Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Cyber Attacks Begin by Breaking Human Trust

One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.

One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.

Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.

Sources: [GovTech] [Bloomberg] [Security Week]

BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.

Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.

Source: [The Register]

SME Cyber Security Knowledge Gap Widens

Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.

Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.

Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.

Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]

UK Security Budgets Under Strain as Cyber Incidents Soar

A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.

The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).

Sources: [Silicon] [Verdict] [CSO Online]

Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount

A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to  effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.

Source: [EY]

FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours

The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.

Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]

Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business

A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.

The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.

Sources: [Techradar] [Beta News] [HelpNet Security]

Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported

Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.

Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.

Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]

Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums

According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.

Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Global Reinsurance]

Evolving Conversations: Cyber Security as a Business Risk

According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.

By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.

Source: [HelpNet Security]

Threats in Cloud Top the List of Executive Cyber Concerns

A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.

The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CIO Dive]

Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection

Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.

The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.

Source: [Silicon Angle]

Governance, Risk and Compliance

• Small Businesses Underestimate Cyber Risks Despite Increased Threats: IBC Survey (insurancejournal.com)

• Half of Cyber security Professionals Report Increase in Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)

• SME cyber security knowledge gap widens | Dealer Support

• UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached - IT Security Guru

• Poor cyber security habits are common among younger employees - Help Net Security

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• After MGM and Caesars hacks, cyber security experts warn ‘anybody is vulnerable’  - The Nevada Independent

• People Still Matter in Cyber security Management (darkreading.com)

• UK businesses face tightening cyber security budgets as incidents spike | CSO Online

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)

• Evolving conversations: Cyber security as a business risk - Help Net Security

• Cyber security preparedness pays big dividends for businesses - Help Net Security

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN

• Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global

• CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security

• Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyber attacks

• Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)

• A Tool to Help Boards Measure Cyber Resilience (hbr.org)

• High-business-impact outages are incredibly expensive - Help Net Security

• 78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)

• Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News

• How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News

Threats

Ransomware, Extortion and Destructive Attacks

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)

• Ransomware Dwell Time Hits Low of 24 Hours (prnewswire.com)

• Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)

• Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)

• Why the public sector is an easy target for ransomware | TechCrunch

• Banks beware: Why one ransomware victim decided to pay up | American Banker

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• Feds hopelessly behind the times on ransomware trends • The Register

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Ransomware reinfections on the rise from improper remediation (malwarebytes.com)

• Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)

• Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)

• Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)

• Ransomware disrupts hospitality, healthcare in September | TechTarget

• Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs

• Lorenz ransomware embroiled in its own two-year data leak • The Register

Ransomware Victims

• LockBit crime spree includes FDF and UK law firm (techmonitor.ai)

• Motel One discloses data breach following ransomware attack (bleepingcomputer.com)

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Record Numbers of Ransomware Victims Named on Leak Sites - Infosecurity Magazine (infosecurity-magazine.com)

• MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ

• BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care (securityaffairs.com)

• Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)

• South African insurance clients hit in massive global cyber attack (mybroadband.co.za)

• Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)

• Clorox Warns of a Sales Mess After Cyber attack - WSJ

Phishing & Email Based Attacks

• EvilProxy Phishing Attack Strikes Indeed, Targets Executives - Infosecurity Magazine (infosecurity-magazine.com)

• Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

• Will generative AI really supercharge phishing attacks? - Tech Monitor

Other Social Engineering; Smishing, Vishing, etc

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg

• Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• USPS Anchors Snowballing Smishing Campaigns (darkreading.com)

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security

• GenAI in software surges despite risks - Help Net Security

• Boardroom Blueprint: AI's Cyber security Risks (forbes.com)

• The top AI cyber crime threats and solutions | Inquirer Technology

• Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Survey Finds Most Cyber security Experts Believe Offensive AI Will Outpace Defensive AI (thefastmode.com)

• LLMs lower the barrier for entry into cyber crime - Help Net Security

• Will generative AI really supercharge phishing attacks? - Tech Monitor

• Are we doomed to make the same security mistakes with AI? (securityintelligence.com)

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• From Cyber crime to Cyber security: Fighting AI With AI | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Malware

• Hackers are spreading malware through Indeed job messages | Digital Trends

• Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• North Korea's Lazarus Group upgrades its main malware • The Register

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)

Mobile

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Are executives adequately guarding their gadgets? - Help Net Security

