Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)

Vulnerability Management

• New law could turn UK into a hacker's playground | Computerworld

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• How did Clop get its hands on the MOVEit zero day? (therecord.media)

Vulnerabilities

• Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks (thehackernews.com)

• Microsoft Teams attack exposes collab platform security gaps | TechTarget

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)

• Google Chrome 116's second point update addresses a security issue - gHacks Tech News

• Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)

• Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week

• This WordPress plugin with 5 million users could have a serious security flaw | TechRadar

• Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)

Tools and Controls

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

• Enterprise dark web monitoring: Why it's worth the investment | TechTarget

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• Here's What Your Breach Response Plan Might Be Missing (darkreading.com)

• The Middleware Threats to Microsoft's Monopoly | HackerNoon

• Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)

• Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)

• Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)

• Detecting the Undetected: The Risk to Your Info (securityintelligence.com)

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Other News

• Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)

• Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt

• When lives rely on equipment, cyber security is essential | Healthcare IT News

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Rising cyber incidents challenge healthcare organisations - Help Net Security

• Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)

• Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• 69% of educational organisations suffered cyber attack in the past year - Netwrix survey

• Claroty's 2023 Global Healthcare Cyber Security Study Exposes Widespread Vulnerabilities And Impact (informationsecuritybuzz.com)

• Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)

• Debunking The Top Five Cyber Security Myths (forbes.com)

• Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)

• Cyber Attacks Targeting E-commerce Applications (thehackernews.com)

• Industrial networks need better security as attacks gain scale | ZDNET

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hackers Hit One Third of Organisations Worldwide Multiple Times

Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.

The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.

Overall, respondents rated the following as the top cyber threats in 1H 2022:

• Business Email Compromise (BEC)

• Clickjacking

• Fileless attacks

• Ransomware

• Login attacks (Credential Theft)

Here are some key findings from the study:

• The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.

• This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.

• The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.

• The number now expected to be compromised over the coming year has also increased from 76% to 85%.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0

By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.

You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.

https://www.msspalert.com/cybersecurity-research/hackers-hit-one-third-of-organizations-worldwide-multiple-times/

• Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks

Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.

Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.

According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.

The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.

These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.

Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.

Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.

The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.

In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.

Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.

https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/

• 90% of Organisations have Microsoft 365 Security Gaps

A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?

Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:

• 90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins

• 87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)

• Only 17% of companies had strong password requirements that were being consistently followed.

Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.

In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:

• The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.

• 17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.

Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.

https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

• Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors

A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.

The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.

“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.

“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.

As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.

The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.

https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/

• The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For

With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.

In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.

A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.

Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”

Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).

Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.

For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.

https://informationsecuritybuzz.com/the-real-cost-of-cyber-attacks-what-organizations-should-be-prepared-for-2/

• 34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware

As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.

"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.

Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.

A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.

Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.

https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html

• “Password” Continues to Be the Most Common Password in 2022

You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.

But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.

As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.

“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.

“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”

Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.

“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.

The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).

https://news.softpedia.com/news/password-continues-to-be-the-most-common-password-in-2022-as-well-536503.shtml

• Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.

At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.

https://9to5mac.com/2022/11/25/massive-twitter-data-breach/

• European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked

On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.

As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.

In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.

Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.

https://www.europarl.europa.eu/news/en/press-room/20221118IPR55707/european-parliament-declares-russia-to-be-a-state-sponsor-of-terrorism

https://informationsecuritybuzz.com/comment-european-parliament-hit-by-cyberattack-after-vote-on-russia/

• The Changing Nature of Nation-State Cyber Warfare

Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.

The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.

Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.

The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.

https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/

• Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question

Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.

Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.

With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.

But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.

Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance.  While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.

https://informationsecuritybuzz.com/is-your-company-covered-for-a-cybersecurity-attack-thats-the-2-million-question/

Threats

Ransomware and Extortion

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank hackers release 1,500 more patient records on dark web, including mental health data | Medibank | The Guardian

• Fake subscription invoices lead to corporate data theft and extortion - Help Net Security

• Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network • Graham Cluley

• Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)

• New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)

• Donut extortion group also targets victims with ransomware (bleepingcomputer.com)

• Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)

• Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)

• An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs

• Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• Cybereason warns of fast-moving Black Basta campaign (techtarget.com)

• Spate Of Ransomware Targeting Healthcare Cost $92 Billion In Downtime Since 2018, Experts Weigh In - Information Security Buzz

• RansomExx Upgrades to Rust (securityintelligence.com)

• Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)

• Montreal-area city hit by ransomware: Report | IT World Canada News

Phishing & Email Based Attacks

• Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)

• World Cup phishing emails spike in Middle Eastern countries • The Register

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• SocGholish finds success through novel email techniques | SC Media (scmagazine.com)

BEC – Business Email Compromise

• Ten Charged in $11m Healthcare BEC Plots - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online

• A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot

• Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs

• All You Need to Know About Emotet in 2022 (thehackernews.com)

