Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Overconfident Organisations Prone to Cyber Breaches

A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.

Source: [IT Security Guru]

Board Members Struggling to Understand Cyber Risks

Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.

Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.

Source: [Infosecurity Magazine]

Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.

These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.

Source: [Fortune]

Cyber Attacks Reach Fever Pitch in Q2 2023

A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022.  Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.

Source: [Data Centre & Network News]

Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.

Sources: [The Record] [The Fintech Times] [Financial Times]

Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.

Source: [Bleeping Computer]

Europol - Financial Crime Makes “Billions” and Impacts “Millions”

The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.

Source: [Infosecurity Magazine]

Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.

Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.

Source: [IT Security Guru]

Hackers are Dropping USB Drives Outside Buildings to Target Networks

A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?

Source: [Tech Republic]

Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.

Source: [Information Security Buzz]

If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.

Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.

Source: [Make Use Of]

Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.

IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.

Sources: [Infosecurity Magazine] [The Register] [TechTarget]

Governance, Risk and Compliance

• More UK companies failing to tackle cyber security, reveals new report - The Intermediary - Latest UK mortgage news

• Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Why Data Theft Is Now The #1 Cyber Security Threat Keeping IT Pros Awake At Night (informationsecuritybuzz.com)

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• Global companies to hike security spending as threats rise - survey | Reuters

• CISOs need to be forceful to gain leverage in the boardroom - Help Net Security

• Board Members Struggling to Understand Cyber Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Board And CISO Disconnect On Cyber Security Preparedness 'Rings Alarm Bells'– Expert Comments (informationsecuritybuzz.com)

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security

• CISOs and Board Reporting – an Ongoing Problem - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)

• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)

• Ransomware and the cyber crime ecosystem - NCSC.GOV.UK

• Ransomware in top three threats for 65% of organisations | Security Magazine

• The 10 biggest ransomware attacks in history | TechTarget

• Sophos on the State of Ransomware - GovInfoSecurity

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

• Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)

• Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)

Ransomware Victims

• Greater Manchester Police officers' details targeted in 'ransomware attack' | Breaking News News | Sky News

• A phone call to helpdesk was likely all it took to hack MGM | Ars Technica

• MGM Resorts cyber attack: Casinos warned to be on 'high alert' as £11bn firm remains crippled | Science & Tech News | Sky News

• MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)

• Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN

• Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• IT Systems Encrypted After UK School Hit By Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data - Infosecurity Magazine (infosecurity-magazine.com)

• Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)

• Ransomware crew claims to have hit Save The Children • The Register

• Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters

• Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com

• Cyber security incident affects services at The Weather Network | CFJC Today Kamloops

Phishing & Email Based Attacks

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• Journalists, authors, and other writers targeted by phishing emails | TechRadar

• Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• How should SMBs navigate the phishing minefield? - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Understanding the dangers of social engineering - Help Net Security

• How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)

Artificial Intelligence

• Cyber Criminals Feasting On Artificial Intelligence (forbes.com)

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud security in the era of artificial intelligence (securityintelligence.com)

• Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE

2FA/MFA

• Organisation Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

Malware

• Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Intel-based Macs under attack from new MetaStealer malware — how to stay safe | Tom's Guide (tomsguide.com)

• Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)

• 3 Strategies to Defend Against Resurging Infostealers (darkreading.com)

• New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• 'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)

• Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)

• Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com

• Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek

Mobile

• 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)

• France halts iPhone 12 sales over radiation levels - BBC News

Denial of Service/DoS/DDOS

• Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)

• Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News

Internet of Things – IoT

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Hackers Are Salivating Over Electric Cars - The Atlantic

• Hackers will hack anything — including your sex toys - The Hustle

Data Breaches/Leaks

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra

• Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)

• Lessons from the DuoLingo data breach – Digital Journal

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• Airbus data leaked via infected customer computer • The Register

• Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Organised Crime & Criminal Actors

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Europol: Financial Crime Makes “Billions” and Impacts “Million" - Infosecurity Magazine (infosecurity-magazine.com)

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life | Financial Times (ft.com)

• Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)

• Ransomware in the underworld. (thecyberwire.com)

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks (thehackernews.com)

• Top blockchain Cyber security threats to watch out for (att.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

• Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

Insider Risk and Insider Threats

• Human behaviour as both threat and defence | Professional Security

Fraud, Scams & Financial Crime

• Latest fraud schemes targeting the payments ecosystem - Help Net Security

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

• Glasgow firm issues warning following recent cyber attack | Glasgow Times

Impersonation Attacks

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Deepfakes

• Deepfake cyber threats keep rising. Here's how to prevent them - SiliconANGLE

AML/CFT/Sanctions

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

Insurance

• Insurance industry grapples with rising cyber crime threat, climate change concerns: PwC - Reinsurance News

• Cyber security is top insurance concern as global attacks increase - Insurance Post (postonline.co.uk)

Dark Web

• Dark Web Threats to Businesses - DevX

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

Supply Chain and Third Parties

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• The rise and evolution of supply chain attacks - Help Net Security

• A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)

Cloud/SaaS

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Finding Your Way in Cloud Security - SecurityWeek

• 7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)

• Cloud storage security: What's new in the threat matrix | Microsoft Security Blog

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

• Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget

• Cloud security in the era of artificial intelligence (securityintelligence.com)

Containers

• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

Identity and Access Management

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Encryption

• OpenSSL 1.1.1 reaches end of life... unless you can pay up • The Register

• When a Quantum Computer Is Able to Break Our Encryption, It Won’t Be a Secret | Lawfare (lawfaremedia.org)

API

• API Expanding Attack Surfaces: 74% Reporting Multiple Breaches – Approov Comments (informationsecuritybuzz.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating API security to reinforce cyber defence - Help Net Security

• Machine Learning is a Must for API Security - IT Security Guru

Open Source

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)

Passwords, Credential Stuffing & Brute Force Attacks

• If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)

• Wi-Fi radio signal data can be used 'to predict passwords' • The Register

• Cloud credentials are the hot ticket item on the dark web • The Register

• Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)

Social Media

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

Training, Education and Awareness

• How to Transform Security Awareness Into Security Culture (darkreading.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)

• Great security training is a real challenge - Help Net Security

Digital Transformation

• Was the digital transformation worth it security-wise? (securityintelligence.com)

Parental Controls and Child Safety

• Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security- IT Security Guru

• Parents, children and cyber security: Time for a big conversation – Digital Journal

Cyber Bullying, Cyber Stalking and Sextortion

• How To Answer The General Counsel’s Questions After A Cyber Incident (forbes.com)

Regulations, Fines and Legislation

• SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra

• Cyber risk is business risk, and the SEC knows it (fdd.org)

• What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra

• The International Criminal Court will now prosecute cyberwar crimes | Ars Technica

• Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)

• UK ICO and NCSC Set to Share Anonymized Threat Intelligence - Infosecurity Magazine (infosecurity-magazine.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Models, Frameworks and Standards

• Understanding the HITRUST CSF and its Benefits | UpGuard

Backup and Recovery

• How to develop a cloud backup ransomware protection strategy | TechTarget

• How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)

Data Protection

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Careers, Working in Cyber and Information Security

• Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)

• Three ways to overcome cyber security staff shortages (securitybrief.co.nz)

Privacy, Surveillance and Mass Monitoring

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Your Car Is Spying On You, From Your Sex Life To How Fast You Go | Carscoops

• Google Chrome just rolled out a new way to track you and serve ads. Here's what you need to know (theconversation.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

China

• Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget

• Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian

• Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)

• Microsoft, Apple versus China, spyware actors (techrepublic.com)

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cyber Crime - SecurityWeek

• Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• China caught with its malware in another nation's power grid • The Register

• China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)

• As China steps up cyber security enforcement, smaller businesses are feeling the heat | South China Morning Post (scmp.com)

• British and Chinese academic research collaborations quadruple despite security fears (telegraph.co.uk)

Iran

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• ‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors (thehackernews.com)

North Korea

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

Misc Nation State/Cyber Warfare

• ‘Cyber attacks lower warfare bar, rules key’ | Mint (livemint.com)

• Polish election questioned after Pegasus spyware used to smear opposition, investigation finds | Computer Weekly

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Cyber Attacks Are Transforming Warfare (thehackernews.com)

• OODA Loop - The ICC Will Now Investigate Cyber War Crimes

• The Double-Edged Sword of Cyber Espionage (darkreading.com)

