Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching

A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.

This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.

Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]

67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.

A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.

The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Source: [Security Intelligence]

Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.

Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]

The Generative AI War Between Companies and Hackers is Starting

To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.

A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.

Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.

Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]

Spend to Save: The CFO’s Guide to Cyber Security Investment

As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.

The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.

It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.

Source: [Security Intelligence]

Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.

There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.

Source [CSO Online]

How the Talent Shortage Impacts Cyber Security Leadership

The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.

Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.

The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.

Source: [Security Intelligence]

Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.

Source: [Security Brief]

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.

While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.

Sources: [RUSI] [Dark Reading]

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.

"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."

Source: [TheHackerNews]

66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.

In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.

Source: [ITSecurityWire]

UK legal Sector at Risk, National Cyber Security Centre Warns

Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.

The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.

Sources: [Todays Conveyancer] [Infosecurity Magazine]

Startups Should Move Fast and Remember Cyber Security

The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.

The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.

Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]

Governance, Risk and Compliance

• Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Global Lawyers Unveil Cyber Best Practices for Execs - Infosecurity Magazine (infosecurity-magazine.com)

• From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Companies make strides in cyber defence and resilience amid escalating cyber threats: Aon - Reinsurance News

• Data Security Can Make Or Break Your Business (forbes.com)

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• CISOs Need Backing to Take Charge of Security (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

• The State Of Cyber security – Outlook And Challenges For 2023 And Beyond (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 67% of data breaches start with a single click - Help Net Security

• 1 in 100 emails is malicious - Help Net Security

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• The race against time in ransomware attacks - Help Net Security

• As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)

• Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report (malwarebytes.com)

• Ransomware gang increases attacks on insecure MSSQL servers | CSO Online

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber criminals pivot away from ransomware encryption | Computer Weekly

• Food manufacturers top three for ransomware attacks

• Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• 2023 State of Ransomware | Malwarebytes

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

Ransomware Victims

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)

• Scottish university UWS targeted by cyber attackers - BBC News

• Tempur Sealy isolated tech system to contain cyber burglary • The Register

• US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)

Phishing & Email Based Attacks

• 1 in 100 emails is malicious - Help Net Security

• 67% of data breaches start with a single click - Help Net Security

• Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)

• Emerging Cyber security Threat: How Google AMP Phishing Attacks Are Bypassing Email Security Measures (informationsecuritybuzz.com)

BEC – Business Email Compromise

• 1 in 100 emails is malicious - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• UK calls artificial intelligence a “chronic risk” to its national security | CSO Online

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)

• Intersection of generative AI, cyber security and digital trust | TechTarget

• Hackers are using AI to create vicious malware, says FBI | Digital Trends

• The generative A.I. war between companies and hackers is starting (cnbc.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Think tank wants monitoring of China's AI-enabled products • The Register

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Deputy National Security Advisor Anne Neuberger on addressing the security threats of AI | CyberScoop

• Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica

• Organisations want stronger AI regulation amid growing concerns - Help Net Security

• AI-enhanced images a ‘threat to democratic processes’, experts warn | Artificial intelligence (AI) | The Guardian

Malware

• Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)

• Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)

• IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

• New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)

• New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security

• Cyber criminals Renting WikiLoader to Target Italian Organisations with Banking Trojan (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)

• Hackers can gain complete control over your Mac with this new dark web hacking tool | Tom's Guide (tomsguide.com)

• Threat Actors Use AWS SSM Agent as a Remote Access Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• OT/IoT Malware Surges Tenfold in First Half of the Year - Infosecurity Magazine (infosecurity-magazine.com)

• CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)

Mobile

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)

• New smartphone vulnerability could allow hackers to track user location (techxplore.com)

• Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

• SpyNote Android Spyware Strikes Financial Institutions - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners (thehackernews.com)

Botnets

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

Denial of Service/DoS/DDOS

• Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)

• Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• "Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)

Internet of Things – IoT

• Canon warns of Wi-Fi security risks when discarding inkjet printers (bleepingcomputer.com)

Data Breaches/Leaks

• Cyber security breaches exposed 146 million records - ITSecurityWire

• Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)

• Pentagon hit by ‘critical compromise’ of US air force communications – report | US military | The Guardian