• New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)

• Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)

• This new malware is able to bypass all of Microsoft's security warnings | TechRadar

• Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)

Mobile

• 'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)

• Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)

• Your iPhone may be collecting more personal data than you think | Digital Trends

• This Android File Manager App Infected Thousands of Devices with SharkBot Malware (thehackernews.com)

• Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity

• WhatsApp data leak: 500 million user records for sale | Cybernews

Internet of Things – IoT

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Data Breaches/Leaks

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• WhatsApp data leak: 500 million user records for sale - Security Affairs

• California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com

• Personal data of AirAsia Malaysia, Indonesia and Thailand passengers allegedly leaked due to ransomware - SoyaCincau

Organised Crime & Criminal Actors

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)

• DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News

• Hackers are locking out Mars Stealer operators from their own servers | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)

• Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Crypto exchanges’ bundling of services threatens stability, says Bank of England official | Financial Times (ft.com)

• Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)

Fraud, Scams & Financial Crime

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Beware - Black Friday online shopping scams are here now | TechRadar

• Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online

• Pig butchering domains seized and slaughtered by the Feds • The Register

• Experts Warn Remote Workers of Black Friday Security Threats - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• What cyber insurance really covers - Help Net Security

Software Supply Chain

• CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers - Infosecurity Magazine (infosecurity-magazine.com) 

Denial of Service DoS/DDoS

• Out of the blue: Surviving an 18-hour, 39M-request DDoS attack - Help Net Security

Cloud/SaaS

• The impact of inadequate SaaS management - Help Net Security

Hybrid/Remote Working

• How remote working impacts security incident reporting | CSO Online

Identity and Access Management

• Access Rights – Bridging the Gap Between Current and Desired States - Information Security Buzz

Encryption

• Mathematical theorem used to crack US government encryption algorithm (phys.org)

API

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• The API Timebomb - Information Security Buzz

• What are different types of APIs? - IT Security Guru

• Three security design principles for public REST APIs - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• Guess the most common password. Hint: We just told you • The Register

• World Cup Players Among Most Breached Passwords - IT Security Guru

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)

Social Media

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)

• Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)

• Musk to abused Twitter users: Your tormentors will return • The Register

• Facebook sued for collecting personal data to sell adverts | News | The Times

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

Cyber Bullying, Cyber Stalking and Sextortion

• Musk to abused Twitter users: Your tormentors will return • The Register

Regulations, Fines and Legislation

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• UK’s Privacy Tsar Defends Controversial Enforcement Strategy - Infosecurity Magazine (infosecurity-magazine.com)

• How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop

Law Enforcement Action and Take Downs

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• Interpol Seized $130 Million from Cyber criminals in Global "HAECHI-III" Crackdown Operation (thehackernews.com)

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• iPhones are not as privacy-focused as Apple claims, researchers point out - India Today

• Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica

Misinformation, Disinformation and Propaganda

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine shows how space is now central to warfare | Financial Times (ft.com)

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• EU Parliament Putin things back together after cyber attack • The Register

• Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post

• Scotland's broadband builder linked to Israeli spyware | HeraldScotland

• Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)

Nation State Actors

Nation State Actors – Russia

• Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors – China

• US Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk (thehackernews.com)

• UK bans Chinese CCTV cameras on ‘sensitive’ government sites • The Register

Vulnerability Management

• EPSS explained: How does it compare to CVSS? | CSO Online

Vulnerabilities

• 73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)

• ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• Vulnerability in AWS AppSync allowed unauthorized access to cloud resources | The Daily Swig (portswigger.net)

• AWS fixes 'confused deputy' vulnerability in AppSync • The Register

• How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)

• Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)

• Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)

• Security experts are laying Mastodon's flaws bare | TechRadar

• Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs

• PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Tools and Controls

• Does Zero Trust mean Defence in Depth is dead? - Information Security Buzz

• Charting the Path to Zero Trust: Where to Begin (darkreading.com)

Reports Published in the Last Week

• Threat actors extend attack techniques to new enterprise apps and services - Help Net Security

Other News

• Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online

• 'Quiet quitting' poses a cyber security risk that calls for a shift in workplace culture  | VentureBeat

• Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike (thehackernews.com)

• Security Culture Matters when IT is Decentralized (trendmicro.com)

• Legacy IT system modernization largely driven by security concerns - Help Net Security

• Been Doing It The Same Way For Years? Think Again. (thehackernews.com)

• Here's how to make sure your incident response strategy is ready for holiday hackers - Help Net Security

• Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)

• Hacked digital billboard in Brisbane displays pornography for several minutes | Queensland | The Guardian

• The Case For A Security Program - Information Security Buzz

• How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)

• Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews

• Deloitte reveals 10 strategic cyber security predictions for 2023  | VentureBeat

• The Biden administration has racked up a host of cyber security accomplishments | CSO Online

• US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.