resilience | UKAuthority

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• The new imperative in API security strategy - Help Net Security

• How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)

• Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)

• Threat Intel: To Share or Not to Share is Not the Question - Security Week

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN

• How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics

• Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs

• 8 ways to cope with cyber security budget cuts | TechTarget

• Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)

• Kubernetes adoption creates new cyber security challenges - Help Net Security

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Cyber insurance predictions for 2024 - Help Net Security

• Hundreds of websites cloned to run ads for Chinese gambling • The Register

• AI helps leaders optimize costs and mitigate risks - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Reports Published in the Last Week

• NCSC Annual Review 2023 - NCSC.GOV.UK

Other News

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• 97% of Consumers Predict Cyber attacks Will Get Worse – or at Best, Stay Consistent – in 2024: ThreatX Data Reveals | Business Wire

• 'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• National security at risk from web browsing data collection, report finds (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Collaborative strategies are key to enhanced ICS security - Help Net Security

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks

Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.

https://www.darkreading.com/endpoint/as-social-engineering-attacks-skyrocket-evaluate-your-security-education-plan

• Mobile Users are More Susceptible to Phishing Attacks

A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.

https://www.msspalert.com/cybersecurity-research/mobile-users-more-susceptible-to-phishing-attacks-than-two-years-ago/

• Phishing as a Service Stimulates Cyber Crime

Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.

https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html

• Attacker Breakout Time Drops to Just 84 Minutes

The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.

https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/

• Attackers are Developing and Deploying Exploits Faster Than Ever

A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.

https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/

• Old Vulnerabilities are Haunting Organisations and Aiding Attackers

Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.

https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/

• Scams Drive Nearly $9bn Fraud Surge in 2022

Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.

https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/

• Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This

The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.

https://www.csoonline.com/article/3689008/economic-pressures-are-increasing-cybersecurity-risks-a-recession-would-amp-them-up-more.html

• Cyber Security in this Era of Polycrisis

A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.

https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions

Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.

https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/

• Ransomware Attacks Ravaged Big Names in February

Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.

https://www.techtarget.com/searchsecurity/news/365532056/Ransomware-attacks-ravaged-big-names-in-February

• Firms Who Pay Ransoms Subsidise New Attacks

A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.

https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/

• How the Ukraine War Opened a Fault Line in Cyber Crime

A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.

https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever

Threats

Ransomware, Extortion and Destructive Attacks

• Firms Who Pay Ransom Subsidise 10 New Attacks: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek

• Ransomware attacks ravaged big names in February | TechTarget

• Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)

• Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)

• 'Ethical hacker' among ransomware suspects arrested • The Register

• Wiper malware goes global, destructive attacks surge - Help Net Security

• A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)

• New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)

• PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)

• Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)

• Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)

• US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)

• The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)

• Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley

• US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)

Phishing & Email Based Attacks

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert

• Phishing as a Service Stimulates Cyber crime (trendmicro.com)

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer (trendmicro.com)

BEC – Business Email Compromise

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Expert strategies for defending against multilingual email-based attacks - Help Net Security

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)

• The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)

• How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)

2FA/MFA

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)

• Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)

• Malicious package flood on PyPI might be sign of new attacks to come | CSO Online

• Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (thehackernews.com)

• It's official: BlackLotus malware can bypass secure boot • The Register

• Threat actors target law firms with GootLoader and SocGholish--Security Affairs

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer (trendmicro.com)

Mobile

• Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert

• Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)

• Privacy Concerns Raised Over Android Apps' Data Safety Labels - Infosecurity Magazine (infosecurity-magazine.com)

• Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security

Denial of Service/DoS/DDOS

• Danish Hospitals Struck By Cyber attack From ‘Anonymous Sudan’ (informationsecuritybuzz.com)

Data Breaches/Leaks

• LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek

• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)

• Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)

• More than 200 cyber attacks with theft of personal data reported to Irish authorities in a year (thejournal.ie)

• Threat actors leak Activision employee data on hacking forum--Security Affairs

• 10 US states that suffered the most devastating data breaches in 2022 - Help Net Security

• Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews

• WH Smith targeted by cyber attack with hackers accessing data on current and former employees | Business News | Sky News

• API Security Flaw Found in Booking.com Allowed Full Account Takeover - Infosecurity Magazine (infosecurity-magazine.com)

• Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)

• GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs

• Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)

• What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)

Organised Crime & Criminal Actors

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register

• Highly evasive cryptocurrency miner targets macOS--Security Affairs

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (thehackernews.com)

Insider Risk and Insider Threats

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

Fraud, Scams & Financial Crime

• Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

• How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)

• FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security

• Resecurity identified the investment scam network Digital Smoke - Help Net Security

• Pig butchering scam explained: Everything you need to know (techtarget.com)

AML/CFT/Sanctions

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

Insurance

• Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)

• The future of cyber insurance - IT Security Guru

Dark Web

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)

Supply Chain and Third Parties

• Third-party risks overwhelm traditional ERM setups - Help Net Security

• Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

Software Supply Chain

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

• SBOM is a 'massive galaxy of mess' for supply chain security • The Register

• IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)

Cloud/SaaS

• How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)

• Cloud incident response: Frameworks and best practices | TechTarget

• Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security

• It only takes one over-privileged identity to do major damage to a cloud - Help Net Security

• SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

• Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security

• What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)

• Public SaaS Assets Are a Major Risk For Medium, Large Firms - Infosecurity Magazine (infosecurity-magazine.com)

• New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)

Containers

• Hackers Exploit Containerized Environments to Steals Proprietary Data and Software (thehackernews.com)

Hybrid/Remote Working

• Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)

• How to work from home securely, the NSA way (malwarebytes.com)

Encryption

• Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News

API

• Application Security vs. API Security: What is the difference? (thehackernews.com)

• API Security Flaw Found in Booking.com Allowed Full Account Takeover - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)

• Should organisations swear off open-source software altogether? | VentureBeat

• Top 10 open source software risks for 2023 | CSO Online

• IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek

• Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)

Social Media

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO

• TikTok answers three big cyber-security fears about the app - BBC News

• Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica

Training, Education and Awareness

• As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)

Parental Controls and Child Safety

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)

Regulations, Fines and Legislation

• UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)

• Cyber resilience in focus: EU act to set strict standards - Help Net Security

• Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)

• White House to Take Aggressive Stance Mandating Private Industry Make Systems Cyber Safe - MSSP Alert

• ML practitioners push for mandatory AI Bill of Rights - Help Net Security

Governance, Risk and Compliance

• Third-party risks overwhelm traditional ERM setups - Help Net Security

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

• CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)

• The Importance of Recession-Proofing Security Operations (darkreading.com)

• Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert

• Decrypting Cyber Risk Quantification (trendmicro.com)

• How to de-risk your digital ecosystem | CSO Online

• CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek

Models, Frameworks and Standards

• CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping (bleepingcomputer.com)

Careers, Working in Cyber and Information Security

• Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert

• Top 7 cybersecurity jobs in high demand (cointelegraph.com)

• Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)

• Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert | Computer Weekly

• Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert

• CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)

Law Enforcement Action and Take Downs

• 'Ethical hacker' among ransomware suspects arrested • The Register

• The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)

• Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian

• Privacy Concerns Raised Over Android Apps' Data Safety Labels - Infosecurity Magazine (infosecurity-magazine.com)

• The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)

• How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)

Artificial Intelligence

• Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)

• ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security

• How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)

• ML practitioners push for mandatory AI Bill of Rights - Help Net Security

Misinformation, Disinformation and Propaganda

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)

• Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)

• 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

• Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)

• CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• Russian charged with smuggling US counterintel tech • The Register

• Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online

• China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)

• 'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek

• Belgium’s cyber security agency links China to spear phishing attack on MP | Financial Times (ft.com)

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

• China Is Relentlessly Hacking Its Neighbors | WIRED

Nation State Actors

• Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)

• Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch

• Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)

• CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs

• Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• Russian charged with smuggling US counterintel tech • The Register

• Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online

• EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO

• China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)

• 'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek

• Belgium’s cyber security agency links China to spear phishing attack on MP | Financial Times (ft.com)

• 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

• China Is Relentlessly Hacking Its Neighbors | WIRED

• TikTok answers three big cyber-security fears about the app - BBC News

• Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)

• Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)

Vulnerability Management

• Unpatched old vulnerabilities continue to be exploited: Report | CSO Online

• All CVEs Are Not Created Equal (darkreading.com)

Vulnerabilities

• A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica

• Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig (portswigger.net)

