Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 March 2023
Black Arrow Cyber Briefing 03 March 2023:
-It’s Time to Evaluate Your Security Education Plan Amongst the Rise in Social Engineering Attacks
-Mobile Users are More Susceptible to Phishing Attacks
-Phishing as a Service Stimulates Cyber Crime
-Attacker Breakout Time Drops to Just 84 Minutes
-Attackers are Developing and Deploying Exploits Faster Than Ever
-Old Vulnerabilities are Haunting Organisations and Aiding Attackers
-Scams Drive Nearly $9bn Fraud Surge in 2022
-Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
-Cyber Security in This Era of Polycrisis
-Russian Ransomware Projects Rebranded to Avoid Western Sanctions
-Ransomware Attacks Ravaged Big Names in February
-Firms Who Pay Ransom Subsidise New Attacks
-How the Ukraine War Opened a Fault Line in Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks
Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.
Mobile Users are More Susceptible to Phishing Attacks
A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.
Phishing as a Service Stimulates Cyber Crime
Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.
https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html
Attacker Breakout Time Drops to Just 84 Minutes
The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.
https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/
Attackers are Developing and Deploying Exploits Faster Than Ever
A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.
https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/
Old Vulnerabilities are Haunting Organisations and Aiding Attackers
Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.
https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/
Scams Drive Nearly $9bn Fraud Surge in 2022
Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.
https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/
Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.
Cyber Security in this Era of Polycrisis
A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.
https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/
Russian Ransomware Projects Rebranded to Avoid Western Sanctions
Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.
https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/
Ransomware Attacks Ravaged Big Names in February
Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.
Firms Who Pay Ransoms Subsidise New Attacks
A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.
https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/
How the Ukraine War Opened a Fault Line in Cyber Crime
A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.
https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever
Threats
Ransomware, Extortion and Destructive Attacks
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek
Ransomware attacks ravaged big names in February | TechTarget
Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)
Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)
'Ethical hacker' among ransomware suspects arrested • The Register
Wiper malware goes global, destructive attacks surge - Help Net Security
A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)
PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)
Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)
Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)
US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley
US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)
Phishing & Email Based Attacks
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Phishing as a Service Stimulates Cyber crime (trendmicro.com)
BEC – Business Email Compromise
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Expert strategies for defending against multilingual email-based attacks - Help Net Security
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)
The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)
How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)
2FA/MFA
Malware
RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)
Malicious package flood on PyPI might be sign of new attacks to come | CSO Online
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
It's official: BlackLotus malware can bypass secure boot • The Register
Threat actors target law firms with GootLoader and SocGholish--Security Affairs
Mobile
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)
Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security
Denial of Service/DoS/DDOS
Data Breaches/Leaks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)
Threat actors leak Activision employee data on hacking forum--Security Affairs
10 US states that suffered the most devastating data breaches in 2022 - Help Net Security
Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews
Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)
GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs
Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)
What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register
Highly evasive cryptocurrency miner targets macOS--Security Affairs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security
Resecurity identified the investment scam network Digital Smoke - Help Net Security
Pig butchering scam explained: Everything you need to know (techtarget.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Third-party risks overwhelm traditional ERM setups - Help Net Security
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Software Supply Chain
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
SBOM is a 'massive galaxy of mess' for supply chain security • The Register
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Cloud/SaaS
How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)
Cloud incident response: Frameworks and best practices | TechTarget
Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security
It only takes one over-privileged identity to do major damage to a cloud - Help Net Security
SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security
What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)
New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)
Containers
Hybrid/Remote Working
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
How to work from home securely, the NSA way (malwarebytes.com)
Encryption
API
Open Source
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
Should organisations swear off open-source software altogether? | VentureBeat
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)
Social Media
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
TikTok answers three big cyber-security fears about the app - BBC News
Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Cyber resilience in focus: EU act to set strict standards - Help Net Security
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Governance, Risk and Compliance
Third-party risks overwhelm traditional ERM setups - Help Net Security
CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)
The Importance of Recession-Proofing Security Operations (darkreading.com)
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert
Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)
Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert
CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)
Law Enforcement Action and Take Downs
'Ethical hacker' among ransomware suspects arrested • The Register
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Privacy, Surveillance and Mass Monitoring
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian
The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)
How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)
Artificial Intelligence
Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)
ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
Nation State Actors
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
TikTok answers three big cyber-security fears about the app - BBC News
Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)
Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica
Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs
All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)
CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)
Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)
Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)
Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)
Tools and Controls
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)
Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security
How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat
Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert
Application Security vs. API Security: What is the difference? (thehackernews.com)
Accurately assessing the success of zero-trust initiatives | TechTarget
Other News
Attackers are developing and deploying exploits faster than ever - Help Net Security
Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)
Moving target defence must keep cyber attackers guessing - Help Net Security
Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security
Dormant accounts are a low-hanging fruit for attackers - Help Net Security
Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)
News Corp says state hackers were on its network for two years (bleepingcomputer.com)
UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs
To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)
Feds accuse Google of destroying evidence in antitrust case • The Register
Microsoft recommending you scan more Exchange server files • The Register
CISA director urges tech sector to stop shipping unsafe products | CyberScoop
Developers can make a great extension of your security team - Help Net Security
2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)
Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security
Wiz execs: Most overhyped security tool is technology itself • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 February 2023
Black Arrow Cyber Briefing 24 February 2023:
-Employees Bypass Cyber Security Guidance to Achieve Business Objectives
-Three Quarters of Businesses Braced for Serious Email Attack this Year
-The Cost of Living Crisis is Triggering a Wave of Workplace Crime
-Fighting Ransomware with Cyber Security Audits
-Record Levels of Fraud Impacting 90% of Payment Compliance Teams
-CISOs Struggle with Stress and Limited Resources
-Cyber Threats and Regulations Mount for Financial Industry
-HardBit Ransomware Wants Insurance Details to Set the Perfect Price
-Social Engineering is Becoming Increasingly Sophisticated
-A Fifth of Brits Have Fallen Victim to Online Scammers
-Cyber Attacks Hit Data Centres to Steal Information From Companies
-Phishing Fears Ramp Up on Email, Collaboration Platforms
-The War in Ukraine has Shaken up the Cyber Criminal Eco-system
-Police Bust €41m Email Scam Gang
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Bypass Cyber Security Guidance to Achieve Business Objectives
Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.
https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/
Three Quarters of Businesses Braced for Serious Email Attack this Year
According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.
The Cost of Living Crisis is Triggering a Wave of Workplace Crime
Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000. Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.
Fighting Ransomware with Cyber Security Audits
With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.
https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html
Record Levels of Fraud Impacting 90% of Payment Compliance Teams
New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.
CISOs Struggle with Stress and Limited Resources
A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.
https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/
Cyber Threats and Regulations Mount for Financial Industry
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.
https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry
HardBit Ransomware Wants Insurance Details to Set the Perfect Price
Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.
Social Engineering is Becoming Increasingly Sophisticated
The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.
https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html
A Fifth of Brits Have Fallen Victim to Online Scammers
Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Cyber Attacks Hit Data Centres to Steal Information from Companies
Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.
Phishing Fears Ramp Up on Email, Collaboration Platforms
Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.
The War in Ukraine has Shaken up the Cyber Criminal Eco-System
One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.
Police Bust €41m Email Scam Gang
A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.
https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/
Threats
Ransomware, Extortion and Destructive Attacks
HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)
An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)
A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)
Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)
Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)
Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
IBM: Ransomware defenders showing signs of improvement | TechTarget
ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert
Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)
Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs
Student Medical Records Exposed After LAUSD Breach (darkreading.com)
Phishing & Email Based Attacks
Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online
Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)
Big rise in 'email thread hijacking' by cyber criminals (rte.ie)
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
BEC – Business Email Compromise
Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Social engineering, deception becomes increasingly sophisticated-Security Affairs
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)
2FA/MFA
Malware
Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)
Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica
Researchers warn of 'Havoc' command and control tool • The Register
New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)
Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs
New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)
Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)
Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Defenders on high alert as backdoor attacks become more common - Help Net Security
Mobile
Five easy steps to keep your smartphone safe from hackers | ZDNET
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek
Accidental WhatsApp account takeovers? It's a thing • The Register
Google will boost Android security through firmware hardening (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Sensitive US military emails exposed by unsecured Azure server • The Register
DNA testing firm inks settlement after forgotten DB break-in • The Register
Activision did not notify employees of data breach for months | TechCrunch
GoDaddy blasted for breach response | SC Media (scmagazine.com)
TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET
Russian cyber crime alliances upended by Ukraine invasion • The Register
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)
‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)
Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)
SBF faces four additional charges in FTX collapse case • The Register
Insider Risk and Insider Threats
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)
Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security
Fraud, Scams & Financial Crime
The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News
FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)
Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)
Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar
City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)
SBF faces four additional charges in FTX collapse case • The Register
Insurance
Supply Chain and Third Parties
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)
Software Supply Chain
Cloud/SaaS
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
Four steps SMBs can take to close SaaS security gaps - Help Net Security
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)
Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert
Containers
Encryption
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)
7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)
Cyber threats, Regulations Mount for Financial Industry (darkreading.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert
Benchmarking your cyber security budget in 2023 | VentureBeat
7 reasons to avoid investing in cyber insurance | CSO Online
5 top threats from 2022 most likely to strike in 2023 | CSO Online
Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online
Malicious actors push the limits of attack vectors - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
CISOs struggle with stress and limited resources - Help Net Security
Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security
Law Enforcement Action and Take Downs
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
Russian cybercrime alliances upended by Ukraine invasion • The Register
Musk restricts Starlink for Ukraine, cites World War III | Fortune
America Loves Spying by Balloon, Just Like China (gizmodo.com)
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Russia blames 'hackers' for fake missile strike alerts • The Register
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
Nation State Actors
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET
Russian cybercrime alliances upended by Ukraine invasion • The Register
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
America Loves Spying by Balloon, Just Like China (gizmodo.com)
EU Organisations Warned of Chinese APT Attacks - SecurityWeek
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)
Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Vulnerability Management
CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Vulnerabilities
US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek
A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED
VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)
PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek
Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)
Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget
Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security
Tools and Controls
Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)
Why privileged access management should be critical to your security strategy | VentureBeat
The battle for data security now falls on developers; here’s how they can win | VentureBeat
Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat
Advantages of the AWS Security Maturity Model (trendmicro.com)
Other News
Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
NSA shares guidance on how to secure your home network (bleepingcomputer.com)
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
Malicious actors push the limits of attack vectors - Help Net Security
Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)
Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)
How to Detect New Threats via Suspicious Activities (thehackernews.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 February 2023
Black Arrow Cyber Threat Briefing 10 February 2023:
-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian
-Fraud Set to Be Upgraded as a Threat to National Security
-98% of Attacks are Not Reported by Employees to their Employers
-UK Second Most Targeted Nation Behind America for Ransomware
-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
-An Email Attack Can End Up Costing You Over $1 Million
-Cyber Crime Shows No Signs of Slowing Down
-Surge of Swatting Attacks Targets Corporate Executive and Board Members
-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
-PayPal and Twitter Abused in Turkey Relief Donation Scams
-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian
British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.
UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.
Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.
The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.
Fraud Set to Be Upgraded as a Threat to National Security
Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.
It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.
It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.
https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/
98% of Attacks are Not Reported by Employees to their Employers
Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.
UK Second Most Targeted Nation Behind America for Ransomware
Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.
Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.
An Email Attack Can End Up Costing You Over $1 Million
According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.
https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/
Cyber Crime Shows No Signs of Slowing Down
Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.
https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down
Surge of Swatting Attacks Targets Corporate Executive and Board Members
Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.
Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.
https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead
Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.
https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks
Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.
PayPal and Twitter Abused in Turkey Relief Donation Scams
Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.
Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.
Threats
Ransomware, Extortion and Destructive Attacks
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
UK second most targeted nation behind America for Ransomware - IT Security Guru
Hackers who breached ION say ransom paid; company declines comment | Reuters
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)
Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs
Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)
Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)
Nevada Ransomware has released upgraded locker - Help Net Security
Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs
Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online
LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
New Linux variant of Clop Ransomware uses a flawed encryption-security affairs
After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop
Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)
Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)
Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley
MKS Instruments falls victim to ransomware attack | CSO Online
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop
Phishing & Email Based Attacks
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert
An email attack can end up costing you over $1 million - Help Net Security
What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security
'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
BEC – Business Email Compromise
Malware
Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)
Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)
Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)
New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)
Mobile
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
Android phones from Chinese vendors share private data • The Register
'Money Lover' Finance App Exposes User Data (darkreading.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Denial of Service/DoS/DDOS
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
Internet of Things – IoT
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek
NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)
Data Breaches/Leaks
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek
Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)
'Money Lover' Finance App Exposes User Data (darkreading.com)
Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)
Organised Crime & Criminal Actors
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek
Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security
Australian Man Sentenced for Scam Related to Optus Hack - SecurityWeek
Bungling Optus scammer was no criminal mastermind • Graham Cluley
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Avraham Eisenberg in court accused of crypto exchange crash • The Register
Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)
Scammers steal $4 million in crypto during in-person meeting • The Register
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)
Insider Risk and Insider Threats
Another RAC staffer nabbed for sharing road accident data • The Register
Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Fraud, Scams & Financial Crime
PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
As V-Day nears: Romance scams cost victims $1.3B last year • The Register
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
Father killed himself after falling victim to romance scam | News | The Times
'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
Banks leave doors open for scammers with flaws in online security | This is Money
Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Impersonation Attacks
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online
AML/CFT/Sanctions
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
Insurance
Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)
How to Optimise Your Cyber Insurance Coverage (darkreading.com)
Dark Web
BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain and Third Parties
Have we learnt nothing from SolarWinds supply chain attacks? • The Register
Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek
Software Supply Chain
Cloud/SaaS
Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)
Amazon S3 to apply security best practices for all new buckets - Help Net Security
Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)
Hybrid/Remote Working
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Predictions For Securing Today's Hybrid Workforce (darkreading.com)
Identity and Access Management
Encryption
It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
API
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Malvertising
Training, Education and Awareness
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Prioritising Cyber security Regulation Harmonisation (darkreading.com)
Governance, Risk and Compliance
Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Trends that impact on organisations' 2023 security priorities - Help Net Security
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)
Surge of swatting attacks targets corporate executives and board members | CSO Online
Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Models, Frameworks and Standards
Data Protection
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
European Police Arrest 42 After Cracking Covert App - SecurityWeek
Eurocops shut down Exclu encrypted messaging app • The Register
Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Artificial Intelligence
Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber Attacks? Here are Some Clues - MSSP Alert
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security
Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Google's Bard AI bot mistake wipes $100bn off shares - BBC News
$120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)
Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
What is hybrid warfare? Inside the centre dealing with modern threats - BBC News
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek
US teases new China tech sanctions to deflate balloon-makers • The Register
Nation State Actors
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Android phones from Chinese vendors share private data • The Register
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
SNP MP Stewart McDonald's emails hacked by Russian group - BBC News
Australia to remove Chinese surveillance cameras amid security fears - BBC News
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek
Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
US teases new China tech sanctions to deflate balloon-makers • The Register
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop
Vulnerability Management
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online
Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
How to fix the top 5 cyber security vulnerabilities | TechTarget
20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)
Vulnerabilities
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek
Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)
Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs
Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)
GoAnywhere MFT zero-day flaw actively exploited-security affairs
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs
Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)
Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek
Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)
SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)
OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Tools and Controls
Other News
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)
Surge of swatting a attacks targets corporate executives and board members | CSO Online
Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 December 2022
Black Arrow Cyber Threat Briefing 30 December 2022:
-Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief
-Your Business Should Compensate for Modern Ransomware Capabilities Right Now
-Reported Phishing Attacks Have Quintupled
-Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group
-Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs
-Will the Crypto Crash Impact Cyber Security in 2023? Maybe.
-The Worst Hacks of 2022
-Geopolitical Tensions Expected to Further Impact Cyber Security in 2023
-Fraudsters’ Working Patterns Have Changed in Recent Years
-Hacktivism is Back and Messier Than Ever
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief
The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.
Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn.
But Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber was the risk to watch. “What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” Recent attacks that have disrupted hospitals, shut down pipelines and targeted government departments have all fed concern about this expanding risk among industry executives. Focusing on the privacy risk to individuals was missing the bigger picture, Greco added: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.”
Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are exemptions written into policies for certain types of attacks. In 2019, Zurich initially denied a $100mn claim from food company Mondelez, arising from the NotPetya attack, on the basis that the policy excluded a “warlike action”. The two sides later settled. In September, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.
https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d
Your Business Should Compensate for Modern Ransomware Capabilities Right Now
The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organisations experienced a cyber security incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritised improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?
Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.
The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019).
While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organisations are at risk. And in time, all organisations will become a target, which is why it’s time for IT and business leaders to implement tough cyber security protocols.
Reported Phishing Attacks Have Quintupled
In the third quarter of 2022, the international Anti-Phishing Working Group (APWG) consortium observed 1,270,883 total phishing attacks; the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.
Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.
Threat researchers at the cyber security solution provider Fortra noted a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.
In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.
Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.
https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/
Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group
Cyber threat actors Cuba and Royal are driving a 41% boom in ransomware and other attacks hitting industry and consumer goods and services.
According to the Global Threat Intelligence team of information assurance firm NCC Group, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.
Key takeaways from the study:
Ransomware attacks rose by 41% in November.
Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.
Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.
Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)
DDoS attacks continue to increase.
Recent examples in the services sector include the Play ransomware group’s claimed attack of the German H-Hotels chain, resulting in communications outages. This attack reportedly uses a vulnerability in Microsoft Exchange called ProxyNotShell, which as the name implies, has similarities to the ProxyShell zero-day vulnerability revealed in 2021.
Also, back on the scene is the TrueBot malware downloader (a.k.a., the silence.downloader), which is showing up in an increasing number of devices. TrueBot Windows malware, designed by a Russian-speaking hacking group identified as Silence, has resurfaced bearing Ransom.Clop, which first appeared in 2019. Clop ransomware encrypts systems and exfiltrates data with the threat that if no ransom is forthcoming, the data will show up on a leak site.
https://www.techrepublic.com/article/ransomware-ddos-major-upsurge-led-upstart-hacker-group/
Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.
But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.
Organisations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.
However, a recent report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.
Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.
The risks include the potential for interruptions, unauthorised access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information.
Will the Crypto Crash Impact Cyber Security in 2023? Maybe.
With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cyber security world is, how will this rapid decline of cryptocurrency valuations change the cyber crime economy?
Throughout the most recent crypto boom, and even before then, cyber criminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it's a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it's provided a ton of anonymous cover for money laundering on the back end of a range of cyber criminal enterprises.
Even so, according to cyber security experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury's still out on long-term impacts.
Regardless of crypto values, cyber criminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetise their attacks including the use by some ransomware groups taking advantage of yield farming within decentralised finance (DeFi), as an example.
The concept of yield farming is the same as lending money, with a contract in place that clearly shows how much interest will need to be paid. The advantage for ransomware groups is that the 'interest' will be legitimate proceeds, so there will be no need to launder or hide it.
