Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.

A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.

https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/

https://www.itpro.com/security/ransomware/weekly-cyber-attacks-reach-two-year-high-amid-ransomware-resurgence

• MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals

The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.

The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.

https://www.theregister.com/2023/07/20/moveit_victim_count/

• IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.

Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.

https://www.bleepingcomputer.com/news/security/it-worker-jailed-for-impersonating-ransomware-gang-to-extort-employer/

• Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.

A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.

https://www.forbes.com/sites/theyec/2023/07/14/stabilizing-the-cybersecurity-landscape-the-ciso-exodus-and-the-rise-of-vcisos/

• Risk is Driving Medium-Sized Business Decisions

Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.

In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.

https://www.msspalert.com/cybersecurity-guests/risk-is-driving-small-and-medium-sized-businesses-smb-decisions/

• Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security

For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.

However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.

This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.

https://technative.io/talent-and-governance-not-technology-are-key-to-drive-change-around-cyber-security/

• Hybrid Work, Digital Transformation can Exploit Security Gaps

A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.

The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.

https://www.msspalert.com/cybersecurity-research/digital-transformation-hybrid-work-models-create-perfect-setting-for-cybercriminals-to-exploit-security-gaps-study-finds/

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.

What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.

https://www.securityweek.com/human-cyber-risk-can-be-demonstrably-mitigated-by-behavior-changing-training-analysis/

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.

https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/

https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html

• Pro-Russian Hacktivists Increase Focus on Western Targets

‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.

The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.

https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/

• Infosec Doesn't Know What AI Tools Organisations Are Using

With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.

Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.

https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using

• Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

https://www.theregister.com/2023/07/19/google_cuts_internet/

• Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023

Governance, Risk and Compliance

• Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert

• Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)

• Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• CISOs are making cyber security a business problem - Help Net Security

• Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)

• How to Build a Cyber Resilient Company | Entrepreneur

• Best practices for an effective cyber security strategy | CSO Online

• Exploring the macro shifts in enterprise security - Help Net Security

• Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Costs Financial Services $32bn in Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro

• Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Who are the ransomware gangs wreaking havoc on the world’s biggest companies? | Renee Dudley | The Guardian

• Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)

• SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)

• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)

• New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek

• Google’s Bard poses ransomware risk, say researchers | Cybernews

• Ransomware review: July 2023 (malwarebytes.com)

• FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs

• What is Cyber Extortion? | Definition from TechTarget

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Ransomware Victims

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch

• MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)

• BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly

• Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian

• Russian medical lab suspends some services after ransomware attack (therecord.media)

• Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Phishing & Email Based Attacks

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert

• Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

BEC – Business Email Compromise

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

Other Social Engineering; Smishing, Vishing, etc

• Meta's Threads app used as a lure - Help Net Security

Artificial Intelligence

• ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent

• Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 4 Brits play with generative AI and some believe it too • The Register

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• AI must have better security, says top cyber official - BBC News

• Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

• Google’s Bard poses ransomware risk, say researchers | Cybernews

Malware

• Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)

• Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• LokiBot Malware Targets Windows Users in Office Document Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)

• Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs

• Are Viruses Still a Threat to Cyber security? (makeuseof.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Apple slams UK surveillance-bill proposals - BBC News

• Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)

• Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

Botnets

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop

• Attackers intensify DDoS attacks with new tactics - Help Net Security

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)

• US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)

• Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)

Data Breaches/Leaks

• MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek

• Data compromises on track to set a new record - Help Net Security

• Virustotal data leak exposed data of some registered customers - Security Affairs

• What to do (and what not to do) after a data breach - Help Net Security

• HWL Ebsworth hack: Queensland says its files were taken after criminals release Victorian documents | Cybercrime | The Guardian

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)

• FIA World Endurance Championship driver passports leaked - Security Affairs

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• Old Roblox Data Leak Resurfaces, 4000 Users' Personal Information Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Colorado State University says data breach impacts students, staff (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Taking the Fight to the Cyber Criminals (trendmicro.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek

• Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)

• SA on the brink of being Africa's capital of cyber crime, say digital experts | City Press (news24.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net Security

Insider Risk and Insider Threats

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Former contractor accused of remotely accessing town's water treatment facility | Tripwire

• Insider Risk Management Starts With SaaS Security (darkreading.com)

Fraud, Scams & Financial Crime

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Growing scam activity linked to social media and automation - Help Net Security

• A fresh look at the current state of financial fraud - Help Net Security

• Tech support scammers now accepting cash via snail mail • The Register

• Half of UK company directors struck off linked to alleged Covid loan fraud | Coronavirus | The Guardian