• Popular IBM file transfer tool vulnerable to cyber attacks, CISA says - The Record from Recorded Future News

• Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs

• All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)

• CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)

• Security Defects in TPM 2.0 Spec Raise Alarm - SecurityWeek

• Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)

• Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)

• Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)

Tools and Controls

• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)

• Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online

• The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)

• Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security

• How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat

• Zero trust: building a mixed estate - NCSC.GOV.UK

• Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert

• Application Security vs. API Security: What is the difference? (thehackernews.com)

• A new AI-based tool to detect DDoS attacks

• CISA Shares Advice to Improve Networks' Monitoring and Hardening - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - Microsoft Security Blog

• Accurately assessing the success of zero-trust initiatives | TechTarget

Other News

• Attackers are developing and deploying exploits faster than ever - Help Net Security

• Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)

• Moving target defence must keep cyber attackers guessing - Help Net Security

• Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security

• Dormant accounts are a low-hanging fruit for attackers - Help Net Security

• Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)

• News Corp says state hackers were on its network for two years (bleepingcomputer.com)

• UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs

• To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)

• Feds accuse Google of destroying evidence in antitrust case • The Register

• Microsoft recommending you scan more Exchange server files • The Register

• CISA director urges tech sector to stop shipping unsafe products | CyberScoop

• Developers can make a great extension of your security team - Help Net Security

• 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)

• Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security

• Wiz execs: Most overhyped security tool is technology itself • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Employees Bypass Cyber Security Guidance to Achieve Business Objectives

Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.

https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

• Three Quarters of Businesses Braced for Serious Email Attack this Year

According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.

https://www.csoonline.com/article/3688573/three-quarters-of-businesses-braced-for-serious-email-attack-this-year.html#tk.rss_news

• The Cost of Living Crisis is Triggering a Wave of Workplace Crime

Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000.  Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.

https://news.sky.com/story/the-cost-of-living-crisis-is-triggering-a-wave-of-workplace-crime-heres-how-12817082

• Fighting Ransomware with Cyber Security Audits

With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.

https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html

• Record Levels of Fraud Impacting 90% of Payment Compliance Teams

New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.

https://www.itsecurityguru.org/2023/02/17/overwhelm-impacts-90-of-payment-compliance-teams-as-they-combat-record-levels-of-fraud/

• CISOs Struggle with Stress and Limited Resources

A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.

https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/

• Cyber Threats and Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.

https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry

• HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.

 https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ 

• Social Engineering is Becoming Increasingly Sophisticated

The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.

https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html

• A Fifth of Brits Have Fallen Victim to Online Scammers

Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.

https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

• Cyber Attacks Hit Data Centres to Steal Information from Companies

Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.

https://www.csoonline.com/article/3688909/cyberattacks-hit-data-centers-to-steal-information-from-global-companies.html#tk.rss_news  

• Phishing Fears Ramp Up on Email, Collaboration Platforms

Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.

https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms

• The War in Ukraine has Shaken up the Cyber Criminal Eco-System

One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.

https://www.zdnet.com/article/the-war-in-ukraine-has-shaken-up-the-cybercriminal-ecosystem-google-says/

• Police Bust €41m Email Scam Gang

A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.

https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/

Threats

Ransomware, Extortion and Destructive Attacks

• HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)

• An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)

• A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)

• Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)

• Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)

• Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

• Royal Mail resumes overseas deliveries via post offices after cyber-attack | Royal Mail | The Guardian

• LockBit gang takes credit for attack on water utility in Portugal - The Record from Recorded Future News

• IBM: Ransomware defenders showing signs of improvement | TechTarget

• ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert

• Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)

• Warnings were issued over a log-in system used by Cork university in weeks before cyber attack (thejournal.ie)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs

• Student Medical Records Exposed After LAUSD Breach (darkreading.com)

Phishing & Email Based Attacks

• Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online

• Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)

• Big rise in 'email thread hijacking' by cyber criminals (rte.ie)

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing as a Service (cyberark.com)

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

BEC – Business Email Compromise

• Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering, deception becomes increasingly sophisticated-Security Affairs

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)

2FA/MFA

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

Malware

• GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft (thehackernews.com)

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

• Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica

• Researchers warn of 'Havoc' command and control tool • The Register

• New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)

• Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs

• New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)

• Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)

• Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Defenders on high alert as backdoor attacks become more common - Help Net Security

Mobile

• Five easy steps to keep your smartphone safe from hackers | ZDNET

• Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cybercrime Ecosystem” on Messaging App - CPO Magazine

• Accidental WhatsApp account takeovers? It's a thing • The Register

• Google will boost Android security through firmware hardening (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Seven German Airports Hit by Suspected Cyber Attack (heimdalsecurity.com)

• 4 Tips to Guard Against DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Locking down the remote printer • The Register

• Are your IoT devices at risk? Cyber security concerns for 2023 - Help Net Security

Data Breaches/Leaks

• Sensitive US military emails exposed by unsecured Azure server • The Register

• DNA testing firm inks settlement after forgotten DB break-in • The Register

• Activision did not notify employees of data breach for months | TechCrunch

• GoDaddy blasted for breach response | SC Media (scmagazine.com)

• TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET

• Russian cyber crime alliances upended by Ukraine invasion • The Register

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cyber crime Ecosystem” on Messaging App - CPO Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

• Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)

• ‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)

• Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insider Risk and Insider Threats

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)

• Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security

Fraud, Scams & Financial Crime

• Overwhelm impacts 90% of payment compliance teams as they combat record levels of fraud - IT Security Guru

• The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)

• Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar

• ‘They bleed you dry’: the recruitment scammers preying on Australian job seekers | Australia news | The Guardian

• City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insurance

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Supply Chain and Third Parties

• UK NCSC Launches Recommendations on Supply Chain Mapping - Infosecurity Magazine (infosecurity-magazine.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps (darkreading.com)

• 3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)

Software Supply Chain

• This Will Be the Year of the SBOM, for Better or for Worse (darkreading.com)

Cloud/SaaS

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• Four steps SMBs can take to close SaaS security gaps - Help Net Security

• Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)

• Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert

Containers

• 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities (darkreading.com)

Encryption

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

API

• Why people-driven remediation is the key to strong API security - Help Net Security

• ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector | The Daily Swig (portswigger.net)

Open Source

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

Social Media

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• 7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Malvertising

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

Training, Education and Awareness

• Global threats fuel cyber defence training • The Register

Parental Controls and Child Safety

• Over confidence is putting children at risk online says Kaspersky research - IT Security Guru

Regulations, Fines and Legislation

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert

• Benchmarking your cyber security budget in 2023 | VentureBeat

• Security breach? Don’t blame your employees | TechCrunch

• 7 reasons to avoid investing in cyber insurance | CSO Online

• 5 top threats from 2022 most likely to strike in 2023 | CSO Online

• Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online

• Malicious actors push the limits of attack vectors - Help Net Security

Data Protection

• ICO Calls on Accountants to Improve SME Data Protection - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• CISOs struggle with stress and limited resources - Help Net Security

• Stress pushing CISOs out the door | CSO Online

• Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security

Law Enforcement Action and Take Downs

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Supreme Court declines to hear Wikimedia case against NSA surveillance program | CyberScoop

Artificial Intelligence

• MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Security Experts Warn of Foreign Cyber Threat to 2024 Voting - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Musk restricts Starlink for Ukraine, cites World War III | Fortune

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Russia blames 'hackers' for fake missile strike alerts • The Register

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

• British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

Nation State Actors

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• EU Cyber security Agency Warns Against Chinese APTs - Infosecurity Magazine (infosecurity-magazine.com)

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Russian spy working inside as security in a British embassy has been jailed for 13 years | UK News | Sky News

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• EU Organisations Warned of Chinese APT Attacks - SecurityWeek

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)

• Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)

• Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Vulnerability Management

• CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Vulnerabilities

• US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)

• Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy (thehackernews.com)

• SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek

• Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit-Security Affairs

• A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED

• VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)

• New Privilege Escalation Bug Class Found on macOS and iOS - Infosecurity Magazine (infosecurity-magazine.com)

• PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs

• Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek

• Hackers Exploit Privilege Escalation Flaw on Windows Backup Service - Infosecurity Magazine (infosecurity-magazine.com)

• Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)

• Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget

• Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security

Tools and Controls

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• 10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)

• Modern Software: What's Really Inside? (darkreading.com)

• Why privileged access management should be critical to your security strategy | VentureBeat

• The battle for data security now falls on developers; here’s how they can win | VentureBeat

• Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat

• Advantages of the AWS Security Maturity Model (trendmicro.com)

Other News

• Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

• NSA shares guidance on how to secure your home network (bleepingcomputer.com)

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• Malicious actors push the limits of attack vectors - Help Net Security

• Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)

• Is OWASP at Risk of Irrelevance? (darkreading.com)

• Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)

• How to Detect New Threats via Suspicious Activities (thehackernews.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

• White House cyber security strategy to force large companies to make systems secure by design | CyberScoop

• Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

• The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

• Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

• Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

• Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

• Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

• Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

• EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

• Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

• How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

• Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

• 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

• Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

• US, UK slap sanctions on Russians linked to Conti and more • The Register

• Threat Analysis: VMware ESXi Attacks Soared in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• December ransomware attack leads to massive data breach from California health network - The Record from Recorded Future News

• Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs

• New ESXi ransomware strain spreads, foils decryption tools | TechTarget

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure-Security Affairs

• US Warns Critical Sectors Against North Korean Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cisco Talos spots new MortalKombat ransomware attacks | TechTarget

• Ion: after the hack, the clean-up - Risk.net

• Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS

• City of Oakland systems offline after ransomware attack (bleepingcomputer.com)

• MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)

• MTU data appears on dark web after cyber attack – The Irish Times

• Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)

• LockBit spree hits three large companies (techmonitor.ai)

• Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch

• City of Oakland issued state of emergency after ransomware attack-Security Affairs

• Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland

• LockBit and Royal Mail Ransomware Negotiation Leaked - Infosecurity Magazine (infosecurity-magazine.com)

• No relief in sight for ransomware attacks on hospitals | TechTarget

• Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)

• Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)

Phishing & Email Based Attacks

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security GuruCyber

• Venmo Phishing Abusing LinkedIn "slink"

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC Groups Target Firms With Multilingual Impersonation Attacks - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Malware

• Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Npm Package Uses Typosquatting, Downloads Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft OneNote Abuse for Malware Delivery Surges - Security Week

• New TA886 group targets companies with Screenshotter malware-Security Affairs

• Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security Guru

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Pepsi distributor blames info-stealing malware for breach • The Register

• Malware that can do anything and everything is on the rise - Help Net Security

• Lokibot, AgentTesla Grow in January 2023's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)

• Thousands of WordPress sites have been infected by a mystery malware | TechRadar

• Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)

• Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)

• Hackers Targeting US and German Firms Monitor Victims' Desktops with Screenshotter (thehackernews.com)

• Malware authors leverage more attack techniques that enable lateral movement | CSO Online

Mobile

• RedEyes hackers use new malware to steal data from Windows, phones (bleepingcomputer.com)

Botnets

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)

• 87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)

• The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs

Internet of Things – IoT

• Digital burglaries: The threat from your smart home devices | Fox News

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Data Breaches

• MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

• 4 misconceptions about data exfiltration | VentureBeat

• Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI

• Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)

• Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

• After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop

• Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

• Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk

• A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

• Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• 451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)

• DeFi exploits and access control hacks cost crypto investors billions in 2022: Report (cointelegraph.com)

• Using the blockchain to prevent data breaches | VentureBeat

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump - Infosecurity Magazine (infosecurity-magazine.com)

Insider Risk and Insider Threats

• A former Credit Suisse employee leaked employees' historic bonus data (efinancialcareers.com)

Fraud, Scams & Financial Crime

• Russian IT biz owner made $90M from stolen financial info • The Register

• Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)

• MoneyGram Fraud Victims Get $115m in Compensation - Infosecurity Magazine (infosecurity-magazine.com)

• 'Pig butchering' scams on the rise, luring victims with promises of relationships and riches | CyberScoop

• Cyber security Experts Warn Against Valentine's Day Romance Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Romance scam targets security researcher, hilarity ensues • The Register

• 10 signs that scammers have you in their sights | WeLiveSecurity

• Hackers Leverage PayPal to Send Malicious Invoices - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US, UK slap sanctions on Russians linked to Conti and more • The Register

Insurance

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

Dark Web

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

Supply Chain and Third Parties

• How to manage third-party cyber security risks that are too costly to ignore | TechCrunch

• 5 biggest risks of using third-party services providers | CSO Online

Cloud/SaaS

• Reimagining zero trust for modern SaaS - Help Net Security

• Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat

• Application and cloud security is a shared responsibility - Help Net Security

Attack Surface Management

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLine

Open Source

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)

• Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag

• Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

Social Media

• Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic

• Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies • Graham Cluley

• Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)

• Venmo Phishing Abusing LinkedIn "slink"

Malvertising

• AdSense fraud campaign relies on 10,890 sites that were infected since September 2022-Security Affairs

Training, Education and Awareness

• High-risk users may be few, but the threat they pose is huge - Help Net Security

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Regulations, Fines and Legislation

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• The Online Safety Bill: An attack on encryption (element.io)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

Governance, Risk and Compliance

• Security buyers lack insight into threats, attackers, report finds | Computer Weekly

• Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

• Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think - MSSP Alert

• Actionable intelligence is the key to better security outcomes - Help Net Security

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLineT

• Majority of Firms Make Cyber security Decisions Without Attacker Insight - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations - MSSP Alert

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online

• Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

• Storage security for compliance and cyberwar in 2023 • The Register

Backup and Recovery

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

Careers, Working in Cyber and Information Security

• Get hired in cyber security: Expert tips for job seekers - Help Net Security

• 3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)

• Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)

Law Enforcement Action and Take Downs

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The FBI’s most controversial surveillance tool is under threat | Ars Technica

Artificial Intelligence

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters

Misinformation, Disinformation and Propaganda

• Revealed: the hacking and disinformation team meddling in elections | Technology | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week

• SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi

• US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian

• Six companies join US entity list after Chinese spy balloon • The Register

• How Alan Turing still casts his genius in the age of cyberwar | Metro News

• US warns its citizens in Russia to get out immediately over security fears | Euronews

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• ‘Significant’ debris from China spy balloon retrieved, says US military | US national security | The Guardian

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)

• A.I. in the military could be a game changer in warfare | Fortune

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• The Lessons From Cyberwar, Cyber-in-War and Ukraine  - security Week

• Storage security for compliance and cyberwar in 2023 • The Register

Nation State Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week

• MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• North Korean Hackers Are Attacking US Hospitals | WIRED

• Six companies join US entity list after Chinese spy balloon • The Register

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Group-IB Blocks Attack By Chinese Tonto Team Hackers - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese ship accused of using ‘military-grade laser’ against Philippine vessel | Philippines | The Guardian

• Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)

• A new operating system has been released in Russia! (gizchina.com)

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries (thehackernews.com)

• SideWinder APT Attacks Regional Targets in New Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

Vulnerabilities

• Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)

• Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week

• Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week

• Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch

• Intel issues patches for SGX vulnerabilities • The Register

• Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week

• Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (thehackernews.com)

• Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)

• Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)

• Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week

• Dozens of Vulnerabilities Patched in Intel Products - Security Week

• High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)

• Critical Vulnerability Patched in Cisco Security Products - Security Week

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Tools and Controls

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

• SOAR vs. SIEM: What's the difference? | TechTarget

• PAM is failing - IT Security Guru

• Combining identity and security strategies to mitigate risks - Help Net Security

• Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online

• Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)

• Attack surface management (ASM) is not limited to the surface - Help Net Security

• How to filter Security log events for signs of trouble | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

• Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

• 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

• UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

• Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

• An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

• Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

• Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

• Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

• Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

• Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

• PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

• Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Threats

Ransomware, Extortion and Destructive Attacks

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

• Bitcoin-demanding cyber criminals use bug from 2021 to initiate global ransomware attack  | TechCrunch

• UK second most targeted nation behind America for Ransomware - IT Security Guru

• Hackers who breached ION say ransom paid; company declines comment | Reuters

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)

• Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs

• Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)

• Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)

• Nevada Ransomware has released upgraded locker - Help Net Security

• Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs

• Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online

• Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• New Linux variant of Clop Ransomware uses a flawed encryption-security affairs

• After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop

• Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)

• Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools (darkreading.com)

• Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley

• MKS Instruments falls victim to ransomware attack | CSO Online

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop

Phishing & Email Based Attacks

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert

• An email attack can end up costing you over $1 million - Help Net Security

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• 'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

BEC – Business Email Compromise

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

Malware

• Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)

• Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)

• GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)

• Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)

• New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)

• Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)

Mobile

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• Android phones from Chinese vendors share private data • The Register

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDOS

• Passion botnet cyber  Attacks hit healthcare, as actors offer threat as DDoS-as-a-service  | SC Media (scmagazine.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