Botnets

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

Denial of Service/DoS/DDOS

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)

• Royal Family's official website targeted in cyber attack | UK News | Sky News

• Global events fuel DDoS attack campaigns - Help Net Security

BYOD

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Are executives adequately guarding their gadgets? - Help Net Security

Internet of Things – IoT

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• IoT and the law | Professional Security

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security

• FDA cyber mandates for medical devices goes into effect | CyberScoop

Data Breaches/Leaks

• European Telecommunications Standards Institute Discloses Data Breach - Security Week

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• NATO says it is addressing an apparent cyber attack after strategy documents posted online | CNN Politics

• SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

• PSNI: Concerns over computer security as new figures reveal 161 data incidents | BelfastTelegraph.co.uk

• Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)

• DNA testing service 23andMe investigating theft of user data | CyberScoop

Organised Crime & Criminal Actors

• Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)

• People Still Matter in Cyber security Management (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• The crypto market bears the scars of FTX's collapse | Reuters

Insider Risk and Insider Threats

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar

• Younger employees more likely to have unsafe cyber security habits (betanews.com)

• Addressing the People Problem in Cyber security - Security Week

Fraud, Scams & Financial Crime

• FBI warns phantom hacker scams are emptying financial accounts — how to stay safe | Tom's Guide (tomsguide.com)

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• Online fraud can cost you more than money - Help Net Security

• The crypto market bears the scars of FTX's collapse | Reuters

• How to deal with your brand's doppelgangers | Kaspersky official blog

• Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)

Impersonation Attacks

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

Insurance

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)

• 5 Cyber Insurance Trends To Watch Right Now | CRN

Supply Chain and Third Parties

• Tackling cyber risks head-on using security questionnaires - Help Net Security

Software Supply Chain

• Software firms under cyber attack | Microscope (computerweekly.com)

• Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

Cloud/SaaS

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance (thehackernews.com)

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

• EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)

Hybrid/Remote Working

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

Encryption

• New Marvin attack revives 25-year-old decryption flaw in RSA (bleepingcomputer.com)

• Quantum Computers Could Crack Encryption Sooner Than Expected With New Algorithm (singularityhub.com)

API

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

Open Source

• New 'Looney Tunables' Linux bug gives root on major distros (bleepingcomputer.com)

• The root cause of open-source risk - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Your Long Password Is Still Easy to Crack (pcmag.com)

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

Biometrics

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE

• The inadequacy of voice biometrics | TechRadar

Social Media

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Malvertising

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

Training, Education and Awareness

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Addressing the People Problem in Cyber security - Security Week

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Parental Controls and Child Safety

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

Regulations, Fines and Legislation

• Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• Many Companies Far From Ready for Fast-Approaching SEC Cybersecurity Deadline | Corporate Counsel (law.com)

• Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

Models, Frameworks and Standards

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)

Careers, Working in Cyber and Information Security

• UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online

• Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post

• The State of Cyber security: Cyber Skills Gap Leaves Business Vulnerable to Attacks, New Research Reveals | Business Wire

• Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews

• Soft skills continue to challenge the cyber security sector - Help Net Security

Law Enforcement Action and Take Downs

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• UK student found guilty of 3D printing 'kamikaze' drone • The Register

Privacy, Surveillance and Mass Monitoring

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

Misinformation, Disinformation and Propaganda

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State, Cyber Warfare and Cyber Espionage

• Espionage fuels global cyber attacks - Microsoft On the Issues

• Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly

• ‘Cyberwar Is Going on All Day, Every Day’: CEO | NTD

• CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cyber security of Civil Society Under Threat of Transnational Repression | CISA

• US and UK Lead Fight Against Civil Society Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• The sixth domain: The role of the private sector in warfare - Atlantic Council

• How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

Russia

• Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities

• Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)

• Russia-Ukraine war: Cyber space is the latest frontline | Semafor

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

• Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)

China

• China Poised to Disrupt US Critical Infrastructure with Cyber Attacks, - Infosecurity Magazine (infosecurity-magazine.com)

• How digital threats from East Asia are increasing in breadth and effectiveness | CSO Online

• Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege (securityaffairs.com)

Iran

• Iran-Linked APT34 Spy Campaign Targets Saudis (darkreading.com)

North Korea

• North Korea's Lazarus Group upgrades its main malware • The Register

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves | TechRadar

• North Korea goes phishing in South’s shipyards • The Register

Vulnerability Management

• How to Measure Patching and Remediation Performance (darkreading.com)

