Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 September 2023
Black Arrow Cyber Threat Intelligence Briefing 08 September 2023:
-More Than Half of UK Organisations Know They Aren’t Well Protected
-Generative AI Considered a Security Risk by 60% of Board Members: How Organisations Can Prepare
-Businesses Ignore Incident Response at Their Peril
-Blame Culture: An Organisation’s Ticking Time Bomb
-Spend to Save: CFO’s and Cyber Security Investment
-Cyber Security Tools Are New Targets for Attackers, including Nation-State Actors
-Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
-Common Tactics Used by Threat Actors to Weaponise PDFs
-Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
-Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
-71% of Organisations are Impacted by Cyber Security Skills Shortage
-Multiple Schools Hit by Cyber Attacks Before Term Begins
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Than Half of UK Organisations Know They Aren’t Well Protected
According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.
Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.
Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.
Sources: [IT Security Guru][Beta News]
Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare
A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.
The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.
For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.
Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]
Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]
Businesses Ignore Incident Response at Their Peril
According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.
Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.
One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it.
Source: [Infosecurity Magazine]
Blame Culture: An Organisation’s Ticking Time Bomb
An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.
Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.
Source: [ IT Security Guru]
Spend to Save: CFOs and Cyber Security Investment
For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.
When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.
Source: [Security Intelligence]
Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors
An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.
Source: [News Week]
Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.
Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Source: [The Register] [Tech Monitor]
Common Tactics Used by Threat Actors to Weaponise PDFs
PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.
Source: [Cyber Security News]
Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.
The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.
Source: [The Register]
Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability. Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.
Source: [IT Security Guru]
71% of Organisations are Impacted by Cyber Security Skills Shortage
Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.
Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.
Source: [Security Magazine] [Digital Journal]
Multiple Schools Hit by Cyber Attacks Before Term Begins
Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.
The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
The importance of CISOs is not recognised by senior leadership - IT Security Guru
Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
SEC tells companies to “show their work” on cyber security - Red Canary
Cyber security: a life cycle, not a destination | Hydrocarbon Engineering
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Compliance budgets under strain as inflation and workload grow - Help Net Security
Cyber Security pros battle discontent amid skills shortage - Help Net Security
CISOs weigh in on building security-focused culture | Healthcare IT News
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Attackers access military data through fencing supplier • The Register
Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)
Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Killware vs. Ransomware: What's the Difference? (makeuseof.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)
Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)
How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)
Ransomware Victims
LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)
Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)
Debenham High School IT system hit by cyber attack - BBC News
Highgate Wood School delays term by 6 days after cyber attack | This Is Local London
Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle
Ransomware gang claims credit for Sabre data breach | TechCrunch
Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)
Phishing & Email Based Attacks
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
Spam is up, QR codes emerge as a significant threat vector - Help Net Security
From unsuspecting click to data compromise - Help Net Security
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)
Other Social Engineering; Smishing, Vishing, etc
Emerging threat: AI-powered social engineering - Help Net Security
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Artificial Intelligence
Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)
AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)
Emerging threat: AI-powered social engineering - Help Net Security
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)
It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE
Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)
UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)
Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK
Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)
How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)
3 ways to strike the right balance with generative AI - Help Net Security
Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Malware
Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)
'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)
Malware configurations How to find and use them? (govinfosecurity.com)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)
New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Mobile
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld
Botnets
Denial of Service/DoS/DDOS
DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA
BYOD
Internet of Things – IoT
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
Connected cars and cyber crime: A primer - Help Net Security
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
Why consumer drones represent a special cyber security risk (securityintelligence.com)
Like privacy? Then smart devices are a dumb idea • The Register
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
Data Breaches/Leaks
Electoral Commission failed basic security test before hack - BBC News
Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)
Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)
Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)
Thousands of Popular Websites Leaking Secrets - SecurityWeek
Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)
Northern Ireland police chief quits in wake of data breach • The Register
Lawsuit blames Tesla for data breach it sued ex-staff over • The Register
Organised Crime & Criminal Actors
Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru
Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)
It might be too soon to claim victory against Qakbot | Computer Weekly
Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Cyber criminals target graphic designers with GPU miners (talosintelligence.com)
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru
Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security
Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Impersonation Attacks
'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Deepfakes
Emerging threat: AI-powered social engineering - Help Net Security
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
AML/CFT/Sanctions
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Insurance
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Dark Web
Supply Chain and Third Parties
Attackers access military data through fencing supplier • The Register
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Supply chain related security risks, and how to protect against them (malwarebytes.com)
5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Creating a more cyber secure supply chain requires group effort - FreightWaves
Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)
Software Supply Chain
Cloud/SaaS
Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Hybrid/Remote Working
Attack Surface Management
What OSINT is, and why it’s dangerous | Kaspersky official blog
Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE
Top 10 riskiest assets threatening global business - IT Security Guru
Encryption
Government denies U-turn on encrypted messaging row - BBC News
UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop
API
Open Source
Software industry urged to assume risk on open source security | CIO Dive
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica
Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
75% of education sector attacks linked to compromised accounts - Help Net Security
Social Media
Malvertising
Parental Controls and Child Safety
Children's snack recalled after its website caught serving porn (bleepingcomputer.com)
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Regulations, Fines and Legislation
An Overview of ENISA’s Risk Management Standards Report | UpGuard
SEC tells companies to “show their work” on cyber security - Red Canary
Verizon to pay feds $4M over cyber security lapse | Light Reading
Government denies U-turn on encrypted messaging row - BBC News
UK drops 'spy clause' for scanning encrypted messages • The Register
Models, Frameworks and Standards
An Overview of ENISA’s Risk Management Standards Report | UpGuard
CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security
Explaining The New NIST Cyber Security Framework to the C-Suite
Backup and Recovery
Careers, Working in Cyber and Information Security
71% of organisations are impacted by cyber security skills shortage | Security Magazine
Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV
6 free resources for getting started in cyber security - Help Net Security
Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop
Cyber security pros battle discontent amid skills shortage - Help Net Security
Law Enforcement Action and Take Downs
It might be too soon to claim victory against Qakbot | Computer Weekly
Cops drill into chat apps to thwart coke-smuggling ring • The Register
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)
Attackers access military data through fencing supplier • The Register
Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)
Big Tech failed to police Russian disinformation: EU study • The Register
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
China
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
How Microsoft's highly secure environment was breached (malwarebytes.com)
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
German companies report more cyber attacks from Russia, China | Meta.mk
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica
South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times
Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)
Iran
Hackers push anti-Iranian government messages to millions via breached app | CyberScoop
Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)
North Korea
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)
Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
North Korean hackers target security researchers with new zero-day (therecord.media)
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Misc Nation State/Cyber Warfare
Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Vulnerability Management
Years-old Microsoft bugs are still hot targets for criminals • The Register
Old vulnerabilities are still a big problem - Help Net Security
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Vulnerabilities
Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)
Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News
Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)
Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek
Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)
ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Cisco SSO authentication bug patched - Security - Networking - iTnews
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Security or performance? Zenbleed forces you to choose | Digital Trends
Tools and Controls
Many businesses still aren't using BYOD protection | TechRadar
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
An Overview of ENISA’s Risk Management Standards Report | UpGuard
IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Dangling DNS Used to Hijack Subdomains of Major Organisations - SecurityWeek
Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)
Cut through cyber security vendor hype with these 6 tips | TechTarget
IAM, cloud security to drive new cyber security spending | CSO Online
Best practices for implementing a proper backup strategy - Help Net Security
Other News
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News
Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog
Insecure by design: What you need to know about defending critical infrastructure | CSO Online
Half of Switzerland's large companies have been the victim of a cyber attack | Euronews
Dangling DNS Used to Hijack Subdomains of Major Organizations - SecurityWeek
Securing the future: Safeguarding cyber-physical systems | CSO Online
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy - SecurityWeek
Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com
10 old-school security principles that (still) rule | CSO Online
Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 February 2023
Black Arrow Cyber Threat Briefing 03 February 2023:
-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
-The Corporate World is Losing its Grip on Cyber Risk
-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside
-98% of Organisations Have a Supply Chain Relationship That Has Been Breached
-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
-Financial Services Targeted in 28% of UK Cyber Attacks Last Year
-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For
-City of London on High Alert After Ransomware Attack
-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC). Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.
Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject. When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.