Internet of Things – IoT

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)

• Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Breaches/Leaks

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)

• 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek

• US Cyber Ambassador's Twitter account hacked • The Register

• Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Reddit reveals security incident • The Register

• Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)

Organised Crime & Criminal Actors

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek

• Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security

• Australian Man Sentenced for Scam Related to Optus Hack  - SecurityWeek

• Bungling Optus scammer was no criminal mastermind • Graham Cluley

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Avraham Eisenberg in court accused of crypto exchange crash • The Register

• Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)

• Scammers steal $4 million in crypto during in-person meeting • The Register

• Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)

Insider Risk and Insider Threats

• Another RAC staffer nabbed for sharing road accident data • The Register

• Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Fraud, Scams & Financial Crime

• PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware (darkreading.com)

• As V-Day nears: Romance scams cost victims $1.3B last year • The Register

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• Father killed himself after falling victim to romance scam | News | The Times

• 'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• From ‘hi mum’ to crypto fraud: five of the latest scams to watch out for | Cyber crime | The Guardian

• Criminals use Telegram to recruit 'walkers' as America's big banks see an 84% increase in check fraud (cnbc.com)

• 5 Financial Scams To Watch Out For In 2023 (cnbc.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• Banks leave doors open for scammers with flaws in online security | This is Money

• Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Impersonation Attacks

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online

AML/CFT/Sanctions

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

Insurance

• Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)

• Cyber Insurance, A Must-Have for Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• How to Optimise Your Cyber Insurance Coverage (darkreading.com)

Dark Web

• BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Have we learnt nothing from SolarWinds supply chain attacks? • The Register

• Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek

Software Supply Chain

• Security pros say third parties are increasingly the cause of cyber security incidents | SC Media (scmagazine.com)

Cloud/SaaS

• How the Cloud Is Shifting CISO Priorities (darkreading.com)

• Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)

• Amazon S3 to apply security best practices for all new buckets - Help Net Security

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• 7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)

Hybrid/Remote Working

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Predictions For Securing Today's Hybrid Workforce (darkreading.com)

Identity and Access Management

• 4 identity predictions for 2023 | TechTarget

Encryption

• It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

API

• 10 API Security Best Practices To Protect Your Organisation (informationsecuritybuzz.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

Biometrics

• Novel face swaps emerge as a major threat to biometric security - Help Net Security

Social Media

• Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Malvertising

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

Training, Education and Awareness

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

• Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)

Parental Controls and Child Safety

• It’s never too early to chat to your kids about online safety | Sarah Ayoub | The Guardian

Regulations, Fines and Legislation

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Prioritising Cyber security Regulation Harmonisation (darkreading.com)

Governance, Risk and Compliance

• Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• The dangers of unsupported applications - Help Net Security

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Trends that impact on organisations' 2023 security priorities - Help Net Security

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)

• Surge of swatting attacks targets corporate executives and board members | CSO Online

• Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Models, Frameworks and Standards

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Protection

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• European Police Arrest 42 After Cracking Covert App - SecurityWeek

• Eurocops shut down Exclu encrypted messaging app • The Register

• Vastaamo hacking suspect arrested in France | TechTarget

• Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

Artificial Intelligence

• Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber  Attacks? Here are Some Clues - MSSP Alert

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security

• Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

• Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)

• Generative AI: A benefit and a hazard - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Google's Bard AI bot mistake wipes $100bn off shares - BBC News

• $120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)

• Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• What is hybrid warfare? Inside the centre dealing with modern threats - BBC News

• Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB's warrantless surveillance-security affairs

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek

• US teases new China tech sanctions to deflate balloon-makers • The Register

Nation State Actors

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek

• US Downs Chinese Balloon Off Carolina Coast - SecurityWeek

• How did the US successfully shoot down China's 'spy balloon' with a single missile - and what was on it? | US News | Sky News

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Android phones from Chinese vendors share private data • The Register

• US sources insist Chinese balloon was military - BBC News

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• SNP MP Stewart McDonald's emails hacked by Russian group - BBC News

• Australia to remove Chinese surveillance cameras amid security fears - BBC News

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek

• Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Downed balloon one of a ‘fleet’ of Chinese surveillance devices, US alleges | Surveillance | The Guardian

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

• NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (thehackernews.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

• US teases new China tech sanctions to deflate balloon-makers • The Register

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop

Vulnerability Management

• Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online

• The dangers of unsupported applications - Help Net Security

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• How to fix the top 5 cyber security vulnerabilities | TechTarget

• 20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)

Vulnerabilities

• High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek

• Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)

• Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs

• Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)

• GoAnywhere MFT zero-day flaw actively exploited-security affairs

• Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs

• Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online

• Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)

• Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)

• OpenSSL Ships Patch for High-Severity Flaws - SecurityWeek

• Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)

• SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)

• Chrome 110 Patches 15 Vulnerabilities - SecurityWeek

• OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Tools and Controls

• Growing number of endpoint security tools overwhelm users, leaving devices unprotected | CSO Online

• Poor Endpoint Device Management Trigger Cyber  Attacks, New Report Finds - MSSP Alert

• Implementing Digital Rights Management Systems to Safeguard Against Unauthorised Access Of Protected Content (informationsecuritybuzz.com)

• Endpoint security getting easier, but most organisations lack tool consolidation - Help Net Security

Other News

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)

• Surge of swatting a attacks targets corporate executives and board members | CSO Online

• Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Supply Chain Attacks Caused More Data Compromises Than Malware

According to the Identity Theft Resource Center, data compromises steadily increased in the second half of 2022 and cyber attacks remained the primary source of data breaches.

The number of data breaches resulting from supply chain attacks exceeded malware related compromises in 2022 by 40%. According to the report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyber attacks affected 4.3 million people.

https://www.helpnetsecurity.com/2023/01/26/data-compromises-2022/

• What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks

According to the United States’ FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only $50 million of those losses.

Small and medium-sized businesses (SMBs) are especially vulnerable to this form of attack and BEC’s contribution to annual cyber losses not only makes sense but is also likely underreported.

In stark contrast to highly disruptive ransomware attacks, BEC is subversive and is neither technically complicated nor expensive to deploy. In the case of large organisations, the financial fallout of BEC is almost negligible. That’s not the case for small and medium-sized businesses, which often lack the means to absorb similar financial losses.

BEC’s simplicity gives more credence for attackers to target smaller organisations, and because of that, it’s doubly essential for SMBs to be vigilant.

https://www.helpnetsecurity.com/2023/01/25/what-makes-small-medium-sized-businesses-vulnerable-bec-attacks-video/

• Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems

It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organisations need to be more pragmatic when it comes to remediating vulnerabilities, particularly when it comes to prioritisation.

Attack surfaces constantly evolve and change as new applications are developed, old systems are decommissioned, and new assets are registered. Also, more and more organisations are moving towards cloud-hosted infrastructure, which changes the risk and responsibility for securing those assets. Therefore, it is essential to carry out continuous or regular assessments to understand what systems are at risk, instead of just taking a point-in-time snapshot of how the attack surface looks at that moment.

The first step would be to map “traditional” asset types – those easily associated with an organisation and easy to monitor, such as domains and IP addresses. Ownership of these assets can be easily identified through available information (e.g., WHOIS data). The less traditional asset types (such as GitHub repositories) aren’t directly owned by the organisation but can also provide high-value targets or information for attackers.

It’s also important to understand which technologies are in use to make sound judgements based on the vulnerabilities relevant to the organisation. For example, out of one hundred vulnerabilities released within one month only 20% might affect the organisation’s technologies.

Once organisations have a good understanding of which assets might be at risk, context and prioritisation can be applied to the vulnerabilities affecting those assets. Threat intelligence can be utilised to determine which vulnerabilities are already being exploited in the wild.

What is then the correct answer for this conundrum? The answer is that there is no answer! Instead, organisations should consider a mindset shift and look towards preventing issues whilst adopting a defence-in-depth approach; focus on minimising impact and risk by prioritising assets that matter the most and reducing time spent on addressing those that don’t. This can be achieved by understanding your organisation’s attack surface and prioritising issues based on context and relevance.

https://www.helpnetsecurity.com/2023/01/24/understanding-your-attack-surface/

• Cyber Security Pros Sound Alarm Over Insider Threats

Gurucul, a security information and event management (SIEM) solution provider, and Cyber security Insiders, a 600,000-plus member online community for information security professionals, found in their annual 2023 Insider Threat Report that only 3% of respondents surveyed are not concerned with insider risk.