Vulnerabilities

• CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA

• October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty - Help Net Security

• Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)

• Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)

• A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica

• Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)

• Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week

• Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)

• Mass exploitation attempts against WS_FTP have begun • The Register

• Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)

• Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security

• Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)

• Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch

• Companies Address Impact of Exploited Libwebp Vulnerability  - Security Week

• Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security

• Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)

• Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)

• Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)

• Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica

Tools and Controls

• Does your security program suffer from piecemeal detection and response? (securityintelligence.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

• 5 common browser attacks and how to prevent them | TechTarget

• Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)

• Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Is your threat protection giving you a false sense of cyber security? | The Independent

• 5 Cyber Insurance Trends To Watch Right Now | CRN

• Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Reports Published in the Last Week

• Microsoft Digital Defence Report 2023 (MDDR) | Microsoft Security Insider

• STUDY: 37% Intimidated, 39% Frustrated with Online Security (globenewswire.com)

• Oh Behave! The Annual Cyber security Attitudes and Behaviours Report 2023 - National Cyber security Alliance (staysafeonline.org)

Other News

• Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)

• Are we smart enough for smart cities? | TechRadar

• The trust deficit in CNI: How to address a growing concern | Computer Weekly

• Third sector highly exposed to cyber risk - CIR Magazine

• 10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN

• Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Cyber security in the Age of Industry 4.0 (automation.com)

• How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)

• 10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)

• NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)

• The changing face of cyber security threats in 2023 | CIO

• Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live

• Making Sense of Today's Payment Cyber security Landscape (darkreading.com)

• GAO tears into State Department's cyber security management • The Register

• First pan-European cyber analysis centre opens (airportsinternational.com)

• Nearly 100,000 Industrial Control Systems Exposed to the Internet - Infosecurity Magazine (infosecurity-magazine.com)

• Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online

• Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Groups Are Shifting Their Focus Away from Larger Targets

Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.

Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.

Sources: [Techcentral] [Helpnet Security]

Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.

The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.

Sources: [Computer Weekly] [InfoSecurity Magazine]

Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.

Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.

Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]

Attacks on SME’s Surged in The First Half of 2023

According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.

An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices.  Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.

Sources: [Inquirer] [HelpNet Security] [Insurance Times]

The CISO Carousel and Its Effect on Enterprise Cyber Security

The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.

In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.

Source: [Security Week]

Bermuda Struggles to Recover from Ransomware Attack

The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.

The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.

Sources: [Duo] [GovInfo Security] [Bleeping Computer]

Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.

Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.

Source: [Reinsurance News]

Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations

According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.

Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]

Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.

With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.

Sources: [BleepingComputer] [Inforsecurity Magazine]

Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.

AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.

Source: [Management Issues]

Boards Still Lack Cyber Security Expertise

A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]

4 Legal Surprises You May Encounter After a Cyber Security Incident

In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.

Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Governance, Risk and Compliance

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Boards Still Lack Cyber Security Expertise - WSJ

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• It's time to safeguard the financial sector: Navigate employee turnover to defend against escalating cyber attacks (betanews.com)

• Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• Cover-ups still the norm in the wake of a cyber incident | Computer Weekly

• Many firms aren't reporting breaches to the proper authorities | TechRadar

• Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs are struggling to get cyber security budgets: Report | CSO Online

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

• The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Essential guide to cyber security compliance | Intruder

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week

• Financial crime compliance costs exceed $206 billion - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware soars as enterprises struggle to respond - Verdict

• Ransomware groups are once again targeting smaller businesses for more lucrative payouts - TechCentral.ie

• Ransomware groups are shifting their focus away from larger targets - Help Net Security

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert

• ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• Current ransomware defencs efforts are not working - Help Net Security

• VMware users anxious about costs and ransomware threats - Help Net Security

• MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

• Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)

• Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)

• Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times

• Ransomware a threat to the trucking industry - FreightWaves

Ransomware Victims

• Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)

• Russian ransomware LockBit threatens to leak internal data from The Weather Network on dark web - The Globe and Mail

• City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack. (securityaffairs.com)

• Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com

• UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)

• Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars (securityaffairs.com)

• Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)

Phishing & Email Based Attacks

• This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar

• Booking.com Customers Targeted in Major Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Use of QR codes in email phishing | Securelist

• How Does Modern Phishing Work? | HackerNoon

• New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)