Threat actors are increasingly turning toward 'stablecoins,' which are usually tied to fiat currencies or gold to stem their volatility. In many ways, the downturn in crypto values has increased the risk appetite of cyber criminals and is spurring them into more investment fraud and cryptocurrency scams.
https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe
The Worst Hacks of 2022
The year was marked by sinister new twists on cyber security classics, including phishing, breaches, and ransomware attacks.
With the pandemic evolving into an amorphous new phase and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defences.
Technology magazine Wired looked back on the year's worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.
Russia Hacking Ukraine
For years, Russia has pummelled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country's networks. Since invading Ukraine in February, though, times have changed for some of Russia's most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access.
Twilio and the 0ktapus Phishing Spree
Over the summer, a group of researchers dubbed 0ktapus went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were US-based, but there were dozens in other countries as well.
Ransomware Still Hitting the Most Vulnerable Targets
In recent years, countries around the world and the cyber security industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialised in targeting both categories, and it focused its attacks on the education sector this year.
The Lapsus$ Rampage Continues
The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta.
LastPass
The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys.
Vanuatu
At the beginning of November, Vanuatu, an island nation in the Pacific, was hit by a cyber attack that took down virtually all of the government's digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver's license databases, and tax systems were all down.
Honourable Mention: Twitter-Related Bedlam
Twitter has been in chaos mode for months following Elon Musk's acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users' data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API.
https://www.wired.com/story/worst-hacks-2022/
Geopolitical Tensions Expected to Further Impact Cyber Security in 2023
Geopolitics will continue to have an impact on cyber security and the security posture of organisations long into 2023.
The impact of global conflicts on cyber security was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognise that with this came the threat of Russian-backed cyber-attacks against critical national infrastructure (CNI), especially in retaliation to hefty sanctions. While this may not have materialised in the way many expected, geopolitics is still front of mind for many cyber security experts looking to 2023.
Russia has always been among a handful of states recognised for their cyber prowess and being the source of many cyber criminal gangs. As previously mentioned, we have failed to see a significant cyber-attack, at least one comparable to the Colonial Pipeline incident, in 2022. However the cyber security services provider, e2e-assure, warned: “We have underestimated Russia’s cyber capability. There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).”
NordVPN, the virtual private network (VPN) provider, warns that the cyber-war is only just starting: “With China’s leader securing his third term and Russia’s war in Ukraine, many experts predict an increase in state-sponsored cyber-attacks. China may increase cyber-attacks on Taiwan, Hong Kong, and other countries opposing the regime. Meanwhile, Russia is predicted to sponsor attacks on countries supporting Ukraine.”
We are used to seeing cyber-attacks that encrypt data and ask for ransom, but it is likely in this era of nation-state sponsored attacks we could experience attacks for the sake of disruption.
https://www.infosecurity-magazine.com/news/geopolitical-tensions-impact/
Fraudsters’ Working Patterns Have Changed in Recent Years
Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to the identify verfication provider Onfido. Fraudsters can scale these attacks on an organisation’s systems around the clock.
It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behaviour, attack techniques, and emerging tactics.
Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.
In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.
“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cyber crime are now invariably linked,” said Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”
https://www.helpnetsecurity.com/2022/12/29/less-sophisticated-fraud/
Hacktivism is Back and Messier Than Ever
Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
During its brutal war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labelled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.
The unsophisticated attack—which involves flooding a website with traffic to make it inaccessible—disrupted the Parliament’s website offline for several hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organisations around the world this year, having some limited small-scale successes knocking websites offline for short periods of time. It’s been one player in a bigger hacktivism surge.
Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.
Threats
Ransomware, Extortion and Destructive Attacks
Jersey school locked out of systems as hackers demand "ransom" | Bailiwick Express Jersey
Vice Society Ransomware Attackers Adopt Robust Encryption Methods (thehackernews.com)
Global counter-ransomware task force to become active in January - CyberScoop
Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (darkreading.com)
Rackspace criticized for PR response to ransomware attack (expressnews.com)
Ransomware, DDoS see major upsurge led by upstart hacker group (techrepublic.com)
6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)
Your business should compensate for modern ransomware capabilities right now | VentureBeat
Vice Society Adds Custom-branded Payload PolyVice to its Arsenal | Cyware Alerts - Hacker News
Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics
Ransomware attack at Louisiana hospital impacts 270,000 patients (bleepingcomputer.com)
The mounting death toll of hospital cyber attacks - POLITICO
Royal ransomware claims attack on Intrado telecom provider (bleepingcomputer.com)
Healthcare Providers and Hospitals Under Ransomware's Siege (darkreading.com)
Guardian Australia staff sent home after cyber attack takes out systems (theage.com.au)
Dumfries Arnold Clark garages hit by company-wide cyber attack - Daily Record
Ransom Deadline Given By LockBit In Port Of Lisbon Attack (informationsecuritybuzz.com)
Phishing & Email Based Attacks
Reported phishing attacks have quintupled - Help Net Security
6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
GuLoader implements new evasion techniques - Security Affairs
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (thehackernews.com)
2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux - Neowin
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)
New information-stealing malware is being spread by fake pirate sites | TechSpot
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Smart Home Cyber security Hubs: Protecting Endpoints in Your Smarthome (compuquip.com)
Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)
Data Breaches/Leaks
BetMGM discloses security breach impacting 1.5 Million customers - Security Affairs
Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)
Massive EDiscovery Provider Shut Down Over 'Unauthorized Access' - Above the LawAbove the Law
Data of 400 Million Twitter users up for sale - Security Affairs
It’s all in the (lack of) details: 2022’s badly handled data breaches | TechCrunch
Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
How ‘brazen’ multibillion-dollar crypto fraud fell to pieces | Business | The Times
BTC.com lost $3 million worth of cryptocurrency in cyber attack (bleepingcomputer.com)
Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)
Bitcoin Mining Pool Btc.com Suffers $3 Million Cyber attack – Mining Bitcoin News
Crypto wallet BitKeep lost over $9M over a cyber attack - Security Affairs
Case for blockchain in financial services dented by failures | Financial Times (ft.com)
Digital Assets Of $9.9 Million Stolen In BitKeep Cyber Attack (informationsecuritybuzz.com)
Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)
Scam complaints from Revolut users more than double since 2020 (telegraph.co.uk)
Fraudsters’ working patterns have changed in recent years - Help Net Security
Experts warn of attacks exploiting WordPress gift card plugin - Security Affairs
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
Ukraine shuts down fraudulent call center claiming 18,000 victims (bleepingcomputer.com)
Insurance
Supply Chain and Third Parties
Software Supply Chain
Why Attackers Target GitHub, and How You Can Secure It (darkreading.com)
Improving Software Supply Chain Cyber security (trendmicro.com)
Cloud/SaaS
Identity and Access Management
Enterprises waste money on identity tools they don't use - Help Net Security
Steps To Planning And Implementation Of PAM Solutions (informationsecuritybuzz.com)
Encryption
API
Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)
Google: With Cloud Comes APIs & Security Headaches (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
TikTok User Data Has Been Compromised (giantfreakinrobot.com)
Elon Musk ‘orders Twitter to remove suicide prevention feature’ | Twitter | The Guardian
Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)
Meta settles Cambridge Analytica scandal case for $725m - BBC News
TikTok bans haven't really banned much of anything - The Washington Post
Twitter restores suicide prevention feature | Twitter | The Guardian
Data of 400 Million Twitter users up for sale - Security Affairs
Hacker claims to be selling Twitter data of 400 million users (bleepingcomputer.com)
Malvertising
Privacy
Regulations, Fines and Legislation
Governance, Risk and Compliance
IBM and 70 Global Banks Co-Create New Cyber security, Risk Framework (accelerationeconomy.com)
Economic uncertainty compels IT leaders to rethink their strategy - Help Net Security
3 important changes in how data will be used and treated - Help Net Security
2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)
Secure Disposal
Careers, Working in Cyber and Information Security
IT Jobs: How To Become An Information Security Analyst (informationsecuritybuzz.com)
‘There's a career in cyber security for everyone,’ Microsoft Security CVP says | Fortune
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)
Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian
The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)
Meta settles Cambridge Analytica scandal case for $725m - BBC News
78% of Employers Are Using Remote Work Tools to Spy on You (entrepreneur.com)
Germany: Police surveillance software a legal headache – DW – 12/22/2022
Artificial Intelligence
Code-generating AI can introduce security vulnerabilities, study finds | TechCrunch
AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)
Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians | WIRED
Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU
Ukrainian Hackers Gather Data on Russian Soldiers, Minister Says - Bloomberg
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
German double agent ‘passed Ukraine intelligence to Russia’ (telegraph.co.uk)
Nation State Actors
Nation State Actors – Russia
Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU
Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave – EURACTIV.com
Nation State Actors – China
Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian
Nation State Actors – North Korea
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (thehackernews.com)
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
North Korean hacking outfit impersonating venture capital firms | SC Media (scmagazine.com)
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Patch now: Serious Linux kernel security hole uncovered | ZDNET
Microsoft Patches Azure Cross-Tenant Data Access Flaw | SecurityWeek.Com
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled - Security Affairs
Critical “10-out-of-10” Linux kernel SMB hole – should you worry? – Naked Security (sophos.com)
Log4Shell remains a big threat and a common cause for security breaches | CSO Online
Thousands of Citrix servers vulnerable to patched critical flaws (bleepingcomputer.com)
Netgear warns users to patch recently fixed WiFi router bug (bleepingcomputer.com)
CISA Warns of Active exploitation of JasperReports Vulnerabilities (thehackernews.com)
Tools and Controls
Other News
AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews
Review: 10 Biggest Hacks And Cyber Security Threats Of 2022 (informationsecuritybuzz.com)
New information-stealing malware is being spread by fake pirate sites | TechSpot
Trend Micro: Expect 2023 to Bring Uncertainty to Cyber Attackers and Defenders - MSSP Alert
After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (darkreading.com)
Top 10 Cyber Security Predictions For 2023 Based On Expert Responses (informationsecuritybuzz.com)
The Five Stories That Shaped Cyber security in 2022 | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 December 2022
Black Arrow Cyber Threat Briefing 16 December 2022:
-Executives Take More Cyber Security Risks Than Office Workers
-CISO Role is Diversifying from Technology to Leadership & Communication Skills
-How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor
-Cyber Security Drives Improvements in Business Goals
-Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering
-Managing Cyber Risk in 2023: The People Element
-What We Can't See Can Hurt Us
-Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online
-When Companies Compensate the Hackers, We All Foot the Bill
-HSE Cyber-Attack Costs Ireland $83m So Far
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Executives Take More Cyber Security Risks Than Office Workers
IT software company Ivanti worked with cyber security experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and to find out how companies are preparing for yet-unknown future threats.