Among all potential insiders, cyber security professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), regular employees (55%), and privileged business users (53%).

The research also found that more than half of organisations in the study had been victimised by an insider threat in the past year. According to the data, 75% of the respondents believe they are moderately to extremely vulnerable to insider threats, an 8% spike from last year. That coincided with a similar percentage who said attacks have become more frequent, with 60% experiencing at least one attack and 25% getting hit by more than six attacks.

https://www.msspalert.com/cybersecurity-research/research-report-cybersecurity-pros-sound-alarm-over-insider-threats/

• Ransomware Attack Hit KFC and Pizza Hut Stores in the UK

Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands. In a statement dated 18 January 2023, Yum! confirmed that unnamed ransomware had impacted some of its IT infrastructure, and that data had been exfiltrated by hackers from its servers. However, although an investigation into the security breach continues, the company said that it had seen no evidence that customer details had been exposed.

What has not yet been made public, and may not even be known to those investigating the breach, is how long hackers might have had access to the company's IT infrastructure, and how they might have been able to gain access to what should have been a secure system. Yum! has also not shared whether it has received a ransom demand from its attackers, and if it did how much ransom was demanded, and whether it would be prepared to negotiate with its extortionists.

https://www.bitdefender.com/blog/hotforsecurity/ransomware-attack-hit-kfc-and-pizza-hut-stores-in-the-uk/

• Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security

Under rules first proposed in 2022 but expected to be finalised as soon as April 2023, publicly traded companies in the US that determine a cyber incident has become “material”, meaning it could have a significant impact on the business, must disclose details to the SEC and investors within four business days. That requirement would also apply “when a series of previously undisclosed, individually immaterial cyber security incidents has become material in the aggregate.

The SEC’s rules will also require the boards of those companies to disclose significant information on their security governance, such as how and when it exercises oversight on cyber risks. That info includes identifying who on the board (or which subcommittee) is responsible for cyber security and their relevant expertise. Required disclosures will also include how often and by which processes board members are informed and discuss cyber risk. The former cyber adviser to the SEC commented that “The problem we have with the current cyber security ecosystem is that it’s very focused on technical mitigation measures and does not contemplate these business, operational, [or] financial factors.”

Whilst this only impacts US firms, we can expect other jurisdictions to follow suit.

https://www.itbrew.com/stories/2023/01/20/forthcoming-sec-rules-will-trigger-tectonic-shift-in-how-corporate-boards-treat-cybersecurity

• Why CISOs Make Great Board Members

Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. The past three years created a perfect storm situation with lasting consequences for how we think about cyber security, and as a result cyber security technologies and teams have shifted from being viewed as a cost centre to a business enabler.

Gartner predicts that by 2025, 40% of companies will have a dedicated cyber security committee. Who is better suited than a CISO to lead that conversation? Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. CISOs can provide advice on moving forward with digital change initiatives and help companies prepare for the future. They can explain the organisation’s risk posture, including exposure related to geopolitical conflict as well as to new business initiatives and emerging threats, and what can be done to mitigate risk.

Lastly, the role of the CISO has evolved from being a risk metrics presenter to a translator of risk to the business. Therefore, the expertise CISOs have developed in recent years in how to explain risk to the board makes them valuable contributors to these conversations. They can elevate the discussion to ensure deep understanding of the trade-offs between growth and risk, enable more informed decision-making, and serve as guardrails for total business alignment.

https://www.securityweek.com/why-cisos-make-great-board-members/

• View From Davos: The Changing Economics of Cyber Crime

Cyber crime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetisation of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.

The motive for cyber crime is clear: to steal money, but the digital nature of cyber crime makes the opportunity uniquely attractive, due to the following:

·       Cryptocurrency makes online extortion, trading illicit goods and services, and laundering fraudulent funds highly anonymous and usually beyond the reach of financial regulators or inspection

·       There isn't enough fear of getting caught for cyber crime.

·       With the explosion in spending on digital transformation, data is the new gold and it is incredibly easy to steal, due to lapses in basic hygiene like encrypting data-at-rest and in-transit or limiting access to only authorised users.

·       Paying extortion through extensive cyber insurance policies only feeds the ransomware epidemic by incentivising further crime, as noted by the FBI.

Fighting cyber crime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioural, and economic elements necessary to manage the reality of ever-growing cyber crime as a predictable and manageable cyber risk.

https://www.darkreading.com/edge-articles/view-from-davos-the-changing-economics-of-cybercrime

• Cloud Based Networks Under Increasing Attack, Report Finds

As enterprises around the world continue to move to the cloud, cyber criminals are following right behind them. There was a 48 percent year-over-year jump in 2022 in cyber attacks on cloud-based networks, and it comes at a time when 98 percent of global organisations use cloud services, according to Check Point. The increases in cyber attacks were experienced in various regions, including Asia (with a 60 percent jump), Europe (50 percent), and North America (28 percent) according to a report by Checkpoint last week.

Check Point explained that "The rise in attacks on the cloud was driven both by an overall increase in cyber attacks globally (38 percent overall in 2022, compared to 48 percent in the cloud) and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact,". Later, Checkpoint highlighted that human error is a significant factor in the vulnerability of cloud-based networks.

The report highlighted the need for defence capabilities in the cloud to improve. According to Check Point, this means adopting zero-trust cloud network security controls, incorporating security and compliance earlier in the development lifecycle, avoiding misconfigurations, and using tools such as an intrusion detection and prevention systems and next-generation web application firewalls. As  commented by Check Point “it is still up to the network and security admins to make sure all their infrastructure is not vulnerable.

https://www.theregister.com/2023/01/20/cloud_networks_under_attack/

• GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key

On 2022-11-30, GoTo informed customers that it had suffered “a security incident”, summarising the situation as follows:

“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”

Two months later, GoTo has come back with an update, and the news isn’t great:

“[A] threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.”

The company also noted that although MFA settings for some Rescue and GoToMyPC customers were stolen, their encrypted databases were not.

https://nakedsecurity.sophos.com/2023/01/25/goto-admits-customer-cloud-backups-stolen-together-with-decryption-key/

• State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns

Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday. The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.

Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other NATO countries.

The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.

NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.

The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.

https://www.theguardian.com/technology/2023/jan/26/state-linked-hackers-in-russia-and-iran-are-targeting-uk-groups-ncsc-warns

• 3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale

A member of a hacker forum going by the name IntelBroker, has offered a database allegedly containing the personal information of 3.7 million people participating in the Hilton Hotels Honors program. According to the actor, the data in question includes personally identifying information such as name, address and Honors IDs. According to the Hilton Hotel, no guest login credentials, contacts, or financial information have been leaked.

https://informationsecuritybuzz.com/3-7-millions-customers-data-hilton-hotel-up-for-sale/

Threats

Ransomware, Extortion and Destructive Attacks

• Rebranded Ransomware Crews Spike Number of Hijacking Incidents in Q4 2022 - MSSP Alert

• The Unrelenting Menace of the LockBit Ransomware Gang | WIRED

• Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)

• FBI hacked into Hive ransomware gang, disrupted operations | TechTarget

• "Workarounds" Helped Royal Mail Resume Shipping After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware victims are refusing to pay, tanking attackers’ profits | Ars Technica

• Vice Society Ransomware Group Targets Manufacturing Companies (trendmicro.com)

• New Mimic ransomware abuses ‘Everything’ Windows search tool (bleepingcomputer.com)

• BlackCat Ransomware gang stole secret military data from industrial explosives manufacturer - Security Affairs

• Contractor error led to Baltimore schools ransomware attack | TechTarget

• LAUSD says Vice Society ransomware gang stole contractors’ SSNs (bleepingcomputer.com)

• Riot Games receives ransom demand from hackers, refuses to pay (bleepingcomputer.com)

Phishing & Email Based Attacks

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• ChatGPT is a bigger threat to cyber security than most realize - Help Net Security

• Phishers Use Blank Images to Disguise Malicious Attachments - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers often use this clever trick to take you to phishing sites — can you spot it? | Tom's Guide (tomsguide.com)

• Yahoo Most Faked Brand Name in Phishing Attempts by Threat Actors in Q4 2022 - MSSP Alert

• Yahoo Overtakes DHL As Most Impersonated Brand in Q4 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT could boost phishing scams | TechTarget

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

• Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)

• New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)

• Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)

