Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 26 April 2024

Black Arrow Cyber Threat Intelligence Briefing 26 April 2024:

-Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

-Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

-Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

-Ransomware Double-Dip - Re-Victimisation in Cyber Extortion

-AI is a Major Threat and Many Financial Organisations Are Not Doing Enough to Fight the Threat

-6 out of 10 Businesses Struggle to Manage Cyber Risk

-'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

-Penetration Testing Infrequency Leaves Security Gaps

-Bank Prohibited from Opening New Accounts After Regulators Lose Patience With Poor Cyber Security Governance

-The Psychological Impact of Phishing Attacks on Your Employees

-Where Hackers Find Your Weak Spots

-The Role of Threat Intelligence in Financial Data Protection

-Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities


Tools and Controls



Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 19 April 2024

Black Arrow Cyber Threat Intelligence Briefing 19 April 2024:

-94% of Ransomware Victims Have Their Backups Targeted by Attackers

-Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

-Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

-Your Annual Cyber Security Is Not Working, but There is a Solution

-73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

-Russia and Ukraine Top Inaugural World Cyber Crime Index

-Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

-Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

-The Threat from Inside: 14% Surge in Insider Threats Compared to Previous Year

-Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

-Large Enterprises Experience Breaches, Despite Large Security Stacks - Report Finds 93% of Breaches Lead to Downtime and Data Loss

-Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 January 2024

Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:

-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

-Cyber Insecurity and Misinformation Top WEF Global Risk List

-Why Effective Cyber Security and Risk Management are Crucial for Business Growth

-The Cost of Dealing with a Cyber Attack Doubled Last Year

-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

-Mandiant, SEC Lose Control of X Accounts Without 2FA

-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

-Cyber Security is the Number One Priority for the Financial Sector Again

-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.

When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.

Sources: [Lexology] [Security Brief]

Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.

Sources: [Data Breaches] [UK mortgage news] [The Hacker News]

Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.

Source: [TechRadar]

Cyber Insecurity and Misinformation Top WEF Global Risk List

In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.

Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.

Source: [Infosecurity Magazine]

Why Effective Cyber Security and Risk Management are Crucial for Business Growth

Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.

Source: [World Economic Forum]

The Cost of Dealing with a Cyber Attack Doubled Last Year

New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.

Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.

Source: [TechRadar]

Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.

The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.

Source: [Security Week] [Dark Reading]

Mandiant, SEC Lose Control of X Accounts Without 2FA

While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.

In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.

Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.

Source: [Dark Reading]

If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling.  Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.

Source: [Help Net Security]

82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.

Sources: [Infosecurity Magazine] [SecurityWeek]

Cyber Security is the Number One Priority for the Financial Sector Again

In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.

Sources: [The Fintech Times] [Islamic Finance News]

Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.

Source: [Security Boulevard]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities



Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 05 January 2024

Black Arrow Cyber Threat Intelligence Briefing 05 January 2024:

-A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier

-Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns

-23andMe Tells Victim It’s Their Fault Their Data Was Breached

-Financial Sector Faces More Cyber Attacks Than Other Sectors

-An Innocent-Looking Instagram Trend Could Be a Gift to Hackers

-Cyber Criminals Shared Millions of Stolen Records During Holiday Break

-Law Firm that Handles Data Breaches was Itself Hit by Data Breach

-Nigerian Hacker Arrested for Stealing Millions from Charities

-Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud

-Shadow IT Threatens Corporate Cyber Security, Study Reveals

-Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge

-Putin has Declared a Cyber War on Britain

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier

Spain’s second largest mobile operator, Orange España, suffered a major outage after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the network that delivers the company’s internet traffic. The attacker had posted the account they had compromised, and researchers found that the associated system had been infected with a Raccoon type infostealer back in September of 2023. The compromised account was Orange’s RIPE administrator account, with the password “ripeadmin”. The incident led to a 50% drop in connections for a 4 hour period, and  underscores the critical importance of robust cyber security measures, including strong passwords, and serves as a stark reminder that even seemingly minor oversights can lead to significant disruptions.

Source: [Ars Technica]

Russia Kyivstar Hack Should Alarm the West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organisations in the West could easily be next, Ukraine's SBU chief says. December's cyber attack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actor ‘Sandworm’ dealt a catastrophic blow to the telecoms provider, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cyber security department. It is believed that although the attack took place in December 2023, the threat actors likely had access to Kyivstar systems since May 2023.

Source: [Dark Reading]

23andMe Tells Victims It’s Their Fault Their Data Was Breached

A cyber incident at DNA data firm 23andMe started with credential stuffing 14,000 user accounts. Credential stuffing is the process by which a malicious actor uses previously harvested usernames and passwords from earlier unrelated breaches to break into other sites and services. Many of the 14,000 accounts had opted-in for a feature whereby information is shared with relatives, which meant that once compromised, attackers had access to 6.9 million users: nearly half of the user base.

Facing over 30 lawsuits from victims, 23andMe is now blaming victims, according to letters seen by victims. 23andMe stated “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe”. This has caused divide in the cyber world; on one side, recycling and failing to update passwords is poor cyber hygiene and on the other hand, there are technical controls that could have better prevented this type of well known and common attack.

Source: [TechCrunch] [The Register]

Financial Sector Faces More Cyber Attacks Than Other Sectors

A recent study found that more than three-quarters (77%) of financial organisations detected an attack on their infrastructures in 2023, compared with around two-thirds (68%) of other sectors. In particular, the study found that financial workers were at a higher than average risk of phishing compared to other workers. Despite their target attractiveness, only three-quarters (73%) of the financial sector respondents said that they have a cyber security policy in place or will do so within the next year. A separate report from Kaspersky stated that the financial sector is poised to experience an influx of artificial intelligence based attacks 2024, adding to the fire.