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Vulnerability Management

• Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Vulnerabilities

• Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)

• Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security

• Severe vulnerability found in all browsers, and it's being attacked | PCWorld

• Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (thehackernews.com)

• After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek

• CISA Adds Critical RocketMQ Bug to Must-Patch List - Infosecurity Magazine (infosecurity-magazine.com)

• Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)

• Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

• Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Tools and Controls

• Global companies to hike security spending as threats rise - survey | Reuters

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• What Is XDR and Why It's Changing the Security Industry - ReadWrite

• Organisations Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

• Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE

• How CISOs Can Effectively Manage Firewall Vulnerabilities | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• Great security training is a real challenge - Help Net Security

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

• Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)

Reports Published in the Last Week

• Ransomware and the Cyber Crime ecosystem - NCSC.GOV.UK

• Sophos on the State of Ransomware - GovInfoSecurity

• The State of Pentesting 2023 Report | Cobalt

Other News

• Record number of cyber attacks targeting critical IT infrastructure reported to UK gov’t this year (therecord.media)

• The Weaponization of Operational Technology (securityintelligence.com)

• ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek

• Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)

• The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)

• Some of TOP universities wouldn’t pass cyber security exam: left websites vulnerable - Security Affairs

• The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)

• A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)

• Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)

• Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security

• Building cyber resiliency in public services | UKAuthority

• Brits happy to break cyber law if the price is right | Computer Weekly

• Chilling Lack of Cyber Experts in UK Government: Parliamentary Inquiry - Infosecurity Magazine (infosecurity-magazine.com)

• British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)

• Trustwave report on hospitality industry security threats | Cyber Magazine

• Cyber security impact on construction, engineering projects (csemag.com)

• Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)

• Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters

• Death by digital: attacks on healthcare put people at risk (synack.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Than Half of UK Organisations Know They Aren’t Well Protected

According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.

Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.

Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Sources: [IT Security Guru][Beta News]

Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare

A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.

The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.

For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.

Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]

Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]

Businesses Ignore Incident Response at Their Peril

According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.

Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.

One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it. 

Source: [Infosecurity Magazine]

Blame Culture: An Organisation’s Ticking Time Bomb

An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.

Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.

Source: [ IT Security Guru]

Spend to Save: CFOs and Cyber Security Investment

For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.

When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.

Source: [Security Intelligence]

Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors

An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.

Source: [News Week]

Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.

Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Source: [The Register] [Tech Monitor]

Common Tactics Used by Threat Actors to Weaponise PDFs

PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.

Source: [Cyber Security News]

Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.

The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.

Source: [The Register]

Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability.  Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.

Source: [IT Security Guru]

71% of Organisations are Impacted by Cyber Security Skills Shortage

Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.

Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.

Source: [Security Magazine] [Digital Journal]

Multiple Schools Hit by Cyber Attacks Before Term Begins

Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.

The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• The importance of CISOs is not recognised by senior leadership - IT Security Guru

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• More than half of UK organisations know they aren’t well protected against cyber threats - IT Security Guru

• Boards show confidence in their cyber security but still think they're at risk of attack (betanews.com)

• SEC tells companies to “show their work” on cyber security - Red Canary

• Cyber security: a life cycle, not a destination | Hydrocarbon Engineering

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Compliance budgets under strain as inflation and workload grow - Help Net Security

• Cyber Security pros battle discontent amid skills shortage - Help Net Security

• CISOs weigh in on building security-focused culture | Healthcare IT News

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Attackers access military data through fencing supplier • The Register

• Yes, Ransomware is Still a Huge Problem | CSO Online

• Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)

• Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)

• Ransomware attacks go beyond just data - Help Net Security

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Killware vs. Ransomware: What's the Difference? (makeuseof.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)

• Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)

• How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)

Ransomware Victims

• LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)

• Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)

• Maidstone: Secondary school hit by cyber attack - BBC News

• Debenham High School IT system hit by cyber attack - BBC News

• Highgate Wood School delays term by 6 days after cyber attack | This Is Local London

• Cyber attack hits Suffolk school (computing.co.uk)

• Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle

• Russian ransomware gang AlphV targets pathology company, law firms in latest string of attacks - ABC News

• LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) (securityaffairs.com)

• Ransomware gang claims credit for Sabre data breach | TechCrunch

• Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)