BEC – Business Email Compromise

• What makes small and medium-sized businesses vulnerable to BEC attacks - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Social Engineering Tactics are Changing. Awareness Training Must Change Too.| CSA (cloudsecurityalliance.org)

Malware                                                                                   

• BlackBerry: Threat Actors Launch A Unique Malware Sample Every Minute - MSSP Alert

• Linux malware hit a new high in 2022 | TechRadar

• Phishers Use Blank Images to Disguise Malicious Attachments - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers Face Greater Risks from Malware but Many are Unprepared and Vulnerable - MSSP Alert

• New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)

• ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn (darkreading.com)

• Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)

• ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)

• Microsoft plans to kill malware delivery via Excel XLL add-ins (bleepingcomputer.com)

• Hackers use Golang source code interpreter to evade detection (bleepingcomputer.com)

• Hackers Deploy Open-Source Tool Sliver C2, Replacing Cobalt Strike, Metasploit - Infosecurity Magazine (infosecurity-magazine.com)

• Emotet Malware Makes a Comeback with New Evasion Techniques (thehackernews.com)

• 'DragonSpark' Malware: East Asian Cyber Attackers Create an OSS Frankenstein (darkreading.com)

• Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)

• ‘DragonSpark’ threat actor leverages open-source RAT, other Chinese-language tools | SC Media (scmagazine.com)

Mobile

• Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)

• New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)

• Pair of Galaxy App Store Bugs Offer Cyber Attackers Mobile Device Access (darkreading.com)

• Google to phase out legacy apps with Android 14 to improve security - GSMArena.com news

Botnets

• How Does a Botnet Attack Work? - Cyber Defense Magazine

Denial of Service/DoS/DDOS

• Why a hybrid approach can help mitigate DDoS attacks | SC Media

• Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)

Internet of Things – IoT

• Nice smart device – how long does it get software updates? • The Register

• Why British homes are at risk from ‘Trojan Horse’ smart devices (telegraph.co.uk)

• Why most IoT cyber security strategies give zero hope for zero trust - Help Net Security

Data Breaches/Leaks

• Companies impacted by Mailchimp breach warn their customers - Security Affairs

• LastPass owner GoTo says hackers stole customers’ backups | TechCrunch

• GoTo admits: Customer cloud backups stolen together with decryption key – Naked Security (sophos.com)

• GoTo warns customers of crypto key and backup heist • The Register

• 3.7 Million Customers Data Of Hilton Hotels Put Up For Sale (informationsecuritybuzz.com)

• QUT confirms personal data of thousands of staff compromised in cyber attack - ABC News

• Riot Games hacked, now it faces problems to release content - Security Affairs

• ICE releases asylum seekers after exposing their data • The Register

• Hacker Gets Hands on No-Fly List of Alleged Terrorist Suspects (gizmodo.com)

• Risk & Repeat: Breaking down the LastPass breach | TechTarget

• After data breach put their lives at risk, US releases 3000 immigrants seeking asylum (bitdefender.com)

• TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments (darkreading.com)

• T-Mobile Cyber Attack Spurs Law Firm Investigation - MSSP Alert

• Risk & Repeat: Another T-Mobile data breach disclosed | TechTarget

• Entire US "No Fly List" Exposed Online Via Unsecured Server (informationsecuritybuzz.com)

• Near-Record Year for US Data Breaches in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Zacks data breach impacted hundreds of thousands of customers - Security Affairs

• French rugby club Stade Français leaks source code - Security Affairs

Organised Crime & Criminal Actors

• View from Davos: The Changing Economics of Cyber crime (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)

• FBI Confirms Lazarus Group Was Behind $100m Harmony Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt

Insider Risk and Insider Threats

• Research Report: Cyber Security Pros Sound Alarm Over Insider Threats - MSSP Alert

• Hunting Insider Threats on the Dark Web (darkreading.com)

Fraud, Scams & Financial Crime

• Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)

• P-to-P fraud most concerning cyber threat in 2023: CSI | CSO Online

• Lloyds Bank Warns of 80% Surge in Advance Fee Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Posts Advertising Counterfeit Cash Surge 90% - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt

Insurance

• Regulator Stress Test Highlights Cyber Insurance Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 4 tips to find cyber insurance coverage in 2023 | TechTarget

• Insurers in talks on adding state-backed cyber to UK reinsurance scheme | Financial Times (ft.com)

• Cyber Security Posture & Insurance Outlook with Advisen (trendmicro.com)

Dark Web

• Hunting Insider Threats on the Dark Web (darkreading.com)

• Dark Web Posts Advertising Counterfeit Cash Surge 90% - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Attacking The Supply Chain: Developer (trendmicro.com)

Cloud/SaaS

• Report: Cloud-based networks under growing attack • The Register

• Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)

• Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts (darkreading.com)

Attack Surface Management

• Understanding your attack surface makes it easier to prioritize technologies and systems - Help Net Security

Encryption

• Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)

API

• 9 API security tools on the frontlines of cyber security | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)

• Popular password managers auto-filled credentials on untrusted websites | The Daily Swig (portswigger.net)

• Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)

• Password Dependency: How to Break the Cycle - SecurityWeek

Social Media

• The metaverse brings a new breed of threats to challenge privacy and security gatekeepers | CSO Online

Malvertising

• Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)

• Ad Fraud Scheme Tops 12 Billion Daily Bid Requests - Infosecurity Magazine (infosecurity-magazine.com)

• Google Ads invites being abused to push spam, adult sites (bleepingcomputer.com)

• Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)

• Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages (thehackernews.com)

Training, Education and Awareness

• Social Engineering Tactics are Changing. Awareness Training Must Too.| CSA (cloudsecurityalliance.org)

Regulations, Fines and Legislation

• Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register

Governance, Risk and Compliance

• Forthcoming SEC rules will trigger ‘tectonic shift’ in how corporate boards treat cyber security (itbrew.com)

• Just Half of Firms Have Sufficient Cyber Security Budget - Infosecurity Magazine (infosecurity-magazine.com)

• View from Davos: The Changing Economics of Cyber Crime (darkreading.com)

• Why CISOs Make Great Board Members - SecurityWeek

• Awareness Training Must Change | CSA (cloudsecurityalliance.org)

• Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)

• Organisations Must Brace for Privacy Impacts This Year (darkreading.com)

• The Business Imperative of Cyber Information Sharing for Our Collective Defence | World Economic Forum (weforum.org)

Data Protection

• Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register

• ICO Offers Data Protection Advice to SMBs - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Why CISOs Make Great Board Members - SecurityWeek

• Davos Debrief: Critical Shortage of Cyber Security Talent Requires Action on Several Fronts, CompTIA Executive Says (darkreading.com)

• Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)

• 8 cyber security roles to consider | TechTarget

• How To Safeguard Your Business From Cyber Security Stress And Prevent IT Burnout (informationsecuritybuzz.com)

• Can't Fill Open Positions? Rewrite Your Minimum Requirements (darkreading.com)

• Veterans bring high-value, real-life experience as potential cyber security employees | CSO Online

• US is Short Nearly 530,000 Skilled Cyber Security Workers, IT Layoffs Not Slowing Demand - MSSP Alert

• Dozens of Cyber Security Companies Announced Layoffs in Past Year - SecurityWeek

Law Enforcement Action and Take Downs

• FBI hacked into Hive ransomware gang, disrupted operations | TechTarget

• Dutchman Detained for Dealing Details of Tens of Millions of People (darkreading.com)

• Dutch suspect locked up for alleged personal data megathefts – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Organisations Must Brace for Privacy Impacts This Year (darkreading.com)

• The metaverse brings a new breed of threats to challenge privacy and security gatekeepers | CSO Online

• Scientists use Wi-Fi routers to see humans through walls | ZDNET

• Most consumers would share anonymised personal data to improve AI products - Help Net Security

Artificial Intelligence

• ChatGPT is a bigger threat to cyber security than most realize - Help Net Security

• Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek

• Rogue AI ‘could kill everyone’ | News | The Times

• ChatGPT could boost phishing scams | TechTarget

• FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com

• ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)

• Chat Cyber Security: AI Promises a Lot, but Can It Deliver? (darkreading.com)

Misinformation, Disinformation and Propaganda

• Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• UK authorities warn of phishing from Iran, Russia • The Register

• Armis State of Cyberwarfare and Trends Report - IT Security Guru

• North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyber Attacks (thehackernews.com)

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

• Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)

• Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)

• FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com

• “Pegasus” lifts the lid on a sophisticated piece of spyware | The Economist

• North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection Methods - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked TA444 turns to credential harvesting activity - Security Affairs