The report revealed that despite 97% of leaders and security professionals reporting their organisation is as prepared, or more prepared, to defend against cybersecurity attacks than they were a year ago, one in five wouldn’t bet a chocolate bar that they could prevent a damaging breach.
In fact, the study finds that organisations are racing to fortify against cyber attacks, but the industry still struggles with a reactive, checklist mentality. This is most pronounced in how security teams are prioritising patches. While 92% of security professionals reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning none do.
“Patching is not nearly as simple as it sounds,” said Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and even address vulnerabilities without excess manual intervention”.
Cyber security insiders view phishing, ransomware, and software vulnerabilities as top industry-level threats for 2023. Approximately half of respondents indicated they are “very prepared” to meet the growing threat landscape including ransomware, poor encryption, and malicious employees, but the expected safeguards such as deprovisioning credentials is ignored a third of a time and nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.
The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers.
Additionally:
More than 1 in 3 leaders have clicked on a phishing link
Nearly 1 in 4 use easy-to-remember birthdays as part of their password
They are much more likely to hang on to passwords for years
And they are 5x more likely to share their password with people outside the company.
One survey taker shared, “We’ve experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years – even our most experienced staff are falling prey to it.”
To cope with a rapidly expanding threat landscape, organisations must move beyond a reactive, rules-based approach.
CISO Role is Diversifying from Technology to Leadership & Communication Skills
The role of chief information security officer (CISO), a relatively new executive position, is undergoing some significant changes and an archetype has yet to emerge, a new global report from Marlin Hawk, an executive recruiting and leadership consultant, said.
CISOs are still more likely to serve on advisory boards or industry bodies than on the board of directors. Only 13% of the global CISOs analysed are women; approximately 20% are non-white. Each diversity dimension analysed is down one percentage point year-on-year.
According to James Larkin, managing partner at Marlin Hawk, “Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the chief information officer (CIO), which is to act as the primary gateway from the tech department into the wider business and the outside marketplace. This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the ‘softer’ skill sets of communication, leadership, and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow.”
The job does not come without its downsides. For one, according to the search firm, many CISOs change roles and leave their jobs. Their skillset may not be adequate or new leaders get appointed to the job, they lack the necessary internal support, or their company may not have the required commitment to cyber security to make the job effective.
Key findings from the report include:
45% of global CISOs have been in their current role for two years or less, down from 53% in 2021, with 18% turnover year-on-year. While there is still a lot of movement in the CISO seat, there is potentially some stabilisation emerging.
Approximately 62% of global CISOs were hired from another company, indicating a slight increase in the number of CISOs hired internally (38% were hired internally compared to 36% in 2021) but a large gap remains in appropriate successors.
36% of CISOs analysed with a graduate degree received a higher degree in business administration or management. This is down 10% from last year (46% in 2021). Conversely, there has been an increase to 61% of CISOs receiving a higher degree in STEM subjects (up from 46% in 2021).
How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor
Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratise cyber crime.
With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.
While security teams can also leverage ChatGPT for defensive purposes such as testing code, by lowering the barrier for entry for cyber attacks, the solution has complicated the threat landscape significantly. From a cyber security perspective, the central challenge created by OpenAI’s creation is that anyone, regardless of technical expertise, can create code to generate malware and ransomware on-demand.
Whilst it can be used for good to assist developers in writing code for good, it can (and already has) been used for malicious purposes. Examples including asking the bot to create convincing phishing emails or assist in reverse engineering code to find zero-day exploits that could be used maliciously instead of reporting them to a vendor.
ChatGPT does have inbuilt guardrails designed to prevent the solution from being used for criminal activity. For instance, it will decline to create shell code or provide specific instructions on how to create shellcode or establish a reverse shell and flag malicious keywords like phishing to block the requests.
The problem with these protections is that they’re reliant on the AI recognising that the user is attempting to write malicious code (which users can obfuscate by rephrasing queries), while there’s no immediate consequences for violating OpenAI’s content policy.
https://venturebeat.com/security/chatgpt-ransomware-malware/
Cyber Security Drives Improvements in Business Goals
Cyber threats should no longer be viewed as just an IT problem, but also a business problem, Deloitte said in its latest Future of Cyber study. Operational disruption, loss of revenue, and loss of customer trust are the top three significant impacts of cyber incidents. More than half, or 56%, of respondents told Deloitte they suffered related consequences to a moderate or large extent.
In 2021, the top three negative consequences from cyber incidents and breaches were operational disruption, which includes supply chain and the partner ecosystem, intellectual property theft, and a drop in share price. While operational disruption remained the top concern in 2022, loss of revenue and loss of customer trust and negative brand impact moved up in importance. Intellectual property theft and drop in share price dropped to eighth and ninth (out of ten) in ranking. Losing funding for a strategic initiative, loss of confidence in the integrity of the technology, and impact on employee recruitment and retention moved up in ranking in 2022. Respondents were also asked to mark two consequences they felt would be most important in 2023: Operational disruption and loss of revenue topped the list.
"Today, cyber means business, and it is difficult to overstate the importance of cyber as a foundational and integral business imperative," Deloitte noted in its report. "It [cyber] should be included in every functional area, as an essential ingredient for success—to drive continuous business value, not simply mitigate risks to IT."
Deloitte categorised organisations' cyber security maturity based on their adoption of cyber planning, risk management, and board engagement. Risk management included activities such as industry benchmarking, incident response, scenario planning, and qualitative and quantitative risk assessment.
Whether or not the organisation adopted any of these three practices hinged on stakeholders recognising the importance of cyber responsibility and engagement across the whole organisation, Deloitte said in its report. Examples included having a governing body that comprises IT and senior business leaders to oversee the cyber program, conducting incident-response scenario planning and simulation at the organisational and/or board level, regularly providing cyber updates to the board to secure funding, and conducting regular cyber awareness training for all employees.
https://www.darkreading.com/edge-threat-monitor/cybersecurity-drives-improvements-in-business-goals
Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering
The man who will lead UK efforts to regulate cryptocurrency firms issued a stark condemnation of the sector on Wednesday, telling MPs that in his experience crypto platforms were “deliberately evasive”, facilitated money laundering at scale and created “massively untoward risk”.
The comments from Ashley Alder, the incoming chair of the Financial Conduct Authority, suggest that crypto firms hoping to build businesses in the UK will face an uphill battle when the FCA assumes new powers to regulate broad swaths of the sector.
They also put Alder, who will become FCA chair in February, on a potential collision course with the government’s aspiration to create a high quality crypto hub that fosters innovation, a vision ministers have remained loyal to even as the global crypto market lurches from crisis to crisis, epitomised by the collapse of FTX. The FCA declined to comment on whether their incoming chair’s views were at odds with those of the government.
Alder comments came during a sometimes terse appointment hearing with the cross-party Treasury select committee, where he faced sustained criticism for appearing virtually from Hong Kong and for his lack of familiarity with some parts of the UK market place and its accountability structures.
https://www.ft.com/content/7bf0a760-5fb5-4146-b757-1acc5fc1dee5
Managing Cyber Risk in 2023: The People Element
2022 has had many challenges from cyber war between Russia and Ukraine, continuing ransomware attacks, and a number of high-profile vulnerabilities and zero day attacks. With the attack surface constantly expanding, CISOs and security leaders are acutely aware of the need to minimise risk across people, processes, and technology.
Top infrastructure risk: people
It’s common knowledge that it’s not if, but when, your organisation will be the target of a cyber attack. CISOs and security leaders seem to share the same opinion—according to Trend Micro’s latest Cyber Risk Index (CRI) (1H’2022), 85% of 4,100 respondents across four global regions said its somewhat to very likely they will experience a cyber attack in the next 12 months. More concerning was 90% of respondents had at least one successful cyber attack in the past 12 months.
The CRI (1H’2022) also found that CISOs, IT practitioners, and managers identified that most organisations’ IT security objectives are not aligned with the business objectives, which could cause challenges when trying to implement a sound cyber security strategy.
It’s important to note that while ideal, avoiding a cyber attack isn’t the main goal—companies need to address critical challenges across their growing digital attack surface to enable faster detection and response, therefore minimising cyber risk.