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Been Hacked? These are Your Next Steps | Entrepreneur

• Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)

• NI Executive Office and Patient and Client Council rapped for data breach risks | BelfastTelegraph.co.uk

• Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)

Organised Crime & Criminal Actors

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• How Hackers Trick You With Basic Sales Techniques (makeuseof.com)

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register

Insider Risk and Insider Threats

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• US military battling cyber threats from within and without • The Register

Deepfakes

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

Insurance

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

Dark Web

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

Supply Chain and Third Parties

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

Software Supply Chain

• Lessons Not Learned From Software Supply Chain Attacks (darkreading.com)

Cloud/SaaS

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

• Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop

Identity and Access Management

• The gap in users' identity security knowledge gives cyber criminals an opening - Help Net Security

Encryption

• Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)

• SCARF cipher sets new standards in protecting sensitive data - Help Net Security

• Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post

Open Source

• Open-source security challenges and complexities - Help Net Security

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Retail chain Hot Topic discloses wave of credential-stuffing attacks (bleepingcomputer.com)

Biometrics

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

Social Media

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• Social media giants on notice over foreign cyber threat (themandarin.com.au)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Instagram Flags AI-Generated Content (darkreading.com)

Travel

• Never share boarding passes online, cyber security experts warn travellers - NZ Herald

Regulations, Fines and Legislation

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)

• CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch

• What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget

• Why the California Delete Act Matters (darkreading.com)

• Organizations want stronger AI regulation amid growing concerns - Help Net Security

• Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)

• Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra

Models, Frameworks and Standards

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru

• What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek

• Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru

• White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)

• Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW

Law Enforcement Action and Take Downs

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

• FBI: Without Section 702, we can't ID cyber criminals • The Register

Privacy, Surveillance and Mass Monitoring

• Home Office plans new national police ‘facial-matching’ service after signing £50m deal for biometrics platform – PublicTechnology

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica

• Tor’s shadowy reputation will only end if we all use it | Engadget

• Delivering privacy in a world of pervasive digital surveillance: Tor Project's Executive Director speaks out - Help Net Security

• After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats (thehackernews.com)

• BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)

• Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures (thehackernews.com)

• Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)

• Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent

• Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

China

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica

• US senator victim-blames Microsoft for Chinese hack • The Register

• Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

• Think tank wants monitoring of China's AI-enabled products • The Register

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• US military battling cyber threats from within and without • The Register

Iran

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

• Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)

North Korea

• STARK#MULE Targets Koreans with US Military-themed Document Lures (thehackernews.com)

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

Misc/Other/Unknown

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Kaspersky unveils latest APT trends for Q2 | Media OutReach Newswire (media-outreach.com)

Vulnerability Management

• Relying on CVSS alone is risky for vulnerability management - Help Net Security

• Top 12 vulnerabilities list highlights troubling reality: many organizations still aren't patching | CyberScoop

• Old vulnerabilities, major vendors dominate list of most-exploited flaws of 2022 | SC Media (scmagazine.com)

• In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues - Security Affairs

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022 > National Security Agency/Central Security Service > Press Release View

• What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)

• Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)

• Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica

Vulnerabilities

• Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek

• Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)

• New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs

• Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek

• Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK

• US fears attacks will continue against Ivanti MDM installs • The Register

• Cisco Talos Discusses Flaws in SOHO Routers Post-VPNFilter - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)

• Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)

• Firefox 116: improved upload performance and security fixes - gHacks Tech News

• Oracle Critical Patch Update Advisory - July 2023

• Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop

Tools and Controls

• Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek

• Data stolen from millions via missing web app access checks • The Register

• Keeping the cloud secure with a mindset shift - Help Net Security

• Strengthening security in a multi-SaaS cloud environment | TechCrunch

• 5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)

• AI has a place in cyber, but needs effective evaluation | Computer Weekly

• Top 5 benefits of SASE to enhance network security | TechTarget

• MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert

• 4 Generative AI Security Benefits (trendmicro.com)

• What is Data Security Posture Management (DSPM)? (thehackernews.com)

• Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)

• What is an ISMS (Information Security Management System)? | UpGuard

• VPNs remain a risky gamble for remote access - Help Net Security

• Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Reports Published in the Last Week