Nation State Actors

Nation State Actors – Russia

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• UK authorities warn of phishing from Iran, Russia • The Register

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

• Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)

• Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)

Nation State Actors – China

• Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)

• FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com

Nation State Actors – North Korea

• North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyber Attacks (thehackernews.com)

• FBI Confirms Lazarus Group Was Behind $100m Harmony Hack - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection Methods - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked TA444 turns to credential harvesting activity - Security Affairs

Nation State Actors – Iran

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• UK authorities warn of phishing from Iran, Russia • The Register

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

Vulnerability Management

• Extent of reported CVEs overwhelms critical infrastructure asset owners - Help Net Security

• Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium (thehackernews.com)

• Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)

• Trained developers get rid of more vulnerabilities than code scanning tools - Help Net Security

• New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch  - SecurityWeek

• Halo Security unveils KEV feature to improve attack surface visibility - Help Net Security

Vulnerabilities

• Crims can still exploit this NSA-discovered Microsoft bug • The Register

• 75k WordPress sites impacted by critical online course plugin flaws (bleepingcomputer.com)

• Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium (thehackernews.com)

• Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)

• Chrome 109 update addresses six security vulnerabilities - Security Affairs

• Microsoft urges admins to patch on-premises Exchange servers (bleepingcomputer.com)

• Drupal Patches Vulnerabilities Leading to Information Disclosure | SecurityWeek.Com

• Critical Vulnerabilities Patched in OpenText Enterprise Content Management System | SecurityWeek.Com

• Around 19,500 end-of-life Cisco routers exposed to hack - Security Affairs

• In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences | SecurityWeek.Com

• Apple patches are out – old iPhones get an old zero-day fix at last! – Naked Security (sophos.com)

• Apple Patches WebKit Code Execution in iPhones, MacBooks - SecurityWeek

• VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities (thehackernews.com)

• Crooks are already exploiting this bug in old iPhones • The Register

• Logfile nightmare deepens thanks to critical VMware flaws • The Register

• Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)

• Realtek SDK flaw CVE-2021-35394 actively exploited in the wild- Security Affairs

• Lexmark warns of RCE bug affecting 100 printer models, PoC released (bleepingcomputer.com)

• Crims can still exploit this NSA-discovered Microsoft bug • The Register

Tools and Controls

• Is Once-Yearly Pen Testing Enough for Your Organisation? (thehackernews.com)

• Just Half of Firms Have Sufficient Cyber Security Budget - Infosecurity Magazine (infosecurity-magazine.com)

• LastPass owner GoTo says hackers stole customers’ backups | TechCrunch

• Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)

• Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)

• Understanding your attack surface makes it easier to prioritize technologies and systems - Help Net Security

• Companies Struggle With Zero Trust as Attackers Adapt to Get Around It (darkreading.com)

• Federal Agencies Infested by Cyber Attackers via Legit Remote Management Systems (darkreading.com)

• Why a hybrid approach can help mitigate DDoS attacks | SC Media

• CISA Warns Against Malicious Use of Legitimate RMM Software - Infosecurity Magazine (infosecurity-magazine.com)

• Gartner Predicts 10% of Large Enterprises Will Have a Mature and Measurable Zero-Trust Program in Place by 2026 (darkreading.com)

• Steps To Planning And Implementation Of Endpoint Protection (informationsecuritybuzz.com)

Other News

• Hackers can make computers destroy their own chips with electricity | New Scientist

• Scientists use Wi-Fi routers to see humans through walls | ZDNET

• Microsoft 365 outage takes down Teams, Exchange Online, Outlook (bleepingcomputer.com)

• Lessons Learned from the Windows Remote Desktop Honeypot Report (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.

"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."

Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.

"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."

https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/

• Cost of Data Breaches to Global Businesses at Five-Year High

Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:

• Since 2018 the median IT budgets for cyber security more than tripled.

• Between 2020 and 2022 cyber-attacks increased by over a quarter.

• Businesses are increasing their cyber security budgets year-on-year.

In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).

Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.

Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.

https://www.itsecurityguru.org/2023/01/18/cost-of-data-breaches-to-global-businesses-at-five-year-high/

• European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.

Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).

The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.

https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_news

• PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."

PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.

According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

• Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.

Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.

A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”

Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.

Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.

https://www.telegraph.co.uk/business/2023/01/13/royal-mail-boss-face-mps-questions-russian-ransomware-attack/

• Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.

In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.

As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.

Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.

It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.

As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.

Remember always that cyber security should be a non-negotiable feature of all business transactions.

https://informationsecuritybuzz.com/third-party-risk-management-why-2023-could-be-the-perfect-time-to-overhaul-your-tprm-program/

• EU Cyber Resilience Regulation Could Translate into Millions in Fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.

According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.

“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.

The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.

Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.

https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/

• Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.

Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”

They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.

Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.

More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.

https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

• New Report Reveals CISOs Rising Influence

Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence

• ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.

One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.

Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.

ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.

https://www.calcalistech.com/ctechnews/article/sj0lfp11oi

• Mailchimp Discloses a New Security Breach, the Second One in 6 Months

The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.

Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”

The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.

https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html

Threats

Ransomware, Extortion and Destructive Attacks

• Yum Brands says nearly 300 restaurants in UK impacted due to cyber attack | Reuters

• Royal Mail boss to face MPs’ questions over Russian ransomware attack (telegraph.co.uk)

• What is LockBit ransomware and how does it operate? | Royal Mail | The Guardian

• How cyber-attack on Royal Mail has left firms in limbo - BBC News

• Royal Mail restarts limited overseas post after cyber-attack - BBC News

• How Royal Mail’s hacker became the world’s most prolific ransomware group | Financial Times (ft.com)

• Ransomware Trends In Q4 2022: Key Findings And Recommendations (informationsecuritybuzz.com)

• Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw (bleepingcomputer.com)

• Microsoft retracts its report on Mac ransomware (techrepublic.com)

• Royal Mail operations hub in Mallusk hit by ‘cyber attack’ as printer spurts out ransom demands - BelfastTelegraph.co.uk

• Ransomware Dips During 2022: Are Cyber attacks Slowing or Just a Blip? - MSSP Alert

• Up to 1,000 ships affected by DNV ransomware attack - Splash247

• Avast releases free BianLian ransomware decryptor (bleepingcomputer.com)

• Vice Society ransomware leaks University of Duisburg-Essen’s data (bleepingcomputer.com)

• Ransomware attack cuts 1,000 ships off from on-shore servers • The Register

• Royal Mail promises ‘workarounds’ to restore services after ransomware attack | Computer Weekly

• Cyber-crime gangs' earnings slide as victims refuse to pay - BBC News

• Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (bleepingcomputer.com)

Phishing & Email Based Attacks

• How AI chatbot ChatGPT changes the phishing game | CSO Online

• The big risk in the most-popular, and aging, big tech email programs (cnbc.com)

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• Is it your bank or a scam? How to deal with phishing attacks | Economy and Business | EL PAÍS English Edition

• Fake DHL emails allow hackers to breach Microsoft 365 accounts (msn.com)

Other Social Engineering; Smishing, Vishing, etc

• Techniques that attackers use to trick victims into visiting malicious content - Help Net Security

• Mailchimp slips up again, suffers security breach after falling on social engineering banana skin • Graham Cluley

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

2FA/MFA

• CircleCI's hack caused by malware stealing engineer's 2FA-backed session (bleepingcomputer.com)

• The Importance of Multi-Factor Authentication (MFA) - MSSP Alert

Malware

• Qbot Overtakes Emotet in December 2022's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (thehackernews.com)

• New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild (thehackernews.com)

• CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop - Infosecurity Magazine (infosecurity-magazine.com)

• Experts spotted a backdoor that borrows code from CIA's Hive malware - Security Affairs

• ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• Malicious ‘Lolip0p’ PyPi packages install info-stealing malware (bleepingcomputer.com)

• Hackers exploit Cacti critical bug to install malware, open reverse shells (bleepingcomputer.com)

• Hackers can use GitHub Codespaces to host and deliver malware (bleepingcomputer.com)

• Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks (trendmicro.com)

• Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)

• How to spot a cyberbot – five tips to keep your device safe (theconversation.com)

Mobile

• New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)

• Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers (bleepingcomputer.com)

Botnets

• How to spot a cyberbot – five tips to keep your device safe (theconversation.com)