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

AML/CFT/Sanctions

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Dark Web

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations (thehackernews.com)

Supply Chain and Third Parties

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Supply chain executives unaware of growing customer trust issues - Help Net Security

• Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)

Cloud/SaaS

• Microsoft makes cloud security logs available for free • The Register

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• Top 5 Cloud Security Threats in 2023 (analyticsinsight.net)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• How to manage cloud exploitation at the edge | CIO

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Securing The Hybrid Workforce Begins With Browsing (forbes.com)

Attack Surface Management

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

Identity and Access Management

• Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain (securityintelligence.com)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• The rise of hassle-free and secure authentication | CyberScoop

Encryption

• Real-world examples of quantum-based attacks - Help Net Security

• EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Signal president rejects ‘mass surveillance’ UK law | Fortune

API

• Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)

• API keys: Weaknesses and security best practices | TechTarget

Open Source

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Social Media

• Growing scam activity linked to social media and automation - Help Net Security

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• Meta's Threads app used as a lure - Help Net Security

• TechScape: ‘Lives are ruined in an afternoon’ – social media and the Huw Edwards story | Technology | The Guardian

Training, Education and Awareness

• Human Cyber Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis - SecurityWeek

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)

Digital Transformation

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

Travel

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

Regulations, Fines and Legislation

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

Models, Frameworks and Standards

• OWASP ZAP 2.13.0 Released – What’s New! (gbhackers.com)

Data Protection

• AI models must be reconciled with data protection laws • The Register

Careers, Working in Cyber and Information Security

• Career Benefits of Learning Ethical Hacking (analyticsinsight.net)

• Should You Be Using a Cyber security Careers Framework? (darkreading.com)

Law Enforcement Action and Take Downs

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Privacy, Surveillance and Mass Monitoring

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

Misinformation, Disinformation and Propaganda

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop

• Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)

• New Threat Actor Launches Cyber attacks on Ukraine and Poland - Infosecurity Magazine (infosecurity-magazine.com)

• 1st Case Of Online Killing? Russian Submarine Commander Falls Prey To Fitness Tracking App (eurasiantimes.com)

• Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)

• Ukraine innovates on cyber defence | Financial Times (ft.com)

China

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• Chinese APT Favourite Backdoor Found in Pakistani Government App - Infosecurity Magazine (infosecurity-magazine.com)

• China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert

• Xi wants to make the Great Firewall of China even greater • The Register

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

North Korea

• JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)

• North Korean hackers breached a US tech company to steal crypto | Reuters

Misc/Other/Unknown

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• APT Protection: The Key to Safeguarding Your Business (ts2.space)

• How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• What is Vulnerability Assessment In Cyber security? (gbhackers.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)

• Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organisations via Forged Azure AD Tokens (thehackernews.com)

• Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

• New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)

• OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA

• New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices - SecurityWeek

• Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)

• Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs

• Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs

• Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)

• Chrome 115 Patches 20 Vulnerabilities - SecurityWeek

• 'METIOR' Defence Blueprint Against Side-Channel Vulnerabilities Debuts | Tom's Hardware (tomshardware.com)

• 5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)

• Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Google says Apple employee found a zero-day but did not report it | TechCrunch

Tools and Controls

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)

• A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)

• Enterprise communication security a growing risk, priority | TechTarget

• SBOMs Still More Mandate Than Security (darkreading.com)

• MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)

• NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)

• Building resilience through DevSecOps - Help Net Security

• Microsoft's security roadmap: Protect Azure DevOps secrets • The Register

• CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)

• What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET

• Insider Risk Management Starts With SaaS Security (darkreading.com)

• What is Real-Time Monitoring? | Definition from TechTarget

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

• 67% of daily security alerts overwhelm SOC analysts - Help Net Security

• Technical Aspects Of Modern SIEM Systems (forbes.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• 3 Ways AI Could Improve Authentication (darkreading.com)

• Microsoft makes cloud security logs available for free • The Register

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• The XDR Payoff: Better Security Posture (trendmicro.com)

• API keys: Weaknesses and security best practices | TechTarget

• 10 Steps to Help Secure Your APIs - SecurityWeek

• Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them (bleepingcomputer.com)

Other News

• Google restricting internet access to some employees for security (cnbc.com)

• Enterprise communication security a growing risk, priority | TechTarget

• Healthcare organisations in the crosshairs of cyber attackers - Help Net Security

• Broadband consumers demand security and sustainability - Help Net Security

• Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)

• Famed Hacker Kevin Mitnick Dead at 59 - SecurityWeek

• Most CNI Firms Think Climate Tech is Increasing Cyber Risk - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security measures SMBs should implement - Help Net Security

• Satellites Are Rife With Basic Security Flaws | WIRED

• How Hackers Can Hijack a Satellite (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

The Log4j Flaw Will Take Years to be Fully Addressed

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly, and will require coordination between different project teams to address the flaw.