Phishing & Email Based Attacks

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• Spam is up, QR codes emerge as a significant threat vector - Help Net Security

• From unsuspecting click to data compromise - Help Net Security

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

• Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)

• What Is Spear Phishing? A Comprehensive Guide - Sapphire

Other Social Engineering; Smishing, Vishing, etc

• Emerging threat: AI-powered social engineering - Help Net Security

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (thehackernews.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Artificial Intelligence

• Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)

• AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)

• Emerging threat: AI-powered social engineering - Help Net Security

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)

• It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE

• Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)

• Cyber Security Concerns In AI: NCSC Flags Vulnerabilities In Chatbots And Language Models (informationsecuritybuzz.com)

• UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)

• Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK

• Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)

• How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)

• 3 ways to strike the right balance with generative AI - Help Net Security

• Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Malware

• Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)

• Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus (thehackernews.com)

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)

• Malware Report: The Evolution of BumbleBee - Understanding the Emerging New Threat (govinfosecurity.com)

• Malware configurations How to find and use them? (govinfosecurity.com)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)

• New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

Mobile

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld

Botnets

• It might be too soon to claim victory against Qakbot | Computer Weekly

Denial of Service/DoS/DDOS

• DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA

BYOD

• Many businesses still aren't using BYOD protection | TechRadar

Internet of Things – IoT

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• Tech Company Says Cars Collect 25 Gigabits of Data per Hour, Making Them Targets for Hacking | The Epoch Times

• Connected cars and cyber crime: A primer - Help Net Security

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• Why consumer drones represent a special cyber security risk (securityintelligence.com)

• Like privacy? Then smart devices are a dumb idea • The Register

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

Data Breaches/Leaks

• Electoral Commission failed basic security test before hack - BBC News

• Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)

• Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)

• Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)

• Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group (bitdefender.com)

• Thousands of Popular Websites Leaking Secrets - SecurityWeek

• Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)

• Northern Ireland police chief quits in wake of data breach • The Register

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Organised Crime & Criminal Actors

• Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru

• Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

• Cyber criminals target graphic designers with GPU miners (talosintelligence.com)

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

Insider Risk and Insider Threats

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Fraud, Scams & Financial Crime

• Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru

• Smishing Triad: China-Based Fraud Network Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security

• Three men arrested for stealing thousands of dollars by hacking into ATMs with a Raspberry Pi device | PC Gamer

• Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• District of Massachusetts | Russian Businessman Sentenced to Nine Years in Prison in $93 Million Hack-to-Trade Conspiracy | United States Department of Justice

• Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Impersonation Attacks

• 'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Deepfakes

• Emerging threat: AI-powered social engineering - Help Net Security

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

AML/CFT/Sanctions

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

Insurance

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

Dark Web

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums (bleepingcomputer.com)

Supply Chain and Third Parties

• Attackers access military data through fencing supplier • The Register

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Supply chain related security risks, and how to protect against them (malwarebytes.com)

• 5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)

• University of Sydney suffered a security breach caused by a third-party service provider (securityaffairs.com)

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• Creating a more cyber secure supply chain requires group effort - FreightWaves

• Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)

• Cyber attacks attempt to crash 6 media sites globally using US. company RayoByte - Committee to Protect Journalists (cpj.org)

Software Supply Chain

• Software Supply Chain Strategies to Parry Dependency Confusion Attacks (darkreading.com)

Cloud/SaaS

• Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Hybrid/Remote Working

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Attack Surface Management

• What OSINT is, and why it’s dangerous | Kaspersky official blog

• Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE

• Top 10 riskiest assets threatening global business - IT Security Guru

Encryption

• Government denies U-turn on encrypted messaging row - BBC News

• UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop

API

• API Vulnerabilities: 74% of Organisations Report Multiple Breaches - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Software industry urged to assume risk on open source security | CIO Dive

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica

• Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

• 75% of education sector attacks linked to compromised accounts - Help Net Security

Social Media

• Twitter accused of helping Saudi Arabia commit human rights abuses | Saudi Arabia | The Guardian

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

Malvertising

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

Parental Controls and Child Safety

• Children's snack recalled after its website caught serving porn (bleepingcomputer.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Regulations, Fines and Legislation