Sources: [SC Media] [TechRadar ]

An Innocent-Looking Instagram Trend Could Be a Gift to Hackers

A recent trend that has picked up traction at the end of December on social media apps such as Instagram and TikTok, encourages their followers to “get to know them better”. This trend gets people to answer a popular template, freely giving away personal information such as their height, date of birth, and various details that they feel strongly about including favourite food and phobias. While these questions may seem harmless, these sorts of personal details are used by companies for security questions, for example when a person wants to reset their password. Hackers can use this information to easily social engineer victims or impersonate them to get access to their accounts.

Source: [Business Insider]

Cyber Criminals Shared Millions of Stolen Records During Holiday Break

While many people unwind and enjoy their time off during the festive season, cyber criminals remain active. In fact, they leaked approximately 50 million records containing sensitive personal information during this period. These data breaches were not limited to the West; they had a global impact, affecting individuals in various countries such as Peru, Australia, South Africa, and more. It is important to note that not all the data leaks were recent; some appeared to be remnants of older incidents. For instance, some of the leaked data belonged to customers of the credit company Klarna, which was rumoured to have experienced a breach back in 2022, although it was never publicly confirmed. This ‘Free Leaksmas’ event, as it’s been dubbed, underscores the extensive global reach and serious consequences of these cyber criminal activities.

Sources: [Security Affairs] [Dark Reading]

Law Firm that Handles Data Breaches was Itself Hit by Data Breach

Orrick, Herrington & Sutcliffe, a law firm specialising in managing security incidents for other companies, has disclosed more details of the cyber attack it itself experienced in March 2023. The breach compromised the sensitive health and personal information of over 637,000 individuals. The stolen data was linked to client organisations and included the names of individuals alongside their social security numbers, medical details, and financial information. Despite the firm's expertise in cyber security, the attack highlights the pervasive risk of data breaches, even among those who advise on such matters. Orrick's delayed response and subsequent legal settlements underscore the importance of proactive security measures and swift action in the wake of a breach. This incident serves as a stark reminder to all organisations of the need for robust cyber defences and transparent communication strategies in today's digital landscape. The law firm has recently settled in principle to resolve four class action lawsuits that accused Orrick of failing to inform victims of the breach until months after the incident.

Source: [TechCrunch]

Nigerian Hacker Arrested for Stealing Millions from Charities

A Nigerian national, Olusegun Samson Adejorin, has been arrested for charges relating to business email compromise attacks that caused a charitable organisation in the US to lose more than $7.5 million. Adejorin had purchased a credential harvesting tool to steal login credentials, which were used to send emails to the charity’s financial service provider. The emails requested and authorised a transfer of $7.5 million, which the investment services provider believed it was paying to the charity whereas it was paying into a bank account controlled by the attacker.

Source: [Bleeping Computer]

Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud

A cyber criminal gang known as GXC Team has been seen selling an artificial intelligence tool for creating fraudulent invoices. The tool, known as Business Invoice Swapper, scrutinises compromised emails that are fed to it, looking for emails which mention invoices or include invoice attachments. It then alters the details of the intended recipient to details specified by the perpetrator. This altered invoice then either replaces the compromised one, or is sent to a predetermined set of contacts.

Source: [Security Affairs]

Shadow IT Threatens Corporate Cyber Security, Study Reveals

With remote working becoming more and more prevalent, organisations are finding themselves at risk of cyber threats due to what is known as shadow IT; this is any software, hardware or IT resource used without the IT department’s approval, knowledge or oversight. A study by Kaspersky found of the 77% of companies that had suffered from cyber incidents over the past two years, 11% of these were directly caused by the unauthorised use of shadow IT.

Source: [Security Brief]

Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge

In the constantly evolving cyber threat landscape, 2023 has witnessed a notable surge in the use of bots, fraud farms, and cryptojacking. A new report found that 73% of web and app traffic this year has been attributed to malicious bots and fraud farms, indicating a significant shift towards automated cyber attacks. This trend poses a heightened risk to the ecommerce sector, where cyber criminals exploit API connections and third-party dependencies.

Furthermore, the surge in cryptojacking, marked by a 399% increase, reveals a diversifying strategy among cyber criminals, targeting critical infrastructure with sophisticated methods. These developments serve as a crucial reminder for organisations to bolster their cyber defences and adopt a proactive stance against these emerging and increasingly automated threats.

Source: [Help Net Security]

Putin has Declared a Cyber War on Britain

This year over 2 billion people will vote for new governments across the world, and it is crucial to be aware of upcoming threats to these elections from foreign powers. In particular, Russia is notorious for deploying bots, trolls, and deepfakes, which are techniques used to manipulate information and influence public opinion. These malicious actors are adept at spreading misinformation and disinformation, often with the goal of interfering in elections. With the upcoming UK General Election in 2024 and the US Presidential Election also falling this year, it is imperative to exercise caution and discernment when consuming online content. Not everything we see can be taken at face value.

Source: [Telegraph]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 November 2023

Black Arrow Cyber Threat Intelligence Briefing 10 November 2023:

-Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually

-Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable

-Cyber Attacks Top Global Risk – 2023 Aon Survey

-To Improve Cyber Defences, Practice for Disaster

-Meet Your New Cyber Security Auditor: Your Insurer

-Allen and Overy Suffer Ransomware Attack

-Shadow IT Remains a Top Threat, as Shown by Attack on Okta

-Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats

-Cyber Governance: Growing Expectations for Information Security Oversight and Accountability

-Generative AI Will Level Up Cyber Attacks, According to New Google Report

-Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?

