Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 26 April 2024
Black Arrow Cyber Threat Intelligence Briefing 26 April 2024:
-Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
-Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
-Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
-Ransomware Double-Dip - Re-Victimisation in Cyber Extortion
-AI is a Major Threat and Many Financial Organisations Are Not Doing Enough to Fight the Threat
-6 out of 10 Businesses Struggle to Manage Cyber Risk
-'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
-Penetration Testing Infrequency Leaves Security Gaps
-Bank Prohibited from Opening New Accounts After Regulators Lose Patience With Poor Cyber Security Governance
-The Psychological Impact of Phishing Attacks on Your Employees
-Where Hackers Find Your Weak Spots
-The Role of Threat Intelligence in Financial Data Protection
-Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.
Sources: [IT Security Guru] [Emerging Risks]
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.
According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.
Sources: [The Hacker News] [Huntress] [SC Media]
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.
Source: [Forbes]
Ransomware Double-Dip: Re-Victimisation in Cyber Extortion
A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.
Sources: [Security Magazine] [The Hacker News] [SC Media]
AI is a Major Threat and Many Financial Organisations Are Not Doing Enough
Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.
Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.
Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]
6 out of 10 Businesses Struggle to Manage Cyber Risk
A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.
Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.
Sources: [PR Newswire] [Beta News]
'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.
Source: [Security Brief] [Tripwire]
Penetration Testing Infrequency Leaves Security Gaps
Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.
The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.
Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.
Source: [MSSP Alert]
Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance
A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.
Source: [The Register]
The Psychological Impact of Phishing Attacks on Your Employees
Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.
Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.
Source: [Beta News]
Where Hackers Find Your Weak Spots
A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.
Source: [Dark Reading]
The Role of Threat Intelligence in Financial Data Protection
The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.
Source: [Security Boulevard]
Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.
Source: [TechRadar] [Security Magazine]
Governance, Risk and Compliance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Six out of 10 businesses struggle to manage cyber risk (betanews.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)
Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar
Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur
Bank banned from opening new accounts over IT risks • The Register
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com
73% of SME security pros missed or ignored critical alerts - Help Net Security
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
4 steps CISOs can take to raise trust in their business | TechTarget
NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)
Uncertainty is the most common driver of noncompliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine
Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)
'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)
Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget
Behavioural patterns of ransomware groups are changing - Help Net Security
Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)
Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)
Hackers use developing countries as testing ground for new ransomware attacks (ft.com)
Ransomware Still On Rise Despite Better Defences, Firm Says - Law360
Hackers are using developing countries for ransomware practice | Ars Technica
Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra
Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)
Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities | CISA
Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)
Ransomware Victims
Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)
UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert
UnitedHealth admits breach could affect large chunk of US • The Register
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)
UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert
UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)
Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week
Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)
Authentication failure blamed for Change Healthcare ransomware attack | CSO Online
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Carpetright unable to trade after cyber attack - Retail Gazette
Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)
Phishing & Email Based Attacks
The psychological impact of phishing attacks on your employees (betanews.com)
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)
BEC
Other Social Engineering
LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)
Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert
Artificial Intelligence
AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra
AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)
CSOs say AI is 'biggest cyber threat' to organisations | TechRadar
Man arrested for 'framing colleague' with AI-generated voice • The Register
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)
People doubt their own ability to spot AI-generated deepfakes - Help Net Security
A National Security Insider Does the Math on the Dangers of AI | WIRED
40% of organisations have AI policies for critical infrastructure | Security Magazine
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
25 cyber security AI stats you should know - Help Net Security
Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard
6 security items that should be in every AI acceptable use policy | CSO Online
'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence
The use of AI in war games could change military strategy (theconversation.com)
2FA/MFA
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Malware
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)
Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Antivirus updates hijacked to drop dangerous malware | TechRadar
Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica
Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)
Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Mobile
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
iPhone password reset attacks are real – how to protect yourself | Mashable
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)
Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET
Data Breaches/Leaks
5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)
Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News
AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)
App bug exposes 1M neighbourhood watchers to data harvesters • The Register
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)