• 2023 State of Ransomware | Malwarebytes

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

Other News

• The top 6 cyber security incidents in July 2023 (cshub.com)

• UK legal sector at risk, National Cyber Security Centre warns | Today's Conveyancer (todaysconveyancer.co.uk)

• UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)

• How local governments can combat cyber crime - Help Net Security

• Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)

• Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)

• Cyber Attacks Targeting Government Agencies Increase 40% - Infosecurity Magazine (infosecurity-magazine.com)

• BPP targeted in cyber attack - Legal Cheek

• Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)

• Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek

• New Study Reveals Forged Certificate Attack Risks - Infosecurity Magazine (infosecurity-magazine.com)

• 80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

• Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

• Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

• Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

• Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

• Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

• Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

• Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

• Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

• Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

• Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

• Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023

Governance, Risk and Compliance

• Data Breaches Cost Businesses $4.5M on Average (darkreading.com)

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• Why Today's CISOs Must Embrace Change (darkreading.com)

• Enterprises should layer-up security to avoid legal repercussions - Help Net Security

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Explaining risk maturity models and how they work | TechTarget

• Why cyber security should be part of your ESG strategy | Computer Weekly

• The old “trust but verify” adage should be the motto for every CISO | CSO Online

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security

• The critical cyber security backup plan too many companies are ignoring (cnbc.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

• Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• 4 Cyber security Budget Management Tips (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)

• MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)

• Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Millions of people's healthcare files accessed by Clop gang • The Register

• Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek

• Ransomware Spotlight: Play - Security News (trendmicro.com)

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

• Risk & Repeat: Are data extortion attacks ransomware? | TechTarget

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

• Education Sector Has Highest Ransomware Victim Count - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: Sophos says most universities pay | Times Higher Education (THE)

Ransomware Victims

• PwC has data leaked on the clear web - Cyber Security Connect

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Millions of people's healthcare files accessed by Clop gang • The Register

• Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek

• Another Cl0p victim goes public | Cybernews

• Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)

Phishing & Email Based Attacks

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Critical Infrastructure Workers More Likely to Detect and Report Phishing and Malicious Emails, Study Finds - MSSP Alert

BEC – Business Email Compromise

• Repeatable VEC Attacks Target Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The Dark Side of AI (darkreading.com)

• Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security

• UN Security Council to hold first talks on AI risks | Reuters

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)

• Lots of sensitive data is still being posted to ChatGPT | TechRadar

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• The Good, the Bad and the Ugly of Generative AI - SecurityWeek

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• Intel's deepfake detector tested on real and fake videos - BBC News

• Are AI-Engineered Threats FUD or Reality? (darkreading.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Malware

• Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)

• Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)

• The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)

• Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets (thehackernews.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)

• Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security

Mobile

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch

• 5 steps to approach BYOD compliance policies | TechTarget

Botnets

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

Denial of Service/DoS/DDOS

• Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

BYOD

• 5 steps to approach BYOD compliance policies | TechTarget

Internet of Things – IoT

• Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)

• Microsoft previews  Defender for IoT firmware analysis service (bleepingcomputer.com)

• Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek

Data Breaches/Leaks

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Capita breach class action nears 1,000 sign-ups • The Register

• VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• NATO investigating apparent breach of unclassified information sharing platform | CyberScoop

• Tampa General Hospital Data Breach Impacts 1.2 Million Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Australian Home Affairs cyber survey exposed personal data of participating firms | Data and computer security | The Guardian

• Data Breach Costs Hit Record High but Fall For Some - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker Claims to Have Stolen Sensitive Medical Records from Egypt's Ministry of Health - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs

• Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)

Organised Crime & Criminal Actors

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptojacking soars as cyber attacks increase, diversify - Help Net Security

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Cryptojacking: Understanding and defending against cloud compute resource abuse | Microsoft Security Blog

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers demand more from businesses when it comes to security - Help Net Security

• CISOs gear up to combat the rising threat of B2B fraud - Help Net Security

• Booz Allen Pays $377m to Settle Government Fraud Case - Infosecurity Magazine (infosecurity-magazine.com)

• MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian

Insurance

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal

Dark Web

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Supply Chain and Third Parties