-88% of Security Leaders Think Their Organisation Is Falling Short Addressing Cyber Security

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually

A recent report by Akamai Technologies has found that organisations experienced an average of 86 ransomware-linked events in the past 12 months (successful or not), double the number of annual attacks from 2 years ago.

The most common issues impacting organisations after a ransomware attack were network downtime (44%), data loss (42%) and brand/reputation damage (39%).

Ransomware attackers have increasingly employed tactics like double and triple extortion. These methods combine encryption, data exfiltration, and distributed denial of service (DDoS) attacks to extort money. While these strategies are not new, their prevalence has significantly increased in recent times.

With 81% of companies experiencing ransomware attacks in the previous 12 months this is increasingly something that company Boards are concerned about, not only the organisation’s ability to stop a ransomware attack in the first place, but also the organisation’s ability to recover when an attack happens.

Sources: [TechTarget] [PRNewsWire] [Security Magazine] [InsuranceJournal] [Financial Times]

Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable

A recent report found that of nearly 6,000 small and medium-sized business (SMB) IT professionals surveyed across Europe, a third of those based in the UK have no cyber security in place to protect assets such as their own printers, with 16% suffering a printer breach alone in the past. Despite this, less than a quarter educated their employees about printer (23%) IT security. With hybrid working seen as a security concern for 38% of SMEs, and potentially leading to more remote use of these devices, surprisingly just 4 in 10 (41%) cover hybrid working as part of their current security training.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [TechRadar] [The Recycler]

Cyber Attacks Top Global Risk – 2023 Aon Survey

Aon’s Global Risk Management Survey identified cyber attacks and data breaches as the leading business risk worldwide, followed by business interruption. Aon warned that deficits in talent or specialised skills may exacerbate cyber risks in particular.

Supply chain disruptions were ranked as another area of concern, with risks associated with supply chain failure hitting a 14-year high in the survey. However, less than 40% of organisations have conducted supplier resilience assessments. which contributes to cyber risk when organisations hand data to suppliers without considering whether their suppliers keep that data safe.

Source: [Investing]

To Improve Cyber Defences, Practice for Disaster

If you aren’t already running incident simulations in your organisation, it’s time to start. Such simulations allow employees to understand their roles and responsibilities, as well as providing a great opportunity to educate. Cyber attacks are a matter of when, not if, and no-one wants to be improvising their security response in the event of a real cyber incident.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Meet Your New Cyber Security Auditor: Your Insurer

In the dynamic world of cyber security, cyber insurers are emerging as key players, reshaping the landscape with ever more stringent requirements. With ransomware attacks becoming more complex, cyber insurance premiums have surged by 50%, challenging Chief Information Security Officers (CISOs) to demonstrate their organisation's cyber defence capabilities. Insurers, using detailed risk assessments, are influencing cyber security strategies, compelling organisations to adapt and meet higher standards.

CISOs are now tasked with ensuring their security measures are comprehensive and transparent, as insurers scrutinise everything from multifactor authentication to Active Directory policies. Accurate self-assessment is critical, as any misrepresentation can lead to denied coverage or legal repercussions. In this competitive market, organisations must showcase their cyber maturity, particularly in high-risk industries, to secure coverage. The evolving cyber insurance landscape demands a clear understanding of risk factors and continuous improvement in cyber defence strategies, ultimately aiming to enhance overall protection against cyber threats.

Source: [Dark Reading]

Allen and Overy Suffer Ransomware Attack

Allen & Overy, the “magic circle” law firm, has suffered a cyber attack on its systems, making it the latest large corporation to fall victim to a ransomware hack. A&O confirmed the incident after the infamous ransomware gang LockBit posted on social media platform X, formerly Twitter, claiming to have breached the legal giant and threatening to publish data from the firm’s files on 28 November.

Earlier this year, the UK National Cyber Security Centre reported that law firms of all sizes were at risk from cyber attackers because of the sensitive client information they routinely handle. The importance of reputation to the business also made law firms attractive targets for extortion.

Sources: [Financial Times] [Law Gazette]

Shadow IT Remains a Top Threat, as Shown by Attack on Okta

Shadow IT refers to IT resources used by employees or end users that don’t have IT approval or oversight. This was the case in the recent Okta attack in which an Okta employee signed into their personal Google account on a company-owned device. It is believed that the employee’s personal Google account had been compromised, and unfortunately since the employee had configured it in a way to save credentials of Okta accounts, the attacker now also had these credentials. The result? 134 downstream customers impacted.  

Source: [Computer Weekly]

Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats

Ransomware attacks surged to record highs in 2023 and are expected to escalate further, especially with key 2024 elections approaching, ZeroFox Intelligence's 2024 Key Forecasts report indicates. This trend is driven by evolving cyber threats, including sophisticated social engineering and AI-generated synthetic media, aimed at spreading misinformation and targeting electoral processes.

ZeroFox also highlights a concerning shift towards physical damages from cyber attacks, with critical sectors like finance, energy, and healthcare being vulnerable due to outdated security infrastructures. These sectors are likely targets for nation-state and state-sponsored attacks amidst global geopolitical tensions. To counter these threats, the report suggests enhanced security measures, including encrypted cloud backups, vigilant network monitoring, and a zero-trust cyber security approach to safeguard against the evolving landscape of cyber threats.