Insider Risk and Insider Threats
Most people still rely on memory or pen and paper for password management - Help Net Security
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch
Insurance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget
Supply Chain and Third Parties
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Cloud/SaaS
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Identity and Access Management
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
Identity-based security threats are growing rapidly: report | CSO Online
Encryption
Europol asks tech firms, governments to get rid of E2EE • The Register
How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)
Australian authorities call for Big Tech help with decryption • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Most people still rely on memory or pen and paper for password management - Help Net Security
New Password Cracking Analysis Targets Bcrypt - Security Week
Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)
Social Media
Dutch govt body: Don't use Facebook if unsure about privacy • The Register
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra
Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)
Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)
A view from Brussels: To be sovereign, or not to be (iapp.org)
Cyber Security | UK Regulatory Outlook April 2024 - Lexology
Net neutrality has been restored in the US - Help Net Security
Models, Frameworks and Standards
Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard
Data Protection
Boost your data protection with insights from Dell's report - SiliconANGLE
A view from Brussels: To be sovereign, or not to be (iapp.org)
Careers, Working in Cyber and Information Security
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard
Addressing the cyber skills shortage: 5 key steps to take | CSO Online
Five Essential Steps To Land Your First Cyber Security Job (forbes.com)
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru
Law Enforcement Action and Take Downs
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Man arrested for 'framing colleague' with AI-generated voice • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)
China
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)
FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)
Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters
New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)
Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ads on .gov.uk websites raise eyebrows over privacy • The Register
Russia
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)
Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)
Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)
Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)
Iran
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop
The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)
North Korea
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert
Automated patch management: 9 best practices for success | TechTarget
Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Vulnerabilities
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Google Patches Critical Chrome Vulnerability - Security Week
Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)
Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)
GitHub vulnerability leaks sensitive security reports | TechTarget
New Password Cracking Analysis Targets Bcrypt - Security Week
Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)
Tools and Controls
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert
The Role of Threat Intelligence in Financial Data Protection - Security Boulevard
Automated patch management: 9 best practices for success | TechTarget
Rethinking How You Work with Detection and Response Metrics (darkreading.com)
Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard
Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Explore CASB use cases before you decide to buy | TechTarget
SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek
Identity-based security threats are growing rapidly: report | CSO Online
Microsoft criticized for charging for security add-ons • The Register
5 insights from new Microsoft CNAPP guide | Microsoft Security Blog
The Peril of Badly Secured Network Edge Devices (inforisktoday.com)
VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)
The first steps of establishing your cloud security strategy - Help Net Security
40% of organizations have AI policies for critical infrastructure | Security Magazine
Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)
World´s most advanced cyber defence exercise kicks off in Tallinn
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Reports Published in the Last Week
Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)
Boost your data protection with insights from Dell's report - SiliconANGLE
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Cyber Security in the UK - House of Commons Library (parliament.uk)
Other News
Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)
Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)
UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)
Internet cable at Cali airport cut in apparent sabotage • The Register
EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)
Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)
AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga
Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly
World´s most advanced cyber defence exercise kicks off in Tallinn
Why Cyber Security Is Key To Solving Global Crises (forbes.com)
Colleges spending more than ever on cyber security efforts (insidehighered.com)
Foreign states targeting UK universities, MI5 warns - BBC News
Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)
Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 December 2023
Black Arrow Cyber Threat Intelligence Briefing 22 December 2023:
-Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public
-Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 Million Times Per Day
-Why Employees Are a Bigger Security Risk than Hackers
-77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks
-New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes
-Threat Actors Still Exploiting Old Unpatched Vulnerabilities
-Many Organisations Still Lack Formal Cyber Security Training
-Addressing the Growing Threat of Supply Chain Cyber Attacks
-Cyber Incident Costs Surge 11% as Budgets Remain Muted
-Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?
-UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals
-Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public
A new Qualys report reveals that less than 1% of vulnerabilities are responsible for the greatest damage, and a quarter of high-risk vulnerabilities are now being exploited within a day of disclosure. In 2023, a record-breaking 26,000 vulnerabilities have been identified so far, emphasising the need for organisations to accelerate their response times. High-risk vulnerabilities, particularly in network devices and web applications, are the main targets for attackers seeking unauthorised access or privilege escalation. This situation underscores the critical need for organisations to implement a multi-layered defence strategy, automate patching where appropriate especially in areas of critical infrastructure, and adopt zero-trust principles to safeguard against such swift and potent cyber threats.