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• SEC tells companies to “show their work” on cyber security - Red Canary

• Verizon to pay feds $4M over cyber security lapse | Light Reading

• Government denies U-turn on encrypted messaging row - BBC News

• UK drops 'spy clause' for scanning encrypted messages • The Register

Models, Frameworks and Standards

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security

• Explaining The New NIST Cyber Security Framework to the C-Suite

Backup and Recovery

• Best practices for implementing a proper backup strategy - Help Net Security

Careers, Working in Cyber and Information Security

• 71% of organisations are impacted by cyber security skills shortage | Security Magazine

• Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV

• 6 free resources for getting started in cyber security - Help Net Security

• Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop

• Cyber security pros battle discontent amid skills shortage - Help Net Security

Law Enforcement Action and Take Downs

• FBI Qakbot Takedown: Unanswered Questions (trendmicro.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cops drill into chat apps to thwart coke-smuggling ring • The Register

Privacy, Surveillance and Mass Monitoring

• Revealed: Home Office secretly lobbied for facial recognition ‘spy’ company | Facial recognition | The Guardian

• Like privacy? Then smart devices are a dumb idea • The Register

• Streetlights as Spyware (techpolicy.press)

Misinformation, Disinformation and Propaganda

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online

• NCSC Report Reveals Persistent Threat and Russia’s Ongoing Cyber Operations in Ukraine | Defense Express (defence-ua.com)

• An inside look at Ukraine's cyber war with Russia : NPR

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)

• Attackers access military data through fencing supplier • The Register

• Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

China

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• How Microsoft's highly secure environment was breached (malwarebytes.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• German companies report more cyber attacks from Russia, China | Meta.mk

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Microsoft reveals hackers compromised engineer account to gain access to government accounts - SiliconANGLE

• Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica

• South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times

• Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)

Iran

• Hackers push anti-Iranian government messages to millions via breached app | CyberScoop

• Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)

North Korea

• Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)

• Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• North Korean hackers target security researchers with new zero-day (therecord.media)

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

Misc Nation State/Cyber Warfare

• Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine

• Global cyber weapon market set for substantial growth | Insurance Business America (insurancebusinessmag.com)

• Policy, Guns and Money: Cyber conflict, competition and cooperation | The Strategist (aspistrategist.org.au)

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

Vulnerability Management

• Years-old Microsoft bugs are still hot targets for criminals • The Register

• Old vulnerabilities are still a big problem - Help Net Security

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

Vulnerabilities

• How to detect and patch a Log4J vulnerability  - IBM Blog

• Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)

• Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News

• High-Severity Vulnerability Discovered in Popular CMS - Infosecurity Magazine (infosecurity-magazine.com)

• Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)

• Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek

• Adobe ColdFusion Critical Vulnerabilities Exploited Despite Patches - Infosecurity Magazine (infosecurity-magazine.com)

• Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)

• Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)

• ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• CISA Adds One Known Vulnerability to Catalog | CISA

• Cisco SSO authentication bug patched - Security - Networking - iTnews

• Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication (talosintelligence.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

• Security or performance? Zenbleed forces you to choose | Digital Trends

Tools and Controls

• Many businesses still aren't using BYOD protection | TechRadar

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Dangling DNS Used to Hijack Subdomains of Major Organisations  - SecurityWeek

• Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)

• Cut through cyber security vendor hype with these 6 tips | TechTarget

• IAM, cloud security to drive new cyber security spending | CSO Online

• Best practices for implementing a proper backup strategy - Help Net Security

Other News

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News

• Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog

• New Nozomi Networks Study Finds EU Critical Infrastructure Companies Are Not Ready for NIS2 Compliance - IT Security Guru

• Insecure by design: What you need to know about defending critical infrastructure | CSO Online

• Half of Switzerland's large companies have been the victim of a cyber attack | Euronews

• Dangling DNS Used to Hijack Subdomains of Major Organizations  - SecurityWeek

• Securing the future: Safeguarding cyber-physical systems | CSO Online

• The tangible threat of cyber-kinetic attacks | CSO Online

• 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy  - SecurityWeek

• Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com

• Trustwave SpiderLabs Report Highlights Hospitality Industry Cybersecurity Threats (hotelnewsresource.com)

• 10 old-school security principles that (still) rule | CSO Online

• Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.