Source: [TechRadar]

Cyber Governance: Growing Expectations for Information Security Oversight and Accountability

In today's interconnected digital economy, cyber security is a critical governance issue for businesses, necessitating effective oversight and strategic planning. The SEC's new rules, effective July 2023, require public companies to transparently disclose their cyber security strategies and report significant incidents, highlighting the increasing importance of cyber security in corporate governance. This regulatory development aims to improve transparency and accountability in managing cyber risks.

Corporations are responding by emphasising detailed cyber security disclosures, employee training programmes, and board-level expertise in information security. As the landscape of cyber threats evolves, timely and comprehensive reporting of breaches becomes more crucial, aligning with both regulatory requirements and stakeholder expectations for robust cyber security governance.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Harvard]

Generative AI Will Level Up Cyber Attacks, According to New Google Report

Google's Cloud Cyber Security Forecast 2024 report reveals a growing trend of using generative AI in cyber attacks. The technology, particularly large language models (LLMs), is enhancing phishing and social engineering tactics by producing content that appears more legitimate, making it difficult to spot errors typically associated with such attacks. This advancement allows attackers to mimic natural language effectively and create authentic-looking fake news, phone calls, and deepfake videos, potentially eroding public trust in online information.

On the flip side, the report highlights the potential of AI as a powerful tool for cyber defence. Cyber security professionals can leverage AI for rapid data synthesis, efficient threat detection, and swift response actions. As defenders direct AI development with specific security objectives, its capabilities are expected to significantly bolster cyber security measures in the near future.

Source: [ZDNET]

Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?

New research found that half of UK participants believed they are most at risk of a cyber attack when using public Wi-Fi, which is Wi-Fi that anyone, including an attacker, can connect to. However, in contrast to concerns, the report found that 41% will use unsecured Wi-Fi if given the opportunity. Further, 53% of participants would enter or access sensitive information whilst connected to an unsecured public Wi-Fi network; this includes bring your own devices (BYOD) that have access to corporate data.

Source: [TechRadar]

88% of Security Leaders Think Their Organisation Is Falling Short in Addressing Cyber Security

A recent study by Foundry reveals a trend towards AI-driven security measures and increased reliance on cyber insurance among organisations. Key priorities for security leaders include preparedness for incidents, data protection, and enhancing IT and cloud data security. Despite this, 88% of security leaders feel their organisations are inadequate in addressing cyber security risks, mainly due to budget limitations, talent scarcity, and challenges in stakeholder communication.

To improve the situation, more top security executives are having regular engagements with the board of directors (85% this year compared to 82% in 2022), aiding in better cyber security initiatives. Security budgets are expected to remain stable or increase, with investments focused on authentication, data analytics, and cloud security, complemented by cyber insurance. AI's role is expanding in threat detection, malware identification, and automated responses, showcasing its growing importance in evolving security landscapes.

Source: [Foundry]


Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 October 2023

Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:

-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

-Cyber Security Investments Show Mature Business Mindset

-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure

-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen

-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack

-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head

-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors

-39% of Individuals Use the Same Password for Multiple Accounts

-Why Fourth-Party Risk Management Is a Must-Have

-AI Adoption Surges But Security Awareness Lags Behind

-UK watchdog fines Equifax £11 million for role in cyber breach

-Why Boards Must Understand and Govern Cyber Security Risk

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

Geopolitical Threats/Activity

China

Russia

Iran

North Korea



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 March 2023

Black Arrow Cyber Threat Briefing 17 March 2023:

-Almost Half of IT Leaders Consider Security as an Afterthought

-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

-Over 721 Million Passwords Were Leaked in 2022

-How Much of a Cyber Security Risk are Suppliers?

-90% of £5m+ Businesses Hit by Cyber Attacks

-Rushed Cloud Migrations Result in Escalating Technical Debt

-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

-Microsoft Warns of Large-Scale Use of Phishing Kits

-BEC Volumes Double on Phishing Surge

-The Risk of Pasting Confidential Company Data in ChatGPT

-Ransomware Attacks have Entered a New Phase

-MI5 Launches New Agency to Tackle State-Backed Attacks

-Why Cyber Awareness Training is an Ongoing Process

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

  • Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

  • Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

  • How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

  • 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

  • Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

  • Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

  • Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

  • BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

  • The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

  • Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

  • MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

  • Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

AML/CFT/Sanctions

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 03 February 2023

Black Arrow Cyber Threat Briefing 03 February 2023:

-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

-The Corporate World is Losing its Grip on Cyber Risk

-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside

-98% of Organisations Have a Supply Chain Relationship That Has Been Breached

-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

-Financial Services Targeted in 28% of UK Cyber Attacks Last Year

-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For

-City of London on High Alert After Ransomware Attack

-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

  • Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

  • The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

  • Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

  • Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

  • Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

  • The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

  • 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

  • New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

  • Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

  • Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

  • Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

  • City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

  • JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Containers

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea

Nation State Actors – Iran

Nation State Actors – Misc


Vulnerability Management

Vulnerabilities

Tools and Controls

Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 09 December 2022

Black Arrow Cyber Threat Briefing 09 December 2022:

-Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

-Cyber Security Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations

-Cyber Security Should Focus on Managing Risk

-Fear of Cyber Attacks Drives SMBs to Spend More on Software

-Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

-Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

-Automated Dark Web Markets Sell Corporate Email Accounts For $2

-Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

-Security Concerns Scupper Deals for Two-Thirds of Firms

-Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.

It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.