Sources: [SiliconANGLE] [SC Media]
Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 million Times Per Day
Nearly three quarters of cyber-attacks across the UK in 2023 targeted technology frequently used for remote working, new data from Coalition has revealed.
Attackers frequently target Remote Desktop Protocol (RDP), a tool that lets users access office computers from home, as it grants the attacker quick access to devices and allows them to execute further attacks.
Honeypot sensors maintained by Coalition have recorded 5.8 billion attacks so far in 2023, averaging around 17 million attacks per day. Of these it was found that 76% of attacks targeted RDP.
Attackers exploit RDP vulnerabilities that often stem from simple configuration mistakes. By taking steps like disabling unnecessary remote access or tightening controls, companies can help shield themselves from these pervasive threats.
Sources: [Insurance Times] [TechRadar] [Infosecurity Magazine]
Why Employees Are a Bigger Security Risk than Hackers
In today's interconnected world, the spotlight is often on cyber criminals attacking from outside, but a worrying trend points inward. A recent study by Imperva reveals that insiders pose a significant threat, being behind 58% of security incidents. The incidents are a mixture of deliberate misuse and accidents, however the majority of organisations lack a strategy to combat these risks. Even when strategies exist, they may be undermined by employees bypassing IT protocols or due to the pressures of adapting to new technologies. With insider incidents on the rise by 47% in two years, the costs are too great to ignore.
Source: [Raconteur]
77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks
Cyber attacks are more prevalent in the financial services sector than in any other industry. Last year, 77% of financial institutions were targeted, primarily through phishing and ransomware attacks. After financial services the second most targeted sector is healthcare. Both types of institutions are attractive targets not only because of their wealth of sensitive data but also because disruptions to their operations can lead to substantial ransom payments. They face increasingly sophisticated threats and the financial impact is significant, with approximately a quarter of these institutions estimating damages of at least $50,000. To mitigate these risks organisations are turning to cyber insurance, which necessitates further tightening of security practices, including identity and access management, to meet insurers’ stringent standards.
The healthcare sector reported over 179,000 cyber attacks in a single quarter, affecting entities globally. The primary threats were infostealers and ransomware. There have been scores of notable incidents where hospitals have been shut down or otherwise unable to operate. In many cases, this resulted in closing emergency departments, interfering with planned or emergency surgeries and forcing ambulances to divert to other hospitals, potentially causing life threatening delays. Further, a recent report analysing the enterprise risk management for the financial sector found that the two biggest concerns were rising interest rates at 74% and ransomware attacks at 65%.
Sources: [Security Magazine] [MSSP Alert] [PR NewsWire] [Security Magazine]
New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes
A new report has unveiled the escalating threat posed by phishing emails, as detected by DMARC software. In the past year, there's been a 70% rise in emails flagged as fraudulent, with almost 18% of total email traffic in the first half of 2023 being intercepted as potential phishing attempts. This surge underscores a pressing need for robust email security measures. Simple yet effective tools like DMARC, which automatically weeds out emails impersonating legitimate domains, are becoming critical in the fight against these sophisticated scams. With the average cost of a cyber attack now well into the millions, and given the high click rates on phishing emails, it is clear that taking proactive steps to strengthen an organisations digital defence is not just sensible, it is essential for safeguarding the businesses in the digital age.
Source: [Dark Reading]
Threat Actors Still Exploiting Old Unpatched Vulnerabilities
A report by Cisco has found that the most targeted vulnerabilities this year, same as previous years, were old unpatched vulnerabilities which should have been fixed a long time ago. Some of these security gaps in widely-used applications like Microsoft Office and or within versions of Windows itself are over a decade old. Unpatched vulnerabilities can leave systems open to exploitation, potentially leading to unauthorised access, data breaches, and widespread security incidents, including being a key enabler of ransomware attacks. This highlights an urgent call to action for organisations to patch known vulnerabilities and secure user accounts to fortify their defences against cyber threats.