• Capita breach class action nears 1,000 sign-ups • The Register

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• Strengthening the weakest links in the digital supply chain - Help Net Security

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Two ambulance services in UK lost access to patient records after a cyber attack on software provider - Security Affairs

Cloud/SaaS

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Shadow IT

• NCSC Publishes New Guidance on Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• The UK Government Is Very Close To Eroding Encryption Worldwide  | Electronic Frontier Foundation (eff.org)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)

• Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)

API

• Reining in API sprawl | TechCrunch

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

Open Source

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA: Most cyber attacks on gov’ts, critical infrastructure involve valid credentials (therecord.media)

Social Media

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Training, Education and Awareness

• Why are computer security guidelines so confusing? - Help Net Security

Travel

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

Parental Controls and Child Safety

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Regulations, Fines and Legislation

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• EU Agrees On Common Position For Cyber Resilience Act To Enhance Security Of Digital Products (informationsecuritybuzz.com)

Data Protection

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

Careers, Working in Cyber and Information Security

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• UK Government Report Finds Cyber security Skills Gap Stagnant - Infosecurity Magazine (infosecurity-magazine.com)

• Bridging the cyber security skills gap through cyber range training - Help Net Security

• Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security

Law Enforcement Action and Take Downs

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

Privacy, Surveillance and Mass Monitoring

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)

Misinformation, Disinformation and Propaganda

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

• Russian court jails cyber security executive for 14 years in treason case | Reuters

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

• 69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica

China

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• The Chinese groups accused of hacking the US and others | Reuters

• Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek

• China’s Wuhan Earthquake Center Suffers Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• North Korean Cyber spies Target GitHub Developers (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports - Infosecurity Magazine (infosecurity-magazine.com)

Misc/Other/Unknown

• Advanced Persistent Threats (APTs): Detection and Mitigation (blueteamresources.in)

• Part 1: Historic To 2022 – The APT And Logical Threats (informationsecuritybuzz.com)

Vulnerability Management

• Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget

• CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)

• Want to live dangerously? Try running Windows XP in 2023 • The Register

• A step-by-step guide for patching software vulnerabilities - Help Net Security

Vulnerabilities

• Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek

• A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs

• Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)

• Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 - Security Affairs

• NetScaler RCE bug abused to pilfer critical infrastructure Active Directory data | SC Media (scmagazine.com)

• Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)

• Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)

• Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)

• VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)

• Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

• Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks (thehackernews.com)

• Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)

• Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)

• Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)

• Critical Flaws Found in Microsoft Message Queuing Service - Infosecurity Magazine (infosecurity-magazine.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• Study reveals silent Python package security fixes • The Register

• Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)

• VMware Patches Vulnerability Exposing Admin Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

• Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)

• WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)

• Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs

Tools and Controls

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Why cyber security should be part of your ESG strategy | Computer Weekly

• Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)

• Explaining risk maturity models and how they work | TechTarget

• Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)

• Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)

• Zero trust rated as highly effective by businesses worldwide - Help Net Security

• 50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)

• Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)

• Why are computer security guidelines so confusing? - Help Net Security

• Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• Shaping the future of digital identity - Help Net Security

• How to Put the Sec in DevSecOps (darkreading.com)

• Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)

• How Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats | Microsoft Security Blog

• Converging networking and security with SASE - Help Net Security

• 5 steps to approach BYOD compliance policies | TechTarget

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)

• Key factors for effective security automation - Help Net Security

• Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• CISOs consider zero trust a hot security ticket - Help Net Security

• How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)

• 4 Cyber security Budget Management Tips (trendmicro.com)

Reports Published in the Last Week

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• Cost of a data breach 2023 | IBM

• Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu)

• Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE

Other News

• Maritime Cyber attack Database Launched by Dutch University - SecurityWeek

• Google’s new security pilot program will ban employee Internet access | Ars Technica

• Inspiring secure coding: Strategies to encourage developers' continuous improvement - Help Net Security

• macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• Cyber crime as a Public Health Crisis (darkreading.com)

• 7 in 10 MSPs Name Data Security and Network Security As Their Top IT Priorities for 2023 (darkreading.com)

• TETRA Radio Code Encryption Has a Flaw: A Backdoor | WIRED

• World's most internetty firm tries life off the net • The Register

• Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)

• How do companies protect customer data? | TechTarget

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key

Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.

Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.

Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.

https://www.forbes.com/sites/deloitte/2023/04/20/navigating-the-future-of-cyber-business-strategy-cybersecurity-training-and-digital-transformation-are-key/?sh=1ab15c2c29c1

• Shadow IT, SaaS Pose Security Liability for Enterprises

There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.

A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.

To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.

https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises

• The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.

According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.

https://www.csoonline.com/article/3693754/the-strong-link-between-cyber-threat-intelligence-and-digital-risk-protection.html

• Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.

The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.

https://www.csoonline.com/article/3693260/weak-credentials-unpatched-vulnerabilities-malicious-oss-packages-causing-cloud-security-risks.html

• Over 70 Billion Unprotected Files Available on Unsecured Web Servers

A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.

The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.

Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.

https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/

• Cyber Thieves Are Getting More Creative

Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.

Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.

https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative

• Modernising Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.

Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.

As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.

https://thehackernews.com/2023/04/modernizing-vulnerability-management.html

• Two-thirds of Cyber Attacks Involve Ransomware

A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.

https://www.computerweekly.com/news/365535467/Almost-three-quarters-of-cyber-attacks-involve-ransomware

• Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).

Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.

https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/

• NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.

Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.

https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/

• Email Threat Report 2023: Key Takeaways

According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.

With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.

https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/

• 5 Most Dangerous New Attack Techniques

Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.

The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.

https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html  

• Many Public Salesforce Sites are Leaking Private Data

A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.

It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.

https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

Threats

Ransomware, Extortion and Destructive Attacks

• New coercive tactics used to extort ransomware payments - Help Net Security

• Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached - IT Governance UK Blog

• Russian hackers exfiltrated data from from Capita over a week before outage | by Kevin Beaumont | Apr, 2023 | DoublePulsar

• Almost three-quarters of cyber attacks involve ransomware | Computer Weekly

• #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

• Effects of the Hive Ransomware Group Takedown (darkreading.com)

• Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware | CyberScoop

• Tank storage company Vopak hacked, Ransomware groups report | NL Times

• Health insurer Point32Health suffered a ransomware attack-Security Affairs

• Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser

• US Navy Contractor Fincantieri Marine Group Hit by Cyber-attack - Infosecurity Magazine (infosecurity-magazine.com)

• Arnold Clark braced for cyber payout (thetimes.co.uk)

• RSAC speaker offers ransomware victims unconventional advice | TechTarget

• How ransomware victims can make the best of a bad situation | TechTarget

• Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)

• Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• CommScope employees left in the dark after ransomware attack | TechCrunch

Phishing & Email Based Attacks

• Email Threat Report 2023: Key Takeaways - IT Security Guru

• How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security

• The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)

BEC – Business Email Compromise

• WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)

2FA/MFA

• CrowdStrike details new MFA bypass, credential theft attack | TechTarget

• Phishing-resistant MFA shapes the future of authentication forms - Help Net Security

Malware

• Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)

• EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)

• Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)

• This evil malware disables your security software, then goes in for the kill | TechRadar

• Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)

• A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED

• Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity

• Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)

• Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

Mobile

• WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)

• 35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)

Botnets

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com)

Denial of Service/DoS/DDOS

• New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)

• Top 15 DDoS Protection Best Practices - Security Boulevard

• 'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)

Internet of Things – IoT

• Government Agencies Release Blueprint for Secure Smart Cities - Infosecurity Magazine (infosecurity-magazine.com)

• TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)

Data Breaches/Leaks

• Over 70 billion unprotected files available on unsecured web servers - Help Net Security

• Many Public Salesforce Sites are Leaking Private Data – Krebs on Security

• American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)

• CFPB Employee Sends 256,000 Consumers' Data to Personal Email - Infosecurity Magazine (infosecurity-magazine.com)

• American Bar Association (ABA) suffered a data breach-Security Affairs

• Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)

• Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)

• Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)

• Vantage Travel Experiences Data Security Incident (darkreading.com)

Organised Crime & Criminal Actors

• The IRS is sending four investigators across the world to fight cyber crime | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