“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”

https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/

  • Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations

Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.

Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).

With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.

Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.

Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.

https://www.darkreading.com/vulnerabilities-threats/cybersecurity-resilience-emerges-as-top-priority-as-62-of-companies-say-security-incidents-impacted-business-operations

  • Cyber Security Should Focus on Managing Risk

Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.

There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.

Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.

Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.

In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.

https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk

  • Fear of Cyber Attacks Drives SMBs to Spend More on Software

Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.

Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:

  • Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases

  • Implementation concerns are SMBs’ biggest purchase barrier

  • Most SMB software purchases are solely handled by IT, disregarding other important stakeholders

  • Customer reviews sway purchase decisions, and verified reviews are critical

Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.

https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/

  • Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.

“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).

BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.

Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.

Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.

https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/

  • Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.

In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.

The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.

Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.

The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.

“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.

https://www.darkreading.com/threat-intelligence/ransomware-professionalization-grows-as-raas-takes-hold

  • Automated Dark Web Markets Sell Corporate Email Accounts For $2

Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.

Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.

The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.

Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.

Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.

https://www.bleepingcomputer.com/news/security/automated-dark-web-markets-sell-corporate-email-accounts-for-2/

  • Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.

"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."

Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

  • Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)

  • Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls

Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

  • Security Concerns Scupper Deals for Two-Thirds of Firms

Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.

The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.

Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.

There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.

Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.

https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/

  • Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.

"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."

In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.

The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."

https://www.pcgamer.com/microsoft-encourages-strong-cyber-hygiene-in-light-of-increasing-russian-cyberattacks/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Hybrid/Remote Working

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea

Nation State Actors – Iran


Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 May 2022

Black Arrow Cyber Threat Briefing 20 May 2022

-Fifth of Businesses Say Cyber Attack Nearly Broke Them

-Weak Security Controls and Practices Routinely Exploited for Initial Access

-How Do Ransomware Attacks Impact Victim Organisations’ Stock?

-Prioritise Patching Vulnerabilities Associated with Ransomware

-Researchers Warn of Advanced Persistent Threats/Nation State Actors (APTs), Data Leaks as Serious Threats Against UK Financial Sector

-Remote Work Hazards: Attackers Exploit Weak WiFi, Endpoints, and the Cloud

-Small Businesses Under Fire from Password Stealers

-Email Is the Riskiest Channel for Data Security

-Phishing Attacks for Initial Access Surged 54% in Q1

-State of Internet Crime in Q1 2022: Bot Traffic on The Rise, And More

-Fears Grow for Smaller Nations After Ransomware Attack on Costa Rica Escalates

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Fifth of Businesses Say Cyber Attack Nearly Broke Them

A fifth of US and European businesses have warned that a serious cyber attack nearly rendered them insolvent, with most (87%) viewing compromise as a bigger threat than an economic downturn, according to Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France, Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox Cyber Readiness Report.

It revealed the potentially catastrophic financial damage that a serious cyber-attack can wreak. The number claiming to have nearly been brought down by a breach increased 24% compared to the previous year.

Nearly half (48%) of respondents said they suffered an attack over the past 12 months, a 12% increase from the previous report’s findings. Perhaps unsurprisingly, businesses in seven out of eight countries see cyber as their biggest threat.

Yet perception appears to vary greatly depending on whether an organisation has suffered a serious compromise or not. While over half (55%) of total respondents said they view cyber as a high-risk area, the figure among companies that have not yet suffered an attack is just 36%.

https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

  • Weak Security Controls and Practices Routinely Exploited for Initial Access

Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. A joint Cybersecurity Advisory by the cyber security authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom identifies commonly exploited controls and practices and includes best practices to mitigate the issues.

Malicious cyber actors often exploit the following common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.

  • Multifactor authentication (MFA) is not enforced

  • Incorrectly applied privileges or permissions and errors within access control lists

  • Software is not up to date

  • Use of vendor-supplied default configurations or default login usernames and passwords

  • Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorised access

  • Strong password policies are not implemented

  • Cloud services are unprotected

  • Open ports and misconfigured services are exposed to the internet

  • Failure to detect or block phishing attempts

  • Poor endpoint detection and response.

https://www.cisa.gov/uscert/ncas/alerts/aa22-137a

  • How Do Ransomware Attacks Impact Victim Organisations’ Stock?

Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organisations to pay the ransom demand under the assumption it will return business operations to normal - ultimately encouraging more attacks - and we have a big problem with no easy remedies.

Back in 2021, Cybereason published a report titled Ransomware Attacks and the True Cost to Business that revealed the various costs that organisations face after falling victim to a ransomware attack. Here are some of the most significant findings that stood out:

  • Two-thirds of ransomware victims said that they endured a significant loss of revenue following the attack

  • More than half (53%) of organisations suffered damage to their brand and reputation after a ransomware infection

  • A third of those who fell to ransomware lost C-level talent in the attack’s aftermath

  • Three in 10 organisations had no choice but to lay off employees due to the financial pressures resulting from a ransomware incident

  • A quarter of ransomware victims said that they needed to suspend operations.

https://www.msspalert.com/cybersecurity-guests/how-do-ransomware-attacks-impact-victim-organizations-stock/

  • Prioritise Patching Vulnerabilities Associated with Ransomware

In the last quarter, ransomware attacks have made mainstream headlines on a near-daily basis, with groups like Lapsus$ and Conti’s names splashed across the page. Major organisations like Okta, Globant and Kitchenware maker Meyer Corporation have all fallen victim, and they are very much not alone. The data indicates that increasing vulnerabilities, new advanced persistent threat (APT) groups and new ransomware families are contributing to ransomware’s continued prevalence and profitability.