Denial of Service/DoS/DDOS

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

Internet of Things – IoT

• Smart appliances could stop working after two years, says Which? - BBC News

Data Breaches/Leaks

• 6,000+ Customer Accounts Breached, NortonLifeLock Alert Users (informationsecuritybuzz.com)

• 1.7 TB of data from digital intelligence firm Cellebrite leaked online - Security Affairs

• CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop - Infosecurity Magazine (infosecurity-magazine.com)

• LastPass faces mounting criticism over recent breach | TechTarget

• Mailchimp Suffers Another Security Breach Compromising Some Customers' Information (thehackernews.com)

• Mailchimp discloses a new incident, the second one in 6 months - Security Affairs

• Timeline of the latest LastPass data breaches | CSO Online

• PayPal Breach Exposed PII of Nearly 35K Accounts (darkreading.com)

• T-Mobile US says hacker accessed personal data of 37 million customers • TechCrunch

• Twitter says leaked emails not hacked from its systems - BBC News

• Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET

• Twitter sued over data leak that it denied was caused by a flaw | Business

• Nissan North America data breach caused by vendor-exposed database (bleepingcomputer.com)

• 18k Nissan Customers Affected by Data Breach at Third-Party Software Developer | SecurityWeek.Com

• Third-party administrator hack leads to theft of patient data for over 251K | SC Media (scmagazine.com)

Organised Crime & Criminal Actors

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto exchanges freeze accounts tied to North Korea • The Register

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

• FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)

• Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)

• Bitcoin is a ‘hyped-up fraud’, says JP Morgan chief (telegraph.co.uk)

• International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com

Fraud, Scams & Financial Crime

• A $175 Million Dollar Blunder: How A 30-Year-Old Entrepreneur Allegedly Defrauded JP Morgan With 4 Million Fake Email Accounts | Celebrity Net Worth

• Opinion: These online scams to steal your money will shock you -- even if you think you've seen them all - MarketWatch

• Young people warned not to be exploited as ‘money mules’ for UK criminal gangs | Crime | The Guardian

• Hacker stole credit cards from Canada alcohol retailer LCBO - Security Affairs

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

• New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)

• FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)

• The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)

• The threat of location spoofing and fraud - Help Net Security

• HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert

• International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com

Insurance

• Millions of Insurance Customers Compromised Via Supplier - Infosecurity Magazine (infosecurity-magazine.com)

Dark Web

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)

• Illegal Solaris darknet market hijacked by competitor Kraken (bleepingcomputer.com)

Supply Chain and Third Parties

• CircleCI, LastPass, Okta, and Slack: Cyber attackers Pivot to Target Core Enterprise Tools (darkreading.com)

• Third-Party Risk Management: Why 2023 Could Be The Perfect Time To Overhaul Your TPRM Program (informationsecuritybuzz.com)

Cloud/SaaS

• The Dangers of Default Cloud Configurations (darkreading.com)

• Report: Cloud-based networks under growing attack • The Register

• Data Security in Multicloud: Limit Access, Increase Visibility (darkreading.com)

Hybrid/Remote Working

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

Encryption

• Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security

• teiss - Cyber Threats - Managing the treat from quantum computers

• Threats Of Quantum: The Solution Lies In Quantum Cryptography (informationsecuritybuzz.com)

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• TLS Connection Cryptographic Protocol Vulnerabilities (trendmicro.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Compromise of employee device, credentials led to CircleCI breach | SC Media (scmagazine.com)

• PayPal accounts breached in large-scale credential stuffing attack (bleepingcomputer.com)

• Timeline of the latest LastPass data breaches | CSO Online

• NortonLifeLock: threat actors breached Norton Password Manager accounts - Security Affairs

Social Media

• Twitter says leaked emails not hacked from its systems - BBC News

• Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET

• French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs

Malvertising

• Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)

• Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)

• HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert

Training, Education and Awareness

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

Regulations, Fines and Legislation

• GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online

• State of data privacy laws in 2023 | TechTarget

• How data protection is evolving in a digital world - Help Net Security

• EU cyber resilience regulation could translate into millions in fines - Help Net Security

• UN Hearing On Proposed Cyber Crime Treaty: Legal Measures To Tackle Cyber Crimes (informationsecuritybuzz.com)

• Online safety bill: Attempt to jail tech bosses ‘could backfire’ | News | The Times

• Culture secretary examines plans to punish tech bosses over online harms | Financial Times (ft.com)

• French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• How Would the FTC Rule on Noncompetes Affect Data Security? (darkreading.com)

• The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)

• What are International Traffic in Arms Regulations and Export Administration Regulations? (techtarget.com)

Governance, Risk and Compliance

• Technology is a fragile machine that seems to power everything | Android Central

• Third-Party Risk Management: Why 2023 Could Be The Perfect Time To Overhaul Your TPRM Program (informationsecuritybuzz.com)

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)

• Cost of data breaches to global businesses at five-year high- IT Security Guru

• Experts at Davos 2023 sound the alarm on cyber security | World Economic Forum (weforum.org)

• Why Mean Time to Repair Is Not Always A Useful Security Metric (darkreading.com)

• Why are there so many cyber attacks lately? An explainer on the rising trend | Globalnews.ca

• How To Build A Network Of Security Champions In Your Organisation (forbes.com)

• EU cyber resilience regulation could translate into millions in fines - Help Net Security

• What is Business Attack Surface Management? (trendmicro.com)

• How to build a cyber-resilience culture in the enterprise | TechTarget

• Why Businesses Need to Think Like Hackers This Year (darkreading.com)

• How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)

• #WEF23: Geopolitical Instability Means a Cyber “Catastrophe” is Imminent - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber-attack contributes to major Harrogate district firm posting £4.1m loss - The Stray Ferret

Data Protection

• GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online

• How data protection is evolving in a digital world - Help Net Security

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• European Businesses Admit Major Privacy Skills Gap - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)

• IT Burnout may be Putting Your Organisation at Risk (bleepingcomputer.com)

• Sophos Joins List of Cyber security Companies Cutting Staff | SecurityWeek.Com

Law Enforcement Action and Take Downs

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

Privacy, Surveillance and Mass Monitoring

• AI and privacy: Experts worry users may have already ‘traded a lot’ for services - National | Globalnews.ca

• State of data privacy laws in 2023 | TechTarget

• How data privacy and automation offer both challenges and opportunities in a fintech future | Kyndryl: The Heart of Progress | The Guardian

• UK supermarket uses facial recognition tech to track shoppers - Coda Story

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• European Businesses Admit Major Privacy Skills Gap - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• How AI chatbot ChatGPT changes the phishing game | CSO Online

• ChatGPT Opens New Opportunities for Cyber criminals: 5 Ways for Organisations to Get Ready (darkreading.com)

• ChatGPT and its perilous use as a "Force Multiplier" for cyber attacks | Ctech (calcalistech.com)

• AI and privacy: Experts worry users may have already ‘traded a lot’ for services - National | Globalnews.ca

• Potential threats and sinister implications of ChatGPT - Help Net Security

• Criminals seek OpenAI guardrail bypass, use ChatGPT for evil • The Register

• ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Is ChatGPT a cyber security threat? | TechCrunch

Misinformation, Disinformation and Propaganda

• Over Four Billion People Affected By Internet Censorship in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times

• From phishing scams to propaganda: How Russia, rogue nations utilize cyber capabilities against the US | Fox News

• Industrial espionage: How China sneaks out America's technology secrets - BBC News

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters

• Cyber  attacks have tripled in past year, says Ukraine’s cyber security agency | Ukraine | The Guardian

• Pro-Russian Hacktivist Group Targets Czech Presidential Election - Infosecurity Magazine (infosecurity-magazine.com)

• Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware (thehackernews.com)

• Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)

• Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)

• Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)

• Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

• Myanmar Acquired Spyware From Israeli Cyber-intelligence Firm Cognyte, New Docs Reveal - National Security & Cyber - Haaretz.com

Nation State Actors

Nation State Actors – Russia

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times

• From phishing scams to propaganda: How Russia, rogue nations utilize cyber capabilities against the US | Fox News

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters

• Cyber attacks have tripled in past year, says Ukraine’s cyber security agency | Ukraine | The Guardian

• Pro-Russian Hacktivist Group Targets Czech Presidential Election - Infosecurity Magazine (infosecurity-magazine.com)

• Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)

• Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

• Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)

• Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)

• Russians say they can download software from Intel again • The Register

• Nation State Actors – China

• Industrial espionage: How China sneaks out America's technology secrets - BBC News

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• China wants 30 percent CAGR for its infosec industry • The Register

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online