Insider Risk and Insider Threats

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

Fraud, Scams & Financial Crime

• The IRS is sending four investigators across the world to fight cyber crime | TechCrunch

• How Startups Can Take Steps To Prevent Syphoning & Fraud

• US deploys more cyber forces abroad to help fight hackers | Reuters

• The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)

• The true numbers behind deepfake fraud - Help Net Security

• Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

AML/CFT/Sanctions

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

Insurance

• The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)

Dark Web

• Metaverse Version of the Dark Web Could be Nearly Impenetrable (darkreading.com)

Supply Chain and Third Parties

• Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached - IT Governance UK Blog

• Russian hackers exfiltrated data from from Capita over a week before outage | by Kevin Beaumont | Apr, 2023 | DoublePulsar

• At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack - -Security Affairs-Security Affairs

• The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED

• That 3CX supply chain attack keeps getting worse • The Register

• NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop

• North Korean hackers breach software firm in significant cyber attack | CNN Politics

• SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)

• A third-party’s perspective on third-party InfoSec risk management - Help Net Security

Software Supply Chain

• Securing Software Supply Chains Requires Outside-the-Box Thinking - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• 14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

• GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)

• Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)

• How CISOs navigate security and compliance in a multi-cloud world - Help Net Security

• Cloud Complexity Means Bugs Are Missed in Testing - Infosecurity Magazine (infosecurity-magazine.com)

• Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free! (thehackernews.com)

• Security experts found a major bug in Google Cloud | TechRadar

• Most SaaS adopters exposed to browser-borne attacks - Help Net Security

• Cloud-native security metrics for CISOs | TechTarget

• Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)

• Google accounts attacked and hijacked by this devious security flaw | TechRadar

Containers

• Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)

• Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs

• Combating Kubernetes — the Newest IAM Challenge (darkreading.com)

Attack Surface Management

• Over 70 billion unprotected files available on unsecured web servers - Help Net Security

• Study of past cyber attacks can improve organisations' defence strategies - Help Net Security

Shadow IT

• Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)

Identity and Access Management

• Rethinking the effectiveness of current authentication initiatives - Help Net Security

• Combating Kubernetes — the Newest IAM Challenge (darkreading.com)

Open Source

• The double-edged sword of open-source software - Help Net Security

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

• Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security

• The War on Passwords Enters a Chaotic New Phase | WIRED

• A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)

Social Media

• Thousands of Social Media Takedowns Hit People Smugglers - Infosecurity Magazine (infosecurity-magazine.com)

• Metaverse Version of the Dark Web Could be Nearly Impenetrable (darkreading.com)

• Vietnamese Hackers Linked to 'Malverposting' Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)

• 35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)

Training, Education and Awareness

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

Digital Transformation

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Cyber security in Finance: Protecting Your Digital Transformation | CSO Online

Parental Controls and Child Safety

• Tech giants and government have failed to stop child sex abuse online, says Sajid Javid (telegraph.co.uk)

Regulations, Fines and Legislation

• (ISC)2 Urges Countries to Strengthen Collaboration on Cyber security Regulation - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business

• The Tangled Web of IR Strategies (darkreading.com)

• The strong link between cyber threat intelligence and digital risk protection | CSO Online

• Cyber Thieves Are Getting More Creative (hbr.org)

• Organisations are stepping up their game against cyber threats - Help Net Security

• CISOs: unsupported, unheard, and invisible - Help Net Security

• The Relationship Between Security Maturity and Business Enablement | CSO Online

• CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)

• UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)

• Good, Better And Best Security (informationsecuritybuzz.com)

• #RSAC: Organisations Warned About the Latest Attack Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)

• Cloud-native security metrics for CISOs | TechTarget

Models, Frameworks and Standards

• Small Business is a Big Priority: NIST Expands Outreach to the Small Business Community | NIST

• Are you ready for PCI DSS 4.0? - Help Net Security

Careers, Working in Cyber and Information Security

• UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)

• How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)

Law Enforcement Action and Take Downs

• To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop

• US to focus on stifling cyber attacks, not convictions • The Register

• US deploys more cyber forces abroad to help fight hackers | Reuters

• Effects of the Hive Ransomware Group Takedown (darkreading.com)