The top stats include:

  • 22 new vulnerabilities and nine new weaknesses have been associated with ransomware since January 2022; of the 22, a whopping 21 are considered of critical or high risk severity

  • 19 (out of 22) of the newly-added vulnerabilities are associated with the Conti ransomware gang

  • Three new APT groups (Exotic Lily, APT 35, DEV-0401) and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) are deploying ransomware to attack their targets

  • 141 of CISA’s Known Exploited Vulnerabilities (KEVs) are being used by ransomware operators – including 18 newly identified this quarter

  • 11 vulnerabilities tied to ransomware remain undetected by popular scanners

  • 624 unique vulnerabilities were found within the 846 healthcare products analysed.

https://www.helpnetsecurity.com/2022/05/19/increase-ransomware-vulnerabilities/

  • Researchers Warn of Advanced Persistent Threats (APTs), Data Leaks as Serious Threats Against UK Financial Sector

Researchers say that geopolitical tension, ransomware, and cyber attacks using stolen credentials threaten the UK's financial sector.

KELA's security team published a report examining the cyber security issues and attacks that surfaced in 2021 and early 2022, specifically focused on the United Kingdom's banks and other financial services.

The UK was one of the first countries to stand with Ukraine after the invasion by Russia. This could make UK organisations a tempting target for threat actors siding with Russia - whether by state-sponsored advanced persistent threat (APT) groups or hacktivists. The National Cyber Security Centre (NCSC) previously warned businesses to shore up their cyber security following Russia's assault.

APTs are often responsible for attacking the financial sector: account credentials, card numbers, and the personally identifiable information (PII) of customers are useful not only in social engineering and identity theft but also to make fraudulent purchases or for card cloning.

APTs target organisations worldwide, and those located in the UK are no exception. Over the past few years, APTs, including the Chinese APT40 and APT31, have utilised vulnerabilities, including ProxyLogon, to compromise UK businesses.

"In general, APTs may target the financial sector to commit fraud, burglarise ATMs, execute transactions, and penetrate organisations' internal financial systems," KELA says. "Although specific threats to the UK financial sector have not been identified, there is no doubt that the UK has occasionally been a target of APT groups during 2021."

Exposed corporate information and leaked credentials are also of note. After browsing Dark Web forums, the researchers found that UK data is "in demand" by cyber criminals who are seeking PII, access credentials, and internal data.

https://www.zdnet.com/article/researchers-warn-of-apts-data-leaks-as-serious-threats-against-uk-financial-sector/

  • Remote Work Hazards: Attackers Exploit Weak WiFi, Endpoints, and the Cloud

Infoblox unveils a global report examining the state of security concerns, costs, and remedies. As the pandemic and uneven shutdowns stretch into a third year, organisations are accelerating digital transformation projects to support remote work. Meanwhile, attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams.

1,100 respondents in IT and cyber security roles in 11 countries – United States, Mexico, Brazil, United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, Australia, and Singapore – participated in the survey.

The surge in remote work has changed the corporate landscape significantly – and permanently. 52% of respondents accelerated digital transformation projects, 42% increased customer portal support for remote engagement, 30% moved apps to third party cloud providers, and 26% shuttered physical offices for good. These changes led to the additions of VPNs and firewalls, a mix of corporate and employee owned devices as well as cloud and on-premises DDI servers to manage data traffic across the expanded network.

The hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks through remote access tools and cloud services. Respondents indicate concerns about their abilities to counter increasingly sophisticated cyber attacks with limited control over employees, work-from-home technologies, and vulnerable supply chain partners. The sophistication of state-sponsored malware also is a source of worry for many.

Organisations have good reason to worry: 53% of respondents experienced up to five security incidents that led to at least one breach.

https://www.helpnetsecurity.com/2022/05/17/state-of-security/

  • Small Businesses Under Fire from Password Stealers

Password-stealing malware and other cyber attacks have increased significantly against small businesses over the past year, according to Kaspersky researchers.

An assessment released this week detailed the number of Trojan Password Stealing Ware (PSW) detections, internet attacks and attacks on Remote Desktop Protocol (RDP) between January and April 2022, compared with the same time frame from 2021. Kaspersky's research showed a jump in the detection of password stealers within small business environments, as well as increases in other types of cyber attacks.

According to Kaspersky, the biggest increase in threats against small businesses was password stealers, specifically Trojan PSWs. There were nearly 1 million more detected Trojan PSWs targeting small and medium-sized businesses in the first trimester of 2022 than the first of 2021, increasing from 3,029,903 to 4,003,323.

https://www.techtarget.com/searchsecurity/news/252518442/Small-businesses-under-fire-from-password-stealers

  • Email Is the Riskiest Channel for Data Security

Research from Tessian and the Ponemon Institute reveals that nearly 60% of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.

Email was revealed as the riskiest channel for data loss in organisations, as stated by 65% of IT security practitioners. This was closely followed by cloud file-sharing services (62%) and instant messaging platforms (57%).

The research surveyed 614 IT security practitioners across the globe to also reveal that:

  • Employee negligence, because of not following policies, is the leading cause of data loss incidents (40%)

  • 27% of data loss incidents are caused by malicious insiders

  • It takes up to three days for security and risk management teams to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email

  • 23% of organisations experience up to 30 security incidents involving employees’ use of email every month (for example, email was sent to an unintended recipient).