Source: [IT Business]
Many Organisations Still Lack Formal Cyber Security Training
As we navigate into 2024, a new report by the SANS Institute found that more than 30% of organisations do not regularly perform cyber readiness exercises, while 40% have yet to establish formal training for cyber security. These findings underline a gap between the need for robust security measures and actual preparedness. On a positive note, most organisations are adopting frameworks like the NIST CSF to shape their security posture, and two-thirds are actively using metrics to gauge the effectiveness of their security operations. Yet, there’s a call to action here: for real progress, intentional investment and commitment to comprehensive training and stringent security operations are non-negotiable. This is the path to mature security operations that can withstand the complexities of today’s cyber threats.
Source: [Security Brief]
Addressing the Growing Threat of Supply Chain Cyber Attacks
As businesses become more interconnected through digital supply chains, supply chain cyber attacks are becoming more of a pressing issue for organisations. The attackers tend to exploit weaknesses in third-party suppliers, often with less guarded entry points, to access larger networks. With companies increasingly outsourcing and using cloud adoption, the need for stringent third-party cyber risk assessments is vital. However, complexities arise with the shared responsibility model for cloud security, where setting out the division of security duties between cloud service providers and clients can blur lines of defence. To tackle these challenges, integration of cyber security into procurement and supply chain processes is essential. This means enforcing collaboration between procurement and cyber security teams, mandating security standards in vendor contracts, and utilising automated tools for continuous risk assessments. Safeguarding modern supply chains is no longer a siloed task but a strategic, organisation wide imperative.
Source: [HackerNoon]
Cyber Incident Costs Surge 11% as Budgets Remain Muted
A new report found an 11% jump in the direct costs of a significant cyber incident, now averaging $1.7 million. The burden is even heavier for those without cyber insurance, with costs escalating to $2.7 million per incident. Cyber risks like fraud, third-party breaches, and data theft remain prevalent. Despite these increasing threats, cyber security budgets have grown modestly and are not keeping pace with the increased level of threat. The report also highlights a concerning gap in understanding cyber threats and a lack of internal training, emphasising the critical need for not just financial investment, but also a deeper engagement with cyber security training and awareness within organisations.
Source: [Infosecurity Magazine]
Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?
The escalating cyber threats against critical infrastructure, like recent attacks on water authorities, highlight an urgent security concern. These attacks, which are often state-sponsored, are not just targeting financial or data assets but are striking at essential services vital to human survival. The tactics used in these attacks, known as Intelligence Preparation of the Battlefield (IPB), are aimed at weakening a nation by disrupting services like power and water, key to both civil stability and military operations. Nations like Russia, China, and Iran employ these strategies for different purposes, ranging from strategic military advantages to ideological victories. The use of ransomware, as seen in the increasing incidents reported by the FBI, is a tool for both financial gain and geopolitical disruption. As we face these multifaceted threats, the need for robust cyber security measures to protect our critical infrastructure has never been more pressing. It is a call to action for nations and organisations alike to fortify their defences against these evolving and serious cyber threats.
Source: [SC Media]
UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals
The UK government is considering new regulations aimed at enhancing the security and resilience of data centres. The Department for Science, Innovation and Technology (DSIT) recognises the vital role of these data hubs and is examining the adequacy of current safety practices. With the identification of varying levels of security across the sector, the prospect of legislating minimum security standards is on the table. This may include establishing a regulatory body to oversee incident reporting and risk mitigation strategies, particularly for third-party service providers. These measures underscore the government's commitment to safeguarding data centres, which are increasingly integral to the UK's economic vitality and national security. As part of a broader initiative, the sector could be designated as critical national infrastructure, aligning it with international best practices and ensuring comprehensive protection from cyber threats and other risks.