"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.
BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.
The Corporate World is Losing its Grip on Cyber Risk
Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.
But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.
But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”
The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.
https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906
Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.
Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.
Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.
Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.
Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.
Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk. The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.
Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year.
In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.
The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside
A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training.
98% of Organisations Have a Supply Chain Relationship That Has Been Breached
A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.
In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.
Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.
The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable. It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.
Financial Services Targeted in 28% of UK Cyber Attacks Last Year
Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.
https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/
Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For
Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.
The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.
City of London on High Alert After Ransomware Attack
A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/
JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.
JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.
https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79
Threats
Ransomware, Extortion and Destructive Attacks
City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)
New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Copycat Criminals mimicking Lockbit gang in northern Europe security affairs
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg
Regulators weigh in on ION attack as LockBit takes credit • The Register
New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)
Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)
Schools don't pay, but ransomware attacks still increasing | TechTarget
Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Nevada Ransomware Has Released Upgraded Locker security affairs
LockBit Green ransomware variant borrows code from Conti one security affairs
Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)
Ransomware attacks on public sector persist in January | TechTarget
Ransomware attack on data firm ION could take days to fix -sources | Reuters
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Phishing & Email Based Attacks
Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)
Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)
PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Malvertising attacks are distributing .NET malware loaders • The Register
Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)
Mobile
Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)
Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Botnets
Denial of Service/DoS/DDOS
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)
Internet of Things – IoT
IoT, connected devices biggest contributors to expanding application attack surface | CSO Online
European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)
Anker finally comes clean about its Eufy security cameras - The Verge
Data Breaches/Leaks
JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)
Organised Crime & Criminal Actors
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
6 Examples of the Evolution of a Scam Site (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Insider Risk and Insider Threats
Insider attacks becoming more frequent, more difficult to detect - Help Net Security
Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)
The next cyber threat may come from within - Help Net Security
Insider threats: The cyber risks lurking in the dark (betanews.com)
Former Ubiquiti dev pleads guilty to data theft, extortion • The Register
Fraud, Scams & Financial Crime
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek
6 Examples of the Evolution of a Scam Site (darkreading.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire
Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Dark Web
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
Supply Chain and Third Parties
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek
Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online
CISA to Open Supply Chain Risk Management Office (darkreading.com)
Cloud/SaaS
Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online
Hybrid cloud storage security challenges - Help Net Security
Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security
Containers
Encryption
Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)
Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek
API
The emergence of trinity attacks on APIs - Help Net Security
API management (APIM): What It Is and Where It’s Going security affairs
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News
KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)
Social Media
Inside TikTok’s proposal to address US national security concerns | CyberScoop
Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Regulators weigh in on ION attack as LockBit takes credit • The Register
New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online
Governance, Risk and Compliance
Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security
Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)
The corporate world is losing its grip on cyber risk | Financial Times (ft.com)
Careers, Working in Cyber and Information Security
The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek
Economic headwinds could deepen the cyber security skills shortage | CSO Online
Law Enforcement Action and Take Downs
7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Hacker accused of having stolen personal data of all Austrians security affairs
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Privacy, Surveillance and Mass Monitoring
On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)
Hacker accused of having stolen personal data of all Austrians security affairs
Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)
Artificial Intelligence
Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online
OpenAI releases tool to detect AI-written text (bleepingcomputer.com)
Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Nation State Actors
Nation State Actors – Russia
Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)
Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Nation State Actors – China
Google deletes 50,000 pro-China fake-news vids and blogs • The Register
TikTok CEO to testify before US. Congress over security concerns | Reuters
Nation State Actors – North Korea
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
The future of vulnerability management and patch compliance - Help Net Security
What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)
Vulnerabilities
Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)
Patch management is crucial to protect Exchange servers, Microsoft warns security affairs
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)
Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)
Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)
Why you might not be done with your January Microsoft security patches | CSO Online
HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)
High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs
Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)
Threat activity increasing around Fortinet VPN vulnerability | TechTarget
Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online
Tools and Controls
Other News
We can't rely on goodwill to protect our critical infrastructure - Help Net Security
Playing Military Sim War Thunder May Get You Classed as a National Security Risk
Cyber attacks in space: How safe are our satellites? | Metro News
Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.