While it's commonly assumed that security efforts should be largely focused on protecting critical servers and infrastructure, the human attack vector shouldn’t be so quickly forgotten.
https://www.trendmicro.com/en_us/ciso/22/e/managing-cyber-risk.html
What We Can't See Can Hurt Us
In speaking with security and fraud professionals, visibility remains a top priority. This is no surprise, since visibility into the network, application, and user layers is one of the fundamental building blocks of both successful security programs and successful fraud programs. This visibility is required across all environments — whether on-premises, private cloud, public cloud, multicloud, hybrid, or otherwise.
Given this, it is perhaps a bit surprising that visibility in the cloud has lagged behind the move to those environments. This occurred partially because few options for decent visibility were available to businesses as they moved to the cloud. But it also partially happened because higher priority was placed on deploying to the cloud than on protecting those deployments from security and fraud threats.
This is unfortunate, since what we can't see can hurt us. That being said, cloud visibility is becoming a top priority for many businesses. There are a few areas where many businesses are looking for visibility to play a key role, including Compliance, Monitoring, Investigation, Response, API Discovery, Application Breaches, and Malicious User Detection.
Organisation have been a bit behind in terms of ensuring the requisite visibility into cloud environments. Whilst time has been lost, it does seem that gaining visibility into the network, application, and user layers is now a priority for many businesses. This is a positive development, as it enables those businesses to better mitigate the risks that operating blindly creates.
https://www.darkreading.com/edge-articles/what-we-can-t-see-can-hurt-us
Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cyber security incident.
On Saturday last week, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.
The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms. Each post refers to a member of the Lapsus$ hacking group who is believed to be responsible for numerous high-profile attacks, including a September cyber attack on Uber where threat actors gained access to the internal network and the company's Slack server.
News outlet BleepingComputer has been told that the newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information. One of the documents seen by BleepingComputer includes email addresses and Windows Active Directory information for over 77,000 Uber employees.
While BleepingComputer initially thought this data was stolen during the September attack, Uber told BleepingComputer it believes it is related to a security breach on a third-party vendor.
When Companies Compensate the Hackers, We All Foot the Bill
Companies are always absorbing costs that are seen as par for the course of budget planning: maintenance, upgrades, office supplies, wastage, shrinkage, etc. These costs ratchet up the price of a company's products and are then passed on to the consumer. Breaches in cyber security and paying out ransoms to hackers should be outside of this remit, and yet more than half of all companies admit to transferring the costs of data breaches on to consumers. Careless or ill-informed employees and other weaknesses in a company's protections lead to catastrophic losses to businesses of around $1,797,945 per minute — and the consumers are paying it off.
If a company estimates the recovery costs from a ransomware attack to exceed the requested payment from the hacker, then it feels like a no-brainer — they're better off just cutting their losses and giving in to the cyber criminal's demands. The issue is that this creates an unvirtuous circle of paying the hacker, which enforces nefarious behaviour and empowers hackers to increase the number and volume of ransoms.
When it comes to ransomware, 32% of companies pay off hackers, and, of that percentage, the average company only retrieves about 65% of its data. Giving in to hackers is counterintuitive. On an even more disturbing note, one study found that 80% of companies that paid a ransom were targeted a second time, with about 40% paying again and a majority of that 40% paying a higher ransom the second time round. This is ludicrous. With 33% of companies suspending operations following an attack, and nearly 40% resorting to laying off staff, it comes as no surprise that the downstream costs are picked up to some extent by the consumer.
As for smaller companies, about 50% of US small businesses don't have a cyber security plan in place, despite the fact that small businesses are three times more likely to be targeted by cyber criminals than larger companies. An average breach costs these companies around $200,000 and has put many out of business. It isn't simply the cost passed on to consumers, it's also the intangible assets, such as brand reputation.
When data is leaked and a site goes down, customers become rightly anxious when their information is sold to the highest bidder on the Dark Web. To safeguard against this, companies of all sizes should exploit automated solutions while training every single member of staff to recognise and report online threats. Paying a ransom does not guarantee the return of data, and for a smaller business, losing valuable customer information could cause long-term damage way beyond the initial attack.
Cyber security professionals, governments, and law enforcement agencies all advise companies to avoid paying the hackers' ransoms. This strategy is affirmed by the success businesses have had in retrieving the stolen data and turning the lights back on — 78% of organisations who say they did not pay a ransom were able to fully restore systems and data without the decryption key. This evidently is not enough to reassure companies who, at the click of a dangerous email being opened, have lost sensitive information and access to their systems and are desperate to get back online. There are many preventative techniques businesses can take advantage of before it even gets to that stage.
HSE Cyber-Attack Costs Ireland $83m So Far
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).
The figures come from a letter from HSE’s chief information officer, seen by The Irish Times. This comes months after the Department of Health suggested in February the attack could end up costing up to €100m ($104m). The letter confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) until October of this year.
Ireland has a very capable national cyber security centre and a well-oiled CSIRT team that engages the public/private sector. If the cost does continue to escalate to €100m, that is the equivalent to everyone in the Republic of Ireland having been defrauded by €20. According to The Irish Times, the costs were said to be “enormous,” and the government has been asked to complete a comprehensive assessment of the impact caused by the breach.
The cyber-attack, believed to have been conducted by Russia-based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email. According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. A total of roughly 100,000 people had their personal data stolen during the cyber-attack.
Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices.
https://www.infosecurity-magazine.com/news/hse-cyber-attack-ireland-dollar83m/
Threats
Ransomware, Extortion and Destructive Attacks
HSE Cyber-Attack Costs Ireland $83m So Far - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware-hit Rackspace email outage enters 12th day • The Register
The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets (bleepingcomputer.com)
Rash of New Ransomware Variants Springs Up in the Wild (darkreading.com)
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com
Preventing a ransomware attack with intelligence: Strategies for CISOs - Help Net Security
LockBit ransomware crew claims attack on California Department of Finance - CyberScoop
When Companies Compensate the Hackers, We All Foot the Bill (darkreading.com)
Clop ransomware uses TrueBot malware for access to networks (bleepingcomputer.com)
TrueBot infections were observed in Clop ransomware attacks - Security Affairs
Play ransomware claims attack on Belgium city of Antwerp (bleepingcomputer.com)
Brooklyn hospital network victim of cyber hack crash (msn.com)
Cyber security Experts Uncover Inner Workings of Destructive Azov Ransomware (thehackernews.com)
Cybereason warns of rapid increase in Royal ransomware | TechTarget
New Royal ransomware group evades detection with partial encryption | CSO Online
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Check Point classifies Azov as wiper, not ransomware | TechTarget
Phishing & Email Based Attacks
Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)
Phishing attack uses Facebook posts to evade email security (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Malware
Microsoft digital certificates have once again been abused to sign malware | Ars Technica
Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)
Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert
Crooks use HTML smuggling to spread QBot malware via SVG files - Security Affairs
A clever trick turns antivirus software into unstoppable data wiping scourges | TechSpot
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Mobile
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims (thehackernews.com)
Why You Should Enable Apple’s New iOS 16.2 Security Feature | Reviews by Wirecutter (nytimes.com)
Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch
Internet of Things – IoT
3.5m IP cameras exposed, with US in the lead - Security Affairs
Are robots too insecure for lethal use by law enforcement? | CSO Online
10 Ways Doorbell Cameras Pose a Threat to Privacy and Security - Listverse
Data Breaches/Leaks
Uber suffers new data breach after attack on vendor, info leaked online (bleepingcomputer.com)
Twitter confirms recent user data leak is from 2021 breach (bleepingcomputer.com)
HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch
Australia's Telstra suffers privacy breach, 132,000 customers impacted | Reuters
Unauthorised server access caused AirAsia data leak: Fahmi | Malaysia | The Vibes
FBI's InfraGard Cyber security Program Breached by Hackers (gizmodo.com)
Aussie Data Breaches Surge 489% in Q4 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Uber staff information leaks after IT supply chain attack • The Register
TPG Telecom joins list of hacked Australian companies, shares slide | Reuters
How companies can avoid costly data breaches - Help Net Security
Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Incoming FCA chair says crypto firms facilitate money laundering | Financial Times (ft.com)
Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times
DOJ divided over charging Binance for alleged crypto crimes, report says | Ars Technica
Facebook Asks Lawmakers Not to Regulate Crypto Too Harshly Just Because of All the Fraud (vice.com)
The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman
Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)
Insider Risk and Insider Threats
Executives take more cyber security risks than office workers - Help Net Security
Managing Cyber Risk in 2023: The People Element (trendmicro.com)
Fraud, Scams & Financial Crime
Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times
Restaurant closes after fraudsters posing as officials steal thousands | News | The Times
Woman gets 66 months in prison for role in $3.3 million ID fraud op (bleepingcomputer.com)
Patrick Giblin conned women all over the US. Now he's going to prison for 5 years | CNN
UK arrests five for selling dodgy point of sale software • The Register
The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman
8 charged with conspiracy to commit securities fraud • The Register
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Uber staff information leaks after IT supply chain attack • The Register
Report highlights serious cyber security issues with US defence contractors | CSO Online
Software Supply Chain
How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)
Microsoft digital certificates have once again been abused to sign malware | Ars Technica
Denial of Service DoS/DDoS
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)
Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica
‘Booter’ sites taken down in global cyber crime bust (gbnews.uk)