Source: [ITPro]
Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management
Cyber criminals are escalating their tactics and becoming more aggressive in their effort to maximise disruption and compel the payment of ransom demands. Earlier this year, the ransomware group ALPHV exploited the new US data breach disclosure rules by filing a complaint with the US Securities and Exchange Commission (SEC) against a victim company for not reporting an alleged significant data breach. This marks a strategic evolution from traditional ransomware attacks, where data is encrypted and held hostage, to more nuanced extortion schemes. Such tactics are becoming more sophisticated, with triple extortion attacks threatening not just the target company but also their partners and clients. This shift from encryption to pure extortion requires a fresh understanding of cyber threats and a re-evaluation of defence strategies. It highlights the urgent need for businesses to protect not just their own data but also to consider the security of their entire data supply chain.
Source: [TechCrunch]
Governance, Risk and Compliance
Three Tech Budget Implementations To Help Optimize Your Resources (forbes.com)
65% of organisations say ransomware concerns impact risk management | Security Magazine
Healthcare and Finance Suffer Most Cyber Attacks | MSSP Alert
SEC vs SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)
77% of financial organisations detected a cyber attack in the last year | Security Magazine
Level of cyber security: the new key indicator of a company's performance | TechRadar
Managing cyber security risk during challenging economic times (techinformed.com)
Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)
The year in cyber security: 6 stories to read from 2023 | World Economic Forum (weforum.org)
After-Incident Reports Turn Breaches Into Security Blueprints (pymnts.com)
What's the Best Way to Communicate After a Data Breach? (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
65% of organisations say ransomware concerns impact risk management | Security Magazine
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims (bleepingcomputer.com)
Ransomware attacks hit new record in November :: Insurance Day
Ransomware attacks on the rise in the UK (itsecuritywire.com)
Ransomware surges, despite aggressive defences | SC Media (scmagazine.com)
BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week
A Major Ransomware Takedown Suffers a Strange Setback | WIRED
Double-Extortion Play Ransomware Strikes 300 Organisations Worldwide (thehackernews.com)
Ransomware trends and recovery strategies companies should know - Help Net Security
Ransomware Attacks in November Rise 67% From 2022 (darkreading.com)
BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign (securityaffairs.com)
CISA releases Play ransomware guidelines | Security Magazine
US and Australia Warn of Play Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team (thehackernews.com)
FBI Develops Decryption Tool That Could Tackle Casino Attacks (sbcamericas.com)
Ransomware Victims
Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye
Ransomware gang behind threats to Fred Hutch cancer patients (bleepingcomputer.com)
Delta Dental of California data breach exposed info of 7 million people (bleepingcomputer.com)
Seattle cancer centre confirms cyber attack after ransomware gang threats (therecord.media)
France International Schools Agency Impacted by Ransomware Hack - Bloomberg
Cyber Attack Slams The North Face and Vans Owner, Shares Plunge - The Messenger
Mr Cooper now says 15M people's data exposed in cyber attack • The Register
MongoDB shares fall on cyber security incident By Investing.com
2.7M medical records exposed in double-extortion ransomware attack | SC Media (scmagazine.com)
Nearly 3 million affected by ransomware attack on medical software firm (therecord.media)
Title insurance giant First American offline after cyber attack (bleepingcomputer.com)
St Vincent’s Health Australia says data stolen in cyber attack (yahoo.com)
Ransomware cyber attack hits Milton Town School District (databreaches.net)
Phishing & Email Based Attacks
Generative AI is making phishing attacks more dangerous | TechTarget
New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes (darkreading.com)
Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia
Qakbot is back and targets the Hospitality industry (securityaffairs.com)
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - Security Week
Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)
New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)
Artificial Intelligence
Generative AI is making phishing attacks more dangerous | TechTarget
AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security
'Unintended harms' of generative AI are national security risk to UK (techmonitor.ai)
Unequal Risk, Unequal Reward: How Gen AI disproportionately harms countries (ox.ac.uk)
Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)
AI in Cyber Security: It's All About Being Aware (inforisktoday.com)
Why 'dark AI' is a top cyber security concern for 2024 | Pension Times
How AI Is Shaping the Future of Cyber Crime (darkreading.com)
2FA/MFA
Malware
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges (thehackernews.com)
Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)
Windows and macOS targeted by new Go-based malware | TechRadar
QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)
Over 10K downloads amassed by malicious PyPi packages | SC Media (scmagazine.com)
Info stealers and how to protect against them (securityaffairs.com)