The most common types of confidential and sensitive information lost or intentionally stolen include: customer information (61%); intellectual property (56%); and consumer information (47%). User-created data (sensitive email content, text files, M&A documents), regulated data (credit card data, Social Security numbers, national ID numbers, employee data), and intellectual property were identified as the three types of data that are most difficult to protect from data loss.

The top two consequences for data loss incidents were revealed as non-compliance with data protection regulations (57%) and damage to an organisation’s reputation (52%). Furthermore, a previous study from Tessian found that 29% of businesses lost a client or customer because of an employee sending an email to the wrong person.

https://www.helpnetsecurity.com/2022/05/20/data-loss-email/

  • Phishing Attacks for Initial Access Surged 54% in Q1

Threat actors doubled down on their use of phishing emails as an initial attack vector during the first quarter of 2022 — and in many cases then used that access to drop ransomware or to extort organisations in other ways.

Researchers from Kroll recently analysed data gathered from security incidents they responded to in the first three months of this year. The analysis showed a 54% increase in incidents of phishing for initial access compared with the same period last year.

For the first time since Microsoft disclosed the so-called ProxyLogon set of vulnerabilities in Exchange Server in the first quarter of 2021, incidents tied to email compromises surpassed those related to ransomware. Kroll described the sharp increase in phishing activity as likely the result of a surge in activity tied to Emotet and IceID malware — threat actors have been using both to drop other malware.

https://www.darkreading.com/risk/phishing-attacks-for-initial-access-surged-q1

  • Fears Grow for Smaller Nations After Ransomware Attack on Costa Rica Escalates

Conti demanded $20M in ransom — and the overthrow of the government.

It’s been a rough start for the newly elected Costa Rica president Rodrigo Chaves, who less than a week into office declared his country “at war” with the Conti ransomware gang.

“We’re at war and this is not an exaggeration,” Chaves told local media. “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.”

Conti’s assault on the Costa Rican government began in April. The country’s Finance Ministry was the first hit by the Russia-linked hacking group, and in a statement on May 16, Chaves said the number of institutions impacted had since grown to 27. This, he admitted, means civil servants wouldn’t be paid on time and will impact the country’s foreign trade.

In a message posted to its dark web leaks blog, Conti urged the citizens of Costa Rica to pressure their government to pay the ransom, which the group doubled from an initial $10 million to $20 million. In a separate statement, the group warned: “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power.”

Conti is among the most prolific hacking groups. The FBI warned earlier this year that the gang was among “the three top variants” that targeted businesses in the United States, and it has been blamed for ransomware attacks targeting dozens of businesses, including Fat Face, Shutterfly and the Irish healthcare service.

But Conti has picked up its pace in recent months: In January and February it published 31 victims on its leaks blog. In March and April, it posted 133 victims.

https://techcrunch.com/2022/05/20/costa-rica-ransomware-attack/


Threats

Ransomware

Phishing & Email Based Attacks

Malware

Mobile

IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Cloud/SaaS

Open Source

Privacy

Passwords & Credential Stuffing

Cyber Bullying and Cyber Stalking

Regulations, Fines and Legislation

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine




Vulnerabilities





As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 25 February 2022

Black Arrow Cyber Threat Briefing 25 February 2022

-Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates

-Ransomware Extortion Doesn't Stop After Paying The Ransom

-Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces

-Study: UK Firms Most Likely To Pay Ransomware Hackers

-Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks

-91% of UK Organisations Compromised by an Email Phishing Attack in 2021

-Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021

-Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion

-Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds

-The Future of Cyber Insurance

-Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices

-Microsoft Teams Is The New Frontier For Phishing Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates

Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.

Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.

"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.

Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.

https://www.reuters.com/technology/britain-warns-cyberattacks-russia-ukraine-crisis-escalates-2022-02-22/

Ransomware Extortion Doesn't Stop After Paying The Ransom

A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.

This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.

The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:

  • 18% of victims who paid the ransom still had their data exposed on the dark web.

  • 8% refused to pay the ransom, and the attackers tried to extort their customers.

  • 35% of victims paid the ransom but were still unable to retrieve their data.

As for the ransomware actor extortion tactics, these are summarized as follows:

  • 83% of all successful ransomware attacks featured double and triple extortion.

  • 38% of ransomware attacks threatened to use stolen data to extort customers.

  • 35% of ransomware attacks threatened to expose stolen data on the dark web.

  • 32% of attacks threatened to directly inform the victim's customers of the data breach incident.

https://www.bleepingcomputer.com/news/security/ransomware-extortion-doesnt-stop-after-paying-the-ransom/

Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces

The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.

Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."

The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link.  The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.

According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.

https://www.bitdefender.com/blog/hotforsecurity/ukraine-calls-for-volunteer-hackers-to-protect-its-critical-infrastructure-and-spy-on-russian-forces/

Study: UK Firms Most Likely To Pay Ransomware Hackers

Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.

The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.

Phishing attacks remain the key way criminals access networks, it found.

Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.

https://www.bbc.co.uk/news/business-60478725

Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.

Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.

https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/

91% of UK Organisations Compromised by an Email Phishing Attack in 2021

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.

The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.

The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.

Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.

https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/

Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021

Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.

As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.

Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.

This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.

https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/

Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion

A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.

“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.

The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.

The Russian Government’s portal, and the websites of other ministries are running very slow.

The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.

Anonymous pointed out that it is not targeting Russian citizens, but only their government.

“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”

https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html

Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds

If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.

The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.

Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.

What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”

https://www.msspalert.com/cybersecurity-news/email-remains-go-to-method-for-cyberattacks-phishing-research-report-finds/

The Future of Cyber Insurance

In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.