Microsoft discovers Windows/Linux botnet used in DDoS attacks | Ars Technica
Cloud/SaaS
Microsoft launches EU 'data boundary' from next year • The Register
HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch
Lego fixes dangerous API vulnerability in BrickLink service | TechTarget (computerweekly.com)
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
Hybrid/Remote Working
Encryption
Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert
The FBI Says Apple’s New Encryption Is “Deeply Concerning” (futurism.com)
Over 85% of Attacks Hide in Encrypted Channels - Infosecurity Magazine (infosecurity-magazine.com)
Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)
API
Open Source
Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities (thehackernews.com)
Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business
Meta warns spyware still being used to target people on social media | Meta | The Guardian
Elon Musk Bans Journalists From Twitter After Reinstating Nazis (gizmodo.com)
Russian disinformation rampant on far-right social media platforms - CyberScoop
HowTo: Fight Cyber-Threats in the Metaverse - Infosecurity Magazine
US politicians propose TikTok ban over China security concerns (telegraph.co.uk)
Training, Education and Awareness
Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season (thehackernews.com)
Remote Work Cyber security Requires a Change in Mindset (informationsecuritybuzz.com)
Parental Controls and Child Safety
TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business
Microsoft Teams is a vector for child sexual abuse material • The Register
Cyber Bullying, Cyber Stalking and Sextortion
Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch
Proposed law offers support to tech-enabled abuse survivors • The Register
Regulations, Fines and Legislation
Privacy concerns are limiting data usage abilities - Help Net Security
European Commission takes step toward approving EU-US data privacy pact | Computerworld
Governance, Risk and Compliance
Managing Cyber Risk in 2023: The People Element (trendmicro.com)
Executives take more cyber security risks than office workers - Help Net Security
Cyber security Drives Improvements in Business Goals (darkreading.com)
Compliance Is Not Enough: How to Manage Your Customer Data (darkreading.com)
5 tips for building a culture of cyber security accountability - Help Net Security
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
What CISOs consider when building up security resilience - Help Net Security
CISO Role is Diversifying From Technology to Leadership & Communication Skills - MSSP Alert
Models, Frameworks and Standards
Why PCI DSS 4.0 Should Be on Your Radar in 2023 (thehackernews.com)
PCI Secure Software Standard version 1.2 sets out new payment security requirements | CSO Online
Backup and Recovery
Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)
Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica
8 charged with conspiracy to commit securities fraud • The Register
Privacy, Surveillance and Mass Monitoring
Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)
Apple should pay €6m for tracking users – French official • The Register
European Commission takes step toward approving EU-US data privacy pact | Computerworld
Privacy concerns are limiting data usage abilities - Help Net Security
Artificial Intelligence
Are robots too insecure for lethal use by law enforcement? | CSO Online
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant
Reassessing cyberwarfare. Lessons learned in 2022 | Securelist
As Wiretap Claims Rattle Government, Greece Bans Spyware | SecurityWeek.Com
Ex-Twitter Worker Gets Prison Time in Saudi 'Spy' Case | SecurityWeek.Com
Reassessing cyberwarfare. Lessons learned in 2022 | Securelist
Nation State Actors
Nation State Actors – Russia
Seven accused of smuggling out US military tech for Moscow • The Register
Neo-Nazi Russian militia appeals for intelligence on Nato member states | Ukraine | The Guardian
NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop
Russian disinformation rampant on far-right social media platforms - CyberScoop
Nation State Actors – China
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day | SecurityWeek.Com
US politicians propose TikTok ban over China security concerns (telegraph.co.uk)
Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)
US to add Chinese chipmaker to trade blacklist | Financial Times (ft.com)
AIIMS cyber attack suspected to have originated in China, Hong Kong - Rediff.com India News
Spies and Lies by Alex Joske — inside China’s intelligence operation | Financial Times (ft.com)
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)
24% of technology applications contain high-risk security flaws - Help Net Security
Vulnerabilities
Hackers exploit critical Citrix ADC and Gateway zero day, patch now (bleepingcomputer.com)
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Adobe Patches 38 Flaws in Enterprise Software Products | SecurityWeek.Com
VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest - Security Affairs
Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities (thehackernews.com)
Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks (bleepingcomputer.com)
Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway | CISA
Security Flaw in Atlassian Products Affecting Multiple Companies (darkreading.com)
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware – Naked Security (sophos.com)
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com
New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products (thehackernews.com)
Apple patches everything, finally reveals mystery of iOS 16.1.2 – Naked Security (sophos.com)
Apple fixed the tenth actively exploited zero-day this year - Security Affairs
High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update | SecurityWeek.Com
Top 5 Web App Vulnerabilities and How to Find Them (thehackernews.com)
Severe vulnerabilities found in most industrial controllers - The Washington Post
Akamai WAF bypassed via Spring Boot to trigger RCE | The Daily Swig (portswigger.net)
Tools and Controls
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
Other News
Cyber Threats Loom as 5B People Prepare to Watch World Cup Final (darkreading.com)
Tech companies must start sharing intelligence to avert global conflicts | Financial Times (ft.com)
Microsoft Defender, Avast, AVG turned against Windows to permanently delete files - Neowin
Analysis Shows Attackers Favour PowerShell, File Obfuscation (darkreading.com)
Automated Cyber campaign Creates Masses of Bogus Software Building Blocks (darkreading.com)
12 types of wireless network attacks and how to prevent them | TechTarget
FuboTV says World Cup streaming outage caused by a cyber attack (bleepingcomputer.com)
MTTR “not a viable metric” for complex software system reliability and security | CSO Online
Low-code/no-code security risks climb as tools gain traction | TechTarget
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 November 2022
Black Arrow Cyber Threat Briefing 18 November 2022:
-Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
-Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
-Is Your Board Prepared for New Cyber Security Regulations?
-Unwanted Emails Steadily Creeping into Inboxes
-People Are Still Using the Dumbest Passwords Available
-Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
-44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
-MFA Fatigue Attacks Are Putting Your Organisation at Risk
-Cyber Security Training Boosts Risk Posture, Research Finds
-MI5 Chief: UK will have to tackle Russian Aggression ‘for Years to Come’
-Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
-Do Companies Need Cyber Insurance?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.
The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.
Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.
Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.
Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.
What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.
Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.
Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.
Is Your Board Prepared For New Cyber Security Regulations?
Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.
Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.
Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.
Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.
In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”
The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:
whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,
the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,
whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.
https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations
Unwanted Emails Steadily Creeping into Inboxes
A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.
This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.
HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.
New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.
For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
People Are Still Using the Dumbest Passwords Available
If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.
Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.
Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.
NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”
NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.
https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818
Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.
Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.
That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.
Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.
Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.
The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.
On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.
And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.
https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.
Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.
Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.
All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.
Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.
MFA Fatigue Attacks Are Putting Your Organisation at Risk
The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.
Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.
One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.
Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.
MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.
Cyber Security Training Boosts Risk Posture, Research Finds
Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.
The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.
The study’s key findings include:
73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.
62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.
Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.
67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.
53% invested in professional cyber security training due to a cyber security insurance audit.
48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.
41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.
Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.
MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’
Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.
Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.
The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.
Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.
McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.
Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.
Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.
Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.
Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.
Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.
However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.
Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.
The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.
While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”
Here are some macro highlights from the survey:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.
Do Companies Need Cyber Insurance?
Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.
Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.
This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.
A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.
Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.
Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.