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)
Qakbot is back and targets the Hospitality industry (securityaffairs.com)
Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)
Cyber criminals target hotel staff for management credentials • The Register
BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)
Scam 'missed parcel' SMS messages: advice on avoiding malware - NCSC.GOV.UK
3 Ways to Use Real-Time Intelligence to Defeat Bots (darkreading.com)
Microsoft: Hackers target defence firms with new FalseFont malware (bleepingcomputer.com)
Hospitality sector subjected to new malware attacks | SC Media (scmagazine.com)
Mobile
iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans | ZDNET
The 5G risk: How to protect your smartphone from emerging security threats - PhoneArena
Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin
What is spyware and what can you do to stay protected? - Amnesty International
NSO Group May Be On Its Way Out But There’s No Shortage Of Competitors To Take Its Place | Techdirt
Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica
Internet of Things – IoT
Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops
Cyber security and car thefts: how are car makers responding? | CAR Magazine
Marketer sparks panic with claims it uses smart devices to eavesdrop on people | Ars Technica
Marketing firm admits it listens to conversations to sell targeted ads (searchengineland.com)
Data Breaches/Leaks
Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)
MongoDB says customer data was exposed in a cyber attack (bleepingcomputer.com)
Mr Cooper now says 15M people's data exposed in cyber attack • The Register
Wolverine-developer Insomniac Games sees 1.67TB of secrets leaked in data breach | Ars Technica
Everything Hackers Just Revealed in Sony Insomniac Games Leak (tech.co)
Comcast says hackers stole data of close to 36 million Xfinity customers | TechCrunch
BMW dealer at risk of takeover by cyber criminals - Security Affairs
Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records - Security Week
Data leak exposes users of car-sharing service Blink Mobility (securityaffairs.com)
Organised Crime & Criminal Actors
Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)
How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED
German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)
INTERPOL celebrates huge cyber crime Christmas present (emergingrisks.co.uk)
Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)
NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week
BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)
Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ
Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)
Lapsus$ teen sentenced to indefinite detention in hospital • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)
Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)
DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine
Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)
Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)
Insider Risk and Insider Threats
Insider threats: why employees are a bigger risk than hackers (raconteur.net)
Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)
DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine
Insurance
Supply Chain and Third Parties
What is supply chain risk management (SCRM)? | Definition by TechTarget
Addressing the Growing Threat of Supply Chain Cyber Attacks | HackerNoon
Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye
Supply chain emerges as major vector in escalating automotive cyber attacks - Help Net Security
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 (darkreading.com)
Cloud/SaaS
Most cloud transformations are stuck in the middle - Help Net Security
Millions of Microsoft Accounts Power Lattice of Automated Cyber Attacks (darkreading.com)
Box cloud storage down amid 'critical' outage (bleepingcomputer.com)
Encryption
Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)
86% of cyber attacks are delivered over encrypted channels - Help Net Security
SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
Passwords, Credential Stuffing & Brute Force Attacks
The password attacks of 2023: Lessons learned and next steps (bleepingcomputer.com)
CISA urges vendors to get rid of default passwords | CyberScoop
BMW dealer at risk of takeover by cyber criminals - Security Affairs
Cyber criminals target hotel staff for management credentials • The Register
Social Media
Social media platform X back up after global outage | Reuters
Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)
Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)
New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Are We Ready to Give Up on Security Awareness Training? (thehackernews.com)
Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)
Regulations, Fines and Legislation
SEC vs. SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)
Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops
UK data centres to be classed as critical infrastructure under new gov proposals | ITPro
Clock Starts on SEC Cyber Attack Rules: What CISOs Should Know (informationweek.com)
SEC disclosure rule for ‘material’ cyber security incidents goes into effect | CyberScoop
What Do CISOs Have to Do to Meet New SEC Regulations? (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week
A Major Ransomware Takedown Suffers a Strange Setback | WIRED
US law enforcement seizes BlackCat ransomware site, distributes decryption key (axios.com)
Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)