Shortly after the first vulnerability in the Apache Log4j library (CVE-2021-44228) was disclosed, Google's Open Source Insights Team surveyed all the Java packages in the Maven Central Repository "to determine the scope of the issue in the open source ecosystem of JVM based languages, and to track the ongoing efforts to mitigate the affected packages," say team members James Wetter and Nicky Ringland. The team estimates it could take years before the vulnerability is fully addressed within the Java ecosystem.

A significant part of the problem has to do with indirect dependencies. Direct dependencies, or the cases where package explicitly pulls log4j into the code, are relatively straightforward to fix, as the developer or project owner just has to update log4j to the latest version.

https://www.darkreading.com/tech-trends/the-log4j-flaw-will-take-years-to-be-fully-addressed

Copycat And Fad Hackers Will Be The Bane Of Supply Chain Security In 2022

Replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases next year, cyber security researchers have warned.

The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original -- singular -- victim or may choose to cherry-pick from the most valuable potential targets.

This can save cyber criminals time and money, as one successful attack can open the door to potentially thousands of victims at once.

A ransomware attack levied against Kaseya in 2021 highlighted the disruption a supply chain-based attack can cause. Ransomware was deployed by exploiting a vulnerability in Kaseya's VSA software, leading to the compromise of multiple managed service providers (MSP) in Kaseya's customer base.

https://www.zdnet.com/article/copycat-and-fad-hackers-will-be-the-bane-of-supply-chain-security-in-2022/

This Nightmare Incident Shows Why You Really Shouldn't Store Passwords In Your Browser

An infostealer is scooping up passwords stored in browsers, experts warn

An unnamed company was recently breached after an employee stored their corporate account password in their web browser, a new report suggests.

According to research from security company AhnLab, the employee was working from home on a device shared with other household members, which was already infected with Redline Stealer, an infostealing malware.

Although the computer was equipped with antivirus software, the malware was able to evade detection, before stealing the passwords stored in the victim's browser.

https://www.techradar.com/news/this-simple-malware-shows-why-you-really-shouldnt-store-passwords-in-your-browser

Kaspersky Research: 47% of Incident Response Requests Linked to Ransomware

This year — 2021 — marked a “new era of ransomware,” said Vladimir Kuskov, head of threat exploration at Russian cyber security company Kaspersky. This is reflected in security incident requests handled by Kaspersky’s Global Emergency Response Team (GERT) between January and November 2021.

Kaspersky reported 46.7 percent of the security incidents that GERT handled in the first 11 months of 2021 were related to ransomware. Comparatively, Kaspersky attributed ransomware to 37.9 percent of security incidents that GERT handled for all of 2020 and 34 percent for 2019.

In addition, the government and industrial sectors have been the most common targets for ransomware attacks in 2021 to date, Kaspersky indicated. These industries accounted for nearly 50 percent of ransomware-related incident response requests that GERT has handled.

https://www.msspalert.com/cybersecurity-research/kaspersky-research-47-of-incident-response-requests-linked-to-ransomware/

Global Cyber Attacks from Nation-State Actors Posing Greater Threats

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.

The macro-trend I’m most alarmed by today is the fact that attackers don’t seem to care about getting caught anymore. We have seen an increase in temerity of attacks by nation-states, such as the Russian attack on SolarWinds, and seen their attack tactics shift from targeted, stealthy operations into opportunistic hacks for potential future uses, such as the attacks attributed to Hafnium.

Such a brazen approach hasn’t been a common tactic of nation-states in the past, but now seems to be the status quo. In part, this trend may also be due to a destabilization of the international relations climate stemming from COVID-19, as well as work-from-home forcing core business services out onto the internet to facilitate employee access.

Broadly speaking, we should see China as a rising cyber security threat on the international stage. That has been the case for some time in terms of their economic, defense and military posture, but 2021 has quite clearly demonstrated that the relationship has deteriorated into a sort of Cold War, with espionage playing out in the cyber-domain.

https://threatpost.com/global-cyberattacks-nation-state-threats/177253/

Y2k22 Bug Is Causing Microsoft Exchange Server To Fail Worldwide: FIP-FS Scan Engine Failed To Load

Company admins are having their New Year’s celebrations interrupted by reports that their Exchange Servers are failing with the error “FIP-FS Scan Engine failed to load – Can’t Convert “2201010001” to long (2022/01/01 00:00 UTC)“.