https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance
Threats
Ransomware and Extortion
Ransomware is a global problem that needs a global solution | TechCrunch
FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)
The psychological fallout of a ransomware crisis - Help Net Security
New extortion scam threatens to damage sites’ reputation, leak data (bleepingcomputer.com)
Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data | SecurityWeek.Com
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
Hive Ransomware Has Made $100m to Date - Infosecurity Magazine (infosecurity-magazine.com)
LockBit Remains Most Prolific Ransomware in Q3 - Infosecurity Magazine (infosecurity-magazine.com)
DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog
Transportation sector targeted by both ransomware and APTs - Help Net Security
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Ransomware on Healthcare Organisations cost Global Economy $92 bn - IT Security Guru
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
Australia to ‘stand up and punch back’ against cyber crims • The Register
LockBit ransomware activity nose-dived in October (techtarget.com)
How to deal with the trauma of the Medibank cyber breach | Andrea Szasz | The Guardian
Researchers secretly helped decrypt Zeppelin ransomware for 2 years (bleepingcomputer.com)
Vanuatu: Hackers strand Pacific island government for over a week - BBC News
Canadian Supermarket Chain Sobeys Hit by Ransomware Attack | SecurityWeek.Com
Two public schools in Michigan hit by a ransomware attack - Security Affairs
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
Top enterprise email threats and how to counter them - Help Net Security
China-Based Sophisticated Phishing Campaign Uses 42,000 Domains - Information Security Buzz
Mass Email Extortion Campaign Claims Server Hack - Infosecurity Magazine (infosecurity-magazine.com)
Netflix Phishing Emails Surge 78% - Infosecurity Magazine (infosecurity-magazine.com)
Earth Preta Spear-Phishing Governments Worldwide (trendmicro.com)
Email Security Best Practices for Phishing Prevention (trendmicro.com)
Malware
Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' (darkreading.com)
QBot phishing abuses Windows Control Panel EXE to infect devices (bleepingcomputer.com)
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper (darkreading.com)
Study: Almost 50% of macOS malware only comes from one app - Neowin
Notorious Emotet botnet returns after a few months off • The Register
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Google Wins Lawsuit Against Glupteba Botnet Operators | SecurityWeek.Com
Mobile
Internet of Things – IoT
Shocker: EV charging infrastructure is seriously insecure • The Register
Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com
Data Breaches/Leaks
Police published sexual assault victims' names and addresses on its website (bitdefender.com)
Whoosh confirms data breach after hackers sell 7.2M user records (bleepingcomputer.com)
Organised Crime & Criminal Actors
Long-Standing Chinese Cyber crime Campaign Spoofs Over 400 Brands | SecurityWeek.Com
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Australia's Hack-Back Plan Against Cyber attackers Raises Familiar Concerns (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
'Three quarters' of retail Bitcoin investors are in the red • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Massive adware campaign spoofs top brands to trick users | TechRadar
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON (darkreading.com)
UK Shoppers Lost £15m+ to Scammers Last Winter - Infosecurity Magazine (infosecurity-magazine.com)
How scammers are now exploiting cashless parking (telegraph.co.uk)
Experts Advice On International Fraud Awareness Week - Information Security Buzz
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
Impersonation Attacks
42,000 sites used to trap users in brand impersonation scheme (bleepingcomputer.com)
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
2022 holiday DDoS protection guide - Microsoft Security Blog
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Cloud/SaaS
Cloud data protection trends you need to be aware of - Help Net Security
Cyber security implications of using public cloud platforms - Help Net Security
Evolving Security for Government Multiclouds (darkreading.com)
Encryption
Why companies can no longer hide keys under the doormat - Help Net Security
Quantum Cryptography Apocalypse: A Timeline and Action Plan (darkreading.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Advertising giant warns clients to stay off Twitter (telegraph.co.uk)
Meta keeps booting small-business owners for being hacked on Facebook | Ars Technica
Guinness, Cadbury’s and Nissan told to avoid ‘toxic’ and ‘dangerous’ Twitter (telegraph.co.uk)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Electronics repair technicians snoop on your data - Help Net Security
Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location (thehackernews.com)
Security firms hijack New York trees to monitor workers • The Register
Governance, Risk and Compliance
Careers, Working in Cyber and Information Security
Cyber security jobs: Five ways to help you build your career | ZDNET
Google cloud wants CISOs to do more about diversity • The Register
Amazon poaches top National Cyber Security Centre exec Levy | Business News | Sky News
Law Enforcement Action and Take Downs
Zeus Botnet Suspected Leader Arrested in Geneva - Infosecurity Magazine (infosecurity-magazine.com)
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Police dismantle pirated TV streaming network with 500,000 users (bleepingcomputer.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Chinese hackers target government agencies and defence orgs (bleepingcomputer.com)
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
COP27 Delegates Given Burner Phones To Combat Spying - Information Security Buzz
Avast details Worok espionage group's compromise chain - Security Affairs
Biden set to approve expansive authorities for Pentagon to carry out cyber operations - CyberScoop
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Europe’s spyware scandal is a global wakeup call. (slate.com)
Koch-funded group sues US state over mobile 'spyware' • The Register
Nation State Actors
Nation State Actors – Russia
UK Banks Bolstering Defences As Russian Cyber Threat Rises - Information Security Buzz
EXCLUSIVE Russian software disguised as American finds its way into U.S. Army, CDC apps | Reuters
Pro-Russian hackers claim cyber attack on FBI website: Report | Fox News
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Nation State Actors – China
China playing ‘long game’ as it co-opts UK assets, warns MI5 chief | Financial Times (ft.com)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Chinese Cyber espionage Group 'Billbug' Targets Certificate Authority | SecurityWeek.Com
Previously undetected Earth Longzhi APT is a subgroup of APT41 - Security Affairs
Rishi Sunak to hold surprise meeting with Chinese president at G20 | Financial Times (ft.com)
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
State-sponsored hackers in China compromise certificate authority | Ars Technica
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide (thehackernews.com)
Reports of Chinese police stations in US worry FBI - BBC News
Nation State Actors – North Korea
Nation State Actors – Iran
US govt: Iranian hackers breached federal agency using Log4Shell exploit (bleepingcomputer.com)
CISA: Iranian APT actors compromised federal network (techtarget.com)
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j | SecurityWeek.Com
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Microsoft Office lets hackers execute arbitrary code, update now | TechRadar
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says (darkreading.com)
Exploit released for actively abused ProxyNotShell Exchange bug (bleepingcomputer.com)
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ (bleepingcomputer.com)
Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com
Firefox 107 Patches High-Impact Vulnerabilities | SecurityWeek.Com
Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data (darkreading.com)
Mastodon users vulnerable to password-stealing attacks | The Daily Swig (portswigger.net)
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (thehackernews.com)
Tools and Controls
Reports Published in the Last Week
Other News
Cyber Resilience: The New Strategy to Cope With Increased Threats | SecurityWeek.Com
The 4 horsemen of the cyber security apocalypse | Security Magazine
The Top Five Cyber security Trends of 2023: KnowBe4 Makes Its Predictions - MSSP Alert
Build a mature approach for better cyber security vendor evaluation | CSO Online
Almost half of customers have left a vendor due to poor digital trust: Report | CSO Online
Global 2000 companies failing to adopt key domain security measures | CSO Online
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Repair technicians caught snooping on customer data • The Register
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 September 2022
Black Arrow Cyber Threat Briefing 30 September 2022:
-UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
-Cyber Criminals See Allure in BEC Attacks Over Ransomware
-Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
-Global Firms Deal with 51 Security Incidents Each Day
-Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
-Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack?
-Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
-More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
-How To Outsmart Increasingly Complex Cyber Attacks
-Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
-Cyber Threats Top Business Leaders' Biggest Concerns
-Fired Admin Cripples Former Employer's Network Using Old Credentials
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House last week came just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyber attacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.
Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyber space – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.”
Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.
Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security in light of the situation in Ukraine. “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.
In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organisations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.
Cyber Criminals See Allure in BEC Attacks Over Ransomware
While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organisations.
BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022. That's according to Arctic Wolf's "1H 2022 Incident Response Insights" report, published on 29 September, which found that specific industries — including financial, insurance, business services, and law firms, as well as government agencies — experienced more than double their previous number of cases, the company said.
Overall, the number of BEC attacks encountered per email box has grown by 84% in the first half of 2022, according to data from cyber security firm Abnormal Security.
Meanwhile, so far this year, threat reports released by organisations have revealed contradictory trends for ransomware. Arctic Wolf and the Identity Theft Resource Center (ITRC) have seen drops in the number of successful ransomware attacks, while business customers seem to be encountering ransomware less often, according to security firm Trellix. At the same time, network security firm WatchGuard had a contrary take, noting that its detection of ransomware attacks skyrocketed 80% in the first quarter of 2022, compared with all of last year.
The surging state of BEC landscape is unsurprising because BEC attacks offer cyber criminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress. Threat actors are unfortunately very opportunistic.
For that reason, BEC — which uses social engineering and internal systems to steal funds from businesses — continues to be a stronger source of revenue for cyber criminals. In 2021, BEC attacks accounted for 35%, or $2.4 billion, of the $6.9 billion in potential losses tracked by the FBI's Internet Crime Complaint Center (IC3), while ransomware remained a small fraction (0.7%) of the total.
https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware
Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
A new survey of 300 ethical hackers provides insight into not only the most common means of initial access, but how a complete end-to-end attack happens.
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.
The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organisations, with different levels of experience and specialisations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.
The survey highlights the need for organisations to improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly improve the success rate and speed of attack.
When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour.
Global Firms Deal with 51 Security Incidents Each Day
Security operations (SecOps) teams are struggling to respond to dozens of cyber security incidents every single day, according to a new report from Trellix.
The security vendor polled 9000 security decision makers from organisations with 500+ employees across 15 markets to compile its latest study, ‘XDR: Redefining the future of cyber security’.
It found that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed that they are “inundated by a never-ending stream of cyber-attacks.”
Part of the problem is the siloed nature of security and detection and response systems, the study claimed. Some 60% of respondents argued that poorly integrated products mean teams can’t work efficiently, while a third (34%) admitted they have blind spots. It’s perhaps no surprise, therefore, that 60% admitted they can’t keep pace with the rapid evolution of security threats.
This could be having a major impact on the bottom line. The vast majority (84%) of security decision makers that Trellix spoke to estimated that their organisation lost up to 10% of revenue from security breaches in the past year.
Medium size businesses ($50–$100m in revenue) lost an average of 8% in revenue, versus 5% for large businesses with a turnover of $10bn–$25bn. That could mean hundreds of millions of dollars are being thrown away each year due to inadequate SecOps.
https://www.infosecurity-magazine.com/news/global-firms-51-security-incidents/
Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
Last quarter saw a record-shattering number of observed phishing attacks, fuelled in large part by attempts to target users on their mobile devices.
The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.
The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.
But much of the rise in phishing volume is due to a new threat actor focus on mobile devices, specifically vishing (voice phishing) and smishing (SMS phishing) attacks, the report noted.
https://www.darkreading.com/attacks-breaches/phishing-attacks-crushed-records-last-quarter
Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack
According to new data from Databarracks, 44% of the organisations who experienced a ransomware assault paid the demanded ransom. 22% made use of ransomware decryption software, while 34% restored data from backups.
The Databarracks 2022 Data Health Check produced the results. The annual report has been collecting data on ransomware, cyber, backup, disaster recovery, and business continuity from more than 400 UK IT decision-makers since 2008.
From the victim’s standpoint, it’s logical why you may pay a ransom. You are unable to handle orders or provide customer support, and losses mount swiftly. Downtime expenses can easily surpass the ransom.
Organisations may believe that paying the ransom will solve the issue more quickly, allowing them to resume operations as usual. This strategy is faulty for a number of causes.
First of all, there is no assurance that your data will be returned. Second, once criminals know an organisation is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, you are assisting the crooks by demonstrating that their strategies are effective.
Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cyber security specialist Hornetsecurity.
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.
Cyber attacks are happening more frequently. Last year's ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.
Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. The survey shows that many in the IT community have a false sense of security as bad actors develop new techniques.
The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.
Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyber attack.
In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.
More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
A recent survey from machine identity solutions provider Venafi aimed to explore the complexity of cloud environments and the resulting impact on cyber security.
Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.