At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.

If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.

https://www.darkreading.com/risk/the-future-of-cyber-insurance

Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices

Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.

The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.

https://www.darkreading.com/risk/businesses-are-at-significant-risk-of-cybersecurity-breaches-due-to-immature-security-hygiene-and-posture-management-practices

Microsoft Teams Is The New Frontier For Phishing Attacks

Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.

One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.

“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.

Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.

However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.

https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/


Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email

Other Social Engineering

Malware

Mobile

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain

Nation State Actors

Privacy

Spyware, Espionage & Cyber Warfare






As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 19 February 2021

Black Arrow Cyber Threat Briefing 19 February 2021: Masslogger Swipes Outlook & Chrome Credentials; Phishers trick LinkedIn users; Solarwinds Attack ‘Largest And Most Sophisticated Attack’ Ever; Ransomware gangs are running riot, paying them off doesn’t help; Most security bugs in the wild are years old; Hacker Claims Files Stolen from Prominent Law Firm; 100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020; 14 million alleged Amazon and eBay account details sold online; Think backups will protect you from ransomware? What do you think gets attacked first?

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.


Image by Lukas Bieri from Pixabay

Top Cyber Stories of the Last Week

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Cyber Criminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML (CHM) files. This is a new move for Masslogger, and helps the malware sidestep potential defensive programs, which would otherwise block the email attachment based on its RAR file extension, said researchers on Wednesday.

https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/

Phishers tricking users via fake LinkedIn Private Shared Document

The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document. If they fail to find this suspicious, they’ll be redirected to a convincingly spoofed LinkedIn login page, and if they enter their login credentials, their account will probably soon be sending out phishing messages to their contacts.

https://www.helpnetsecurity.com/2021/02/18/linkedin-private-shared-document/

Solarwinds Attack Hit 100 Companies And Took Months Of Planning’; ‘Largest And Most Sophisticated Attack’ Ever Seen According To Microsoft; Hackers Downloaded Some Azure, Exchange, And Intune Source Code

A hacking campaign that used a tech company as a springboard to compromise a raft of US government agencies has been called “the largest and most sophisticated attack the world has ever seen”, according to Microsoft. Nine US governmental agencies were breached along with 100 different private sector companies , many of which were technology companies, including products that could be used to launch additional intrusions. Microsoft said it has formally completed its investigation into the SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers, though it did state that it had discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft's internal network, where they accessed the source code of several internal projects.

https://www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ https://www.independent.co.uk/news/world/americas/solarwinds-us-russia-hacking-b1802299.html https://www.zdnet.com/article/microsoft-says-solarwinds-hackers-downloaded-some-azure-exchange-and-intune-source-code/

Ransomware gangs are running riot – paying them off doesn’t help

In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. Hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cyber criminals are freely extorting millions of pounds from companies – and they’re enjoying a remarkably low risk of arrest as they do it.

https://theconversation.com/ransomware-gangs-are-running-riot-paying-them-off-doesnt-help-155254

Most security bugs in the wild are years old

Most vulnerabilities exploited in the wild are years old and some could be remedied easily with a readily available patch. This is one of the findings of a new report, which states that two thirds (65 percent) of CVEs found in 2020 were more than three years old, while a third of those (32 percent) were originally identified in 2015 or earlier.

https://www.itproportal.com/news/most-security-bugs-in-the-wild-are-multiple-years-old/

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day

A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day has many prominent clients, including former President Donald Trump and major corporations. Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.

https://www.wsj.com/articles/hacker-claims-to-have-stolen-files-belonging-to-prominent-law-firm-jones-day-11613514532?reflink=desktopwebshare_twitter

Former Spy Chief Calls For Military Cyber Attacks On Ransomware Hackers

The state should launch military cyber attacks to shut down ransomware gangs that have extorted millions of pounds from British businesses, a former spy chief has said.

Ciaran Martin, who previously led the UK’s National Cyber Security Centre, said the problem of criminal gangs locking and stealing files has become so serious that Government should now seek to disrupt the operations of prolific criminals.

The plans would mark a major change of tack for the UK authorities, who have long downplayed the idea they could routinely use offensive hacking as well as cyber defence.

https://www.telegraph.co.uk/technology/2021/02/15/former-spy-chief-calls-military-cyber-attacks-ransomware-hackers/

Think your backups will protect you from ransomware? What do you think the malware attacked first?

If you think your backup strategy means you’re protected from the worst that cyber criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too. So, if you are unlucky enough to get a “pay up or else” notice, there’s a very good chance that the attacker in question has already been stealthily working their way through your systems for some time, ensuring your recovery data has already been comprehensively trashed.

https://www.theregister.com/2021/02/17/protect_yourself_from_ransomware_webcast/

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

More than 100 financial services firms across multiple countries were targeted in a wave of ransom distributed denial-of-service (DDoS) attacks conducted by the same threat actor in 2020. The attacks moved in methodical fashion across Europe, North America, Latin America, and Asia, hitting dozens of organizations in the financial sector in each region, the Financial Services Information Sharing and Analysis Center (FS-ISAC) disclosed this week. Among those targeted were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services.

https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165

14 million alleged Amazon and eBay account details sold online

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.

https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/


Threats

Ransomware

BEC

Phishing

Malware

Mobile

IOT

Vulnerabilities

Data Breaches

Organised Crime

Insider Threats

Supply Chain

OT, ICS, IIoT and SCADA

Nation-State Actors

Privacy


Reports Published in the Last Week


Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More