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Hackers can find your home on Strava even if you use privacy settings, researchers find | Cycling Weekly

• Major US CFPB Data Breach Caused by Employee (darkreading.com)

Artificial Intelligence

• The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)

• From pope’s jacket to napalm recipes: how worrying is AI’s rapid growth? | Artificial intelligence (AI) | The Guardian

• Cyber security Survival: Hide From Adversarial AI (darkreading.com)

• AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)

• 5 most dangerous new attack techniques | CSO Online

• NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED

• The New Risks ChatGPT Poses to Cyber security (hbr.org)

• From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)

• ChatGPT fans need 'defensive mindset' to avoid scammers • The Register

• DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)

• The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)

• Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch

• Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)

• The good, the bad and the generative AI • The Register

• Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• BCS Policy Jam : Cyberwar and Ukraine one year on | BCS

• FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop

• NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop

• #RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official - Infosecurity Magazine (infosecurity-magazine.com)

• UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent

• Eurocontrol says website 'under attack' by pro-Russia crew • The Register

• Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online

• Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)

• CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert

Nation State Actors

• APT Groups Expand Reach to New Industries and Geographies - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek

• North Korean hackers breach software firm in significant cyber attack | CNN Politics

• Western cyber security must advance to counter China's cyber space progress, says NCSC director (computing.co.uk)

• China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)

• NCSC raises alert on cyber threat to infrastructure | UKAuthority

• Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online

• DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)

• At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack - -Security Affairs-Security Affairs

• North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)

• APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)

• Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

• Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor (thehackernews.com)

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)

• US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek

• Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)

• Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline-Security Affairs

• Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)

• Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online

• A component in Huawei network appliances could be used to take down Germany’s telecoms networks-Security Affairs

• Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

• CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert

• Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)

Vulnerability Management

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• Modernizing Vulnerability Management: The Move Toward Exposure Management (thehackernews.com)

• GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch

• Microsoft: Windows 10 22H2 is the final version of Windows 10 (bleepingcomputer.com)

Vulnerabilities

• New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)

• Flaw in Microsoft Process Explorer under active attack • The Register

• Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites (thehackernews.com)

• APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)

• Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)

• Security experts found a major bug in Google Cloud | TechRadar

• TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)

• Mozilla confirms memory leak in Firefox - gHacks Tech News

• SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek

• VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)

• Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks (thehackernews.com)

• Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)

• Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)

• PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek

• New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) | Bitsight

Tools and Controls

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security

• The Tangled Web of IR Strategies (darkreading.com)

• 14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)

• Six Key Considerations When Choosing a Web Application Firewall  - Security Boulevard

• The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)

• Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online

• GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch

• Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge

• The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)

• Rethinking the effectiveness of current authentication initiatives - Help Net Security

• Attack Surface Management Strategies (trendmicro.com)

• Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)

• Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)

• Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators | CSO Online

• CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security

• Generative AI and security: Balancing performance and risk - Help Net Security

• #RSAC: GPT-4 Empowers Cyber security Leaders to Make Smarter Risk Decisions - Infosecurity Magazine (infosecurity-magazine.com)

• SSL vs TLS: Which Should You Be Using? (trendmicro.com)

• CISA aims to reduce email threats with serial CDR prototype | TechTarget

• Top 15 DDoS Protection Best Practices - Security Boulevard

• Threat Actor Names Proliferate, Adding Confusion (darkreading.com)

• AI Dominates RSA as Excitement and Questions Surround its Potential in Cyber security Tooling - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

• Email Threats - Discover the latest trends and stay one step ahead - VIPRE

Other News

• Falling Dwell Time May Be Down to Faster Threat Activity - Infosecurity Magazine (infosecurity-magazine.com)

• The threat from commercial cyber proliferation - NCSC.GOV.UK

• Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)

• Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)

• Attackers are logging in instead of breaking in - Help Net Security

• NCSC unveils data driven cyber security model | UKAuthority

• Hacker Group Names Are Now Absurdly Out of Control | WIRED

• 38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek

• Quad Countries Prepare For Info Sharing on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)

• Threat Actor Names Proliferate, Adding Confusion (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.