The issue appears to be due to Microsoft using the first two numbers of the update version to denote the year of the update, which caused the “long” version of the date to overflow.

At present, it seems the main workaround is to disable the anti-malware scanner on the Exchange Server by using Set-MalwareFilteringServer -BypassFiltering $True -identity <server name> and restarting the Microsoft Exchange Transport service.

It appears Microsoft has not acknowledged the issue yet, but if you are affected some peer support is available at Reddit here.

Update: Microsoft has now acknowledged the issue and is working on a fix

https://mspoweruser.com/y2k22-bug-is-causing-microsoft-exchange-server-to-fail-worldwide/

External Attackers Can Penetrate Most Local Company Networks

In 93% of cases, external attackers can breach the organisation’s network perimeter and gain access to local network resources, and it takes an average of two days to penetrate the company’s internal network. In 100% of companies analysed, an insider can gain full control over the infrastructure.

These are the results of a new research report by Positive Technologies, analyzing results of the company’s penetration testing projects carried out in the second half of 2020 and first half of 2021.

The study was conducted among financial organizations (29%), fuel and energy organizations (18%), government (16%), industrial (16%), IT companies (13%), and other sectors.

During the assessment of protection against external attacks, Positive Technologies experts managed to breach the network perimeter in 93% of cases. According to the company’s researchers, this figure has remained high for many years, confirming that criminals are able to breach almost any corporate infrastructure.

https://www.helpnetsecurity.com/2021/12/28/external-attackers-local-company-networks/

The Have I Been Pwned Service Now Includes 441K Accounts Stolen By RedLine Malware

The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by the popular info-stealer.

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as a first-stage malware.

Stolen data are stored in an archive (logs) before being uploaded to a server under the control of the attackers.

A few days ago the data breach hunter Bob Diachenko discovered an unsecured server exposing over 6 million RedLine logs containing data harvested between August and September 2021. The server is still accessible, but the researchers pointed out that threat actors abandoned it because the the number of logs is not increasing.

https://securityaffairs.co/wordpress/126186/malware/redline-malware-hibp.html

Threats

Ransomware

• Organisations Targeted With Babuk-Based Rook Ransomware | SecurityWeek.Com

• QNAP NAS Devices Hit With Surge Of Ransomware Attacks | TechRadar

• Shutterfly Hit By A Conti Ransomware Attack - Security Affairs

• Cyber Attack On One Of Norway’s Largest Media Companies Shuts Down Presses - The Record by Recorded Future

Malware

• Threat Actor Uses HP iLO Rootkit To Wipe Servers - The Record by Recorded Future

• New Malware Uses SSD Over-Provisioning to Bypass Security Measures | Tom's Hardware

• Threat Actors Are Abusing MSBuild To Implant Cobalt Strike Beacons - Security Affairs

Data Breaches/Leaks

• LastPass Says No Passwords Were Compromised Following Breach Scare - The Verge

• T-Mobile Welcomed Christmas With Its Second Data Breach In Less Than Six Months - Phonearena

Organised Crime & Criminal Actors

• In the Fight Against Cyber Crime, Takedowns Are Only Temporary (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• Cryptomining Attack Exploits Docker API Misconfiguration Since 2019 | Threatpost

Insider Risk and Insider Threats

• When Employees Leave, Is Your Data Walking Out The Door? - Help Net Security

Scams, Fraud & Financial Crime

• Fraud Detection And Prevention Market To Hit $100 Billion By 2027 - Help Net Security

Nation State Actors

• China-linked BlackTech APT Uses New Flagpro Malware In Recent Attacks - Security Affairs

• APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools | Threatpost

Passwords

• RedLine Malware Shows Why Passwords Shouldn't Be Saved In Browsers (bleepingcomputer.com)

Vulnerabilities

• Experts Monitor Ongoing Attacks Using Exploits For Log4j Library Flaws - Security Affairs

• Netgear Leaves Vulnerabilities Unpatched In Nighthawk Router (bleepingcomputer.com)

Other News

• What the Rise in Cyber-Recon Means for Your Security Strategy | Threatpost

• Most Companies Struggling To Achieve Observability Despite Investing In Tools - Help Net Security

• LastPass Confirms Credential Stuffing Attack Against Some Of Its Users - The Record by Recorded Future

• A New Year Will Bring New Targets: What to Look for in 2022 | SecurityWeek.Com

• University Loses 77TB Of Research Data Due To Backup Error (bleepingcomputer.com)

• Don’t Expect A Slowdown After Record-Setting Year For Cyber Security As Several Drivers Remain For Big 2022 – Crunchbase News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.