Twenty-four percent of the firms have more than 10,000 employees. Ninety-two percent of the SDMs are at manager level or above, with 49% at c-suite level or higher.
Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.
The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.
Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorised access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).
Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues such as those from GDPR (31%), unauthorised access (28%), and nation state attacks (26%).
https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise
How To Outsmart Increasingly Complex Cyber Attacks
Threat detection is harder today than it was two years ago. Next year will be harder than this year. Why? It’s a compounding effect from skills shortages and threat varieties that’s making it more challenging for any one product to handle key security wins. And cyber security is a constantly evolving sector with 2022 a devastating year for cyber security. Both hackers and security experts are always in a battle to outsmart each other.
Even for businesses with good IT departments, data protection can too quickly become an afterthought. Today’s threat landscape is growing, not just in the frequency of attacks (and the number of high-profile breaches recorded in the media) but so is the complexity of any given threat. A recent piece of research found that in 93 percent of cases, an external attacker can breach an organisation’s network perimeter and gain access to local network resources. Following increasing levels of cyber-attacks, it’s a case of “not if I will be hit by a ransomware attack,” but “when…” Organisations need to do something to mitigate the risk and protect their businesses, and they need to do it now.
Planning and executing a better defence to outsmart attackers and win more security battles doesn’t have to feel like a military operation – but it does require the right service coverage to remove blind spots and reduce emerging risks before they escalate.
https://informationsecuritybuzz.com/articles/how-to-outsmart-increasingly-complex-cyber-attacks/
Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
Fortifying cyber security defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA.
While a majority of respondents in each of seven geographic regions feels that their company’s cyber security is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.
“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, VP of industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cyber security. Risk mitigation is the key, the filter through which everything should be viewed.”
Two of the top three issues driving cyber security considerations are the growing volume of cyber criminals, cited by 48% of respondents, and the growing variety of cyber attacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cyber security, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cyber security.”
As cyber security is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy.
https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/
Cyber Threats Top Business Leaders' Biggest Concerns
Cyber threats are the number one concern for business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers. The firm polled over 1200 business leaders to compile its 2022 Travelers Risk Index report.
This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organisation is inevitable. A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.
The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.
However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organisation’s security posture.
Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%). Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access. This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.
Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions.
Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.
https://www.infosecurity-magazine.com/news/cyberthreats-top-business-big/
Fired Admin Cripples Former Employer's Network Using Old Credentials
After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.
Casey K Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract. The US Department of Justice says in a press release that the defendant pled guilty to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.
To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel. In the end, the victimised company learned who was responsible for the sabotage after reporting the cyber security incident to the FBI.
Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.
While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.
Threats
Ransomware and Extortion
Ransomware data theft tool may show a shift in extortion tactics (bleepingcomputer.com)
The various ways ransomware impacts your organization - Help Net Security
New Royal Ransomware emerges in multi-million dollar attacks (bleepingcomputer.com)
Research: 20% of All Reported Ransomware Attacks Occurred in the Last 12 Months - MSSP Alert
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (thehackernews.com)
Noberus ransomware gets info-stealing upgrades • The Register
SQL Server admins warned to watch for Fargo ransomware • The Register
BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (darkreading.com)
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (bleepingcomputer.com)
NCC Group: IceFire ransomware gang ramping up attacks (techtarget.com)
MS SQL servers are getting hacked to deliver ransomware to orgs - Help Net Security
Hackers Leak French Hospital Patient Data in Ransom Fight | SecurityWeek.Com
Oxford Health: Cyber attack continues to hit NHS trust's services - BBC News
LA School District Ransomware Attackers Now Threaten to Leak Stolen Data (darkreading.com)
Phishing & Email Based Attacks
Fake US govt job offers push Cobalt Strike in phishing attacks (bleepingcomputer.com)
Germany arrests hacker for stealing €4 million via phishing attacks (bleepingcomputer.com)
Capital One Phish Showcases Growing Bank-Brand Targeting Trend (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
How cyber criminals use public online and offline data to target employees | CSO Online
Beware Revolut frozen card scams sent via SMS text • Graham Cluley
IRS warns Americans of massive rise in SMS phishing attacks (bleepingcomputer.com)
Malware
Office exploits continue to spread more than any other category of malware - Help Net Security
This credit card-stealing malware is spreading like wildfire | Digital Trends
Hacking group hides backdoor malware inside Windows logo image (bleepingcomputer.com)
Hackers now sharing cracked Brute Ratel post-exploitation kit online (bleepingcomputer.com)
Cobalt Strike malware campaign targets job seekers (techtarget.com)
New Botnet 'Chaos' Targeting Linux, Windows Systems (informationsecuritybuzz.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Quantum Builder tool helps criminals spread Windows RATs • The Register
Unit 42 finds polyglot files delivering IcedID malware (techtarget.com)
Hackers use PowerPoint files for 'mouseover' malware delivery (bleepingcomputer.com)
Does AI-powered malware exist in the wild? Not yet (techtarget.com)
New Erbium password-stealing malware spreads as game cracks, cheats (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Mobile
WhatsApp 0-Day Bug Let Hackers Execute an Arbitary Code Remotely (gbhackers.com)
Adware on Google Play and Apple Store installed 13 million times (bleepingcomputer.com)
Samsung facing class action suit after customer data leak • The Register
Inside a cyber attack method that targets your cellphone - The Washington Post
Internet of Things – IoT
Data Breaches/Leaks
Watchfinder warns customers that hackers stole their data • Graham Cluley
Shangri-La hotels Customer Database Hacked | SecurityWeek.Com
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (thehackernews.com)
Australia government wants Optus to pay for data breach | ZDNET
Organised Crime & Criminal Actors
Ukraine Arrests Cyber Crime Group for Selling Data of 30 Million Accounts (thehackernews.com)
New hacking group ‘Metador’ lurking in ISP networks for months (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scams targeting crypto enthusiasts are becoming increasingly common - Help Net Security
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cyber sleuth alleges $160M Wintermute hack was an inside job (cointelegraph.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Identities Stolen From 1 In 4 Internet Users (informationsecuritybuzz.com)
Fake Sites Siphon Millions of Dollars in 3-Year Scam (darkreading.com)
Here’s how crooks are using deepfakes to scam your biz • The Register
Deepfakes
Reshaping the Threat Landscape: Deepfake Cyber attacks Are Here (darkreading.com)
The deepfake danger: When it wasn’t you on that Zoom call | CSO Online
Software Supply Chain
Denial of Service DoS/DDoS
Hackers are making DDoS attacks sneakier and harder to protect against | ZDNET
UK's MI5 website briefly hit by denial of service attack - BBC | Reuters
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cloud/SaaS
Cloud security trends: What makes cloud infrastructure vulnerable to threats? - Help Net Security
81% of Companies Suffered A Cloud Security Incident Last Year – (informationsecuritybuzz.com)
What Lurks in the Shadows of Cloud Security? (darkreading.com)
Open Source
Open source projects under attack, with enterprises as the ultimate targets - Help Net Security
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Numerous orgs hacked after installing weaponized open source apps | Ars Technica
Passwords, Credential Stuffing & Brute Force Attacks
The Country Where You Live Impacts Password Choices (darkreading.com)
Five Steps to Mitigate the Risk of Credential Exposure (thehackernews.com)
Social Media
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
Ofcom chair says tech firms must prioritise safety alongside clicks | Ofcom | The Guardian
UK may fine TikTok $29 million for failing to protect children's privacy | Reuters
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows | SecurityWeek.Com
Mystery hackers are “hyperjacking” targets for insidious spying | Ars Technica
Cyber espionage group developed backdoors tailored for VMware ESXi hypervisors | CSO Online
Taiwanese citizens prepare for possible cyber war (axios.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (thehackernews.com)
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Meta dismantles massive Russian network spoofing Western news sites (bleepingcomputer.com)
Nation State Actors – China
Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks | SecurityWeek.Com
China’s infosec researchers may have dodged vuln report ban` • The Register
Nation State Actors – North Korea
Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings (darkreading.com)
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerabilities
Exchange Server zero-day being actively exploited • The Register
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet (darkreading.com)
Cisco Patches High-Severity Vulnerabilities in Networking Software | SecurityWeek.Com
Sophos fixes critical code injection bug under exploit • The Register
Zoho ManageEngine flaw is actively exploited, CISA warns | CSO Online
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Google Quashes 5 High-Severity Bugs With Chrome 106 Update (darkreading.com)
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (thehackernews.com)
Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws | WIRED
Reports Published in the Last Week
Other News
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks | SecurityWeek.Com
Poll Of IT Security Pros Suggests Gaps In UK Cyber Defence (informationsecuritybuzz.com)
Why Organisations Need Both EDR and NDR for Complete Network Protection (thehackernews.com)
Lessons From the GitHub Cyber Security Breach (darkreading.com)
Data security trends: 7 statistics you need to know - Help Net Security
Why does a Legacy WAF Fail to “Catch” Sophisticated Attacks? (informationsecuritybuzz.com)
Akamai finds 13 million malicious newly observed domains a month | SC Media (scmagazine.com)
Opinion | The Uber Hack Exposes More Than Failed Data Security - The New York Times (nytimes.com)
Cyber security Study Sees “Siloed” Security As Organisational Weak Spot - MSSP Alert
3 types of attack paths in Microsoft Active Directory environments - Help Net Security
97% of enterprises say VPNs are prone to cyber attacks: Study | CSO Online
65% of companies are considering adopting VPN alternatives - Help Net Security
Spoofing cyber attack can make cameras see things that aren’t there | New Scientist
Zero Trust is the Goal But Much Ground Yet to Cover, CompTIA Reports - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.