How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica
Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED
German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)
Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)
Interpol op cuffs 3,500 cyber suspects, seizes $300M • The Register
NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week
Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)
Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica
Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)
Lapsus$ teen sentenced to indefinite detention in hospital • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
China's Cyber Warfare Surges With Hacking Of US Infrastructure (thefederalist.com)
Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL
National Grid drops Beijing-backed supplier over UK power network fears (ft.com)
Chinese Spacecraft Emitting Strong Signal Over North America (futurism.com)
A top-secret Chinese spy satellite just launched on a supersized rocket | Ars Technica
China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents (thehackernews.com)
Russia
Ukraine updates: UK says Ukraine suffered severe cyber attack – DW – 12/16/2023
Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL
Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)
UK and partners form The Tallinn Mechanism for cyber security - GOV.UK (www.gov.uk)
Ukraine mobile cyber attack high impact says UK - Emerging Risks Media Ltd
Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach (hackread.com)
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
1 in 4 high-risk CVEs are exploited within 24 hours of going public | SC Media (scmagazine.com)
Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them? (darkreading.com)
Creating a formula for effective vulnerability prioritization - Help Net Security
Zoom Unveils Open Source Vulnerability Impact Scoring System - Security Week
Threat actors still exploiting old unpatched vulnerabilities, says Cisco | IT Business
Vulnerabilities
80 percent of Struts 2 downloads include critical flaw • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Flaws in pfSense firewall can lead to arbitrary code execution (securityaffairs.com)
QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)
Microsoft discovers critical RCE flaw in Perforce Helix Core Server (bleepingcomputer.com)
Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE (darkreading.com)
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)
3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Security Week
Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape - Security Week
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File (darkreading.com)
3CX warns customers to disable SQL database integrations (bleepingcomputer.com)
Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Security Week
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security Week
Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims (darkreading.com)
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (thehackernews.com)
Ivanti releases patches for 13 critical Avalanche RCE flaws (bleepingcomputer.com)
Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)
SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)
New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now (thehackernews.com)
Tools and Controls
AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security
More cyber criminals turning to remote desktop protocol attacks | Insurance Times
Microsoft unveils new, more secure Windows Protected Print Mode (bleepingcomputer.com)
65% of organisations say ransomware concerns impact risk management | Security Magazine
AI in Cyber Security: It's All About Being Aware (inforisktoday.com)
Demystifying Open XDR: What It Is, How to Do It, and ROI | Binary Defence
Can you trust Windows Hello biometric authentication | Kaspersky official blog
Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)
How CISOs can manage multiprovider cyber security portfolios | TechTarget
Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool | CISA
Are Workstation Security Logs Actually Important? | MSSP Alert
What's the Best Way to Communicate After a Data Breach? (darkreading.com)
Reports Published in the Last Week
Other News
77% of financial organisations detected a cyber attack in the last year | Security Magazine
Small businesses targeted by cyber criminals for data (securitybrief.co.nz)
Retailers Are Being Barraged By Cyber Attacks This Holiday Season (forbes.com)
Complexity leaves energy companies vulnerable to cyber attacks - Verdict
The MOVEit breach may well have been the biggest cyber attack of the year | TechRadar
How to bolster security against intellectual property theft (c4isrnet.com)
In Cyber Security, Some Conventional Wisdom, While Well-Intentioned, Is Off-Base (newsweek.com)
Navigating The Cyber Security Landscape In 2024 (forbes.com)
3 Strategic Insights from Cyber Security Leader Study (trendmicro.com)
The truth behind four small business cyber security myths (themanufacturer.com)
Conclusion of Crossed Swords: the most exciting offensive cyber operations exercise
Australia announces cyber security plan after major breaches | World Economic Forum (weforum.org)
National Grid drops Beijing-backed supplier over UK power network fears (ft.com)
NIST Report Spotlights Cyber, Privacy Risks in Genomic Data (inforisktoday.com)
Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)
86% of cyber attacks are delivered over encrypted channels - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.