• Hackers Trick Outlook Into Showing Fake AV Scan | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

BEC – Business Email Compromise

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Rise in cyber criminals leveraging voice phishing and OTP theft for data breaches: Report | Tech News (hindustantimes.com)

Artificial Intelligence

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• No 10 worried AI could be used to create advanced weapons that escape human control | Artificial intelligence (AI) | The Guardian

• The Biggest AI Trends in Cyber Security - CNET

• Google is working to keep Bard chats out of Search • The Register

• Nuclear Brinkmanship in AI-Enabled Warfare: A Dangerous Algorithmic Game of Chicken - War on the Rocks

• New working group to probe AI risks and applications | CyberScoop

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• How should organisations navigate the risks and opportunities of AI? - Help Net Security

Malware

• Malware attacks on SMEs surged in H1 | Inquirer Business

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• 'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)

• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• A powerful new malware backdoor is targeting governments across the world | TechRadar

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• ZenRAT Malware Uncovered in Bitwarden Impersonation - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)

• Dangerous XenomorphAndroid malware is stealing from 100 banking apps — protect yourself now | Tom's Guide (tomsguide.com)

• Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

Botnets

• Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Denial of Service/DoS/DDOS

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Internet of Things – IoT

• If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

Data Breaches/Leaks

• Billions of usernames and passwords leaked online — how to see if you’re affected | Tom's Guide (tomsguide.com)

• ICO sees breach reports from FS firms triple - CIR Magazine

• UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine

• Reported cyber security breaches increase threefold for financial services firms (cityam.com)

• British charities warn supporters their personal data has been breached • Graham Cluley

• Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)

• National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)

• BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

• Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online

Organised Crime & Criminal Actors

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• NFT Hype Collapse Means 95% of The Digital Assets Are Now 'Worthless' | Tom's Hardware (tomshardware.com)

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Insider Risk and Insider Threats

• 75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

Fraud, Scams & Financial Crime

• Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)

• Beware: fraud and smishing scams targeting students | Bournemouth University

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Fraud prevention forces scammers to up their game - Help Net Security

• Why young people are more prone to online scams than boomers are (news5cleveland.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher warns of chilling effect after feds search phone at airport | TechCrunch

AML/CFT/Sanctions

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Financial crime compliance costs exceed $206 billion - Help Net Security

Insurance

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

Dark Web

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 3 phases of the third-party risk management lifecycle | TechTarget

Cloud/SaaS

• Guide: SaaS Offboarding Checklist - Help Net Security

Containers

• Kubernetes attacks in 2023: What it means for the future - Help Net Security

Encryption

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt

Open Source

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)

• Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)

Biometrics

• The multi-national push to ban facial recognition in public spaces | Biometric Update

Social Media

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Malvertising

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

Training, Education and Awareness

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

Travel

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Are we about to lose the last pillar of our digital security? | Euronews

• New working group to probe AI risks and applications | CyberScoop

• SEC Gives Finality on Cyber Security Disclosures for Public Companies | Sheppard Mullin Richter & Hampton LLP - JDSupra

• Why California's Delete Act matters for the whole country - Help Net Security

• Financial crime compliance costs exceed $206 billion - Help Net Security

Models, Frameworks and Standards

• MITRE ATT&CK project leader on why the framework remains vital for cyber security pros - Help Net Security

• Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)

• Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week

Careers, Working in Cyber and Information Security

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Demand for cyber security staff trebled since 2019 | Business Post

• Cyber security and staffing issues key risks for companies | Accountancy Daily

• Cyber security skills employers are desperate to find in 2023 - Help Net Security

• Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)

Law Enforcement Action and Take Downs

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• Western District of Washington | French cyber criminal pleads guilty to fraud and aggravated identity theft for hacking private information | United States Department of Justice

Misinformation, Disinformation and Propaganda

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)

• Russian hacking operations target Ukrainian law enforcement | CyberScoop

• Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet - Infosecurity Magazine (infosecurity-magazine.com)

• Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)

• Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)

• Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News

• Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (ukrinform.net)

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Examining the Activities of the Turla APT Group (trendmicro.com)

• Scottish Tory MSP has website hacked by 'hostile Russian group' | The National

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

• Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times

China

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• Chinese hackers stole 60,000 emails from US State Department in Microsoft hack, Senate staffer says (databreaches.net)

• Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week

• Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org | Symantec Enterprise Blogs (security.com)

• China’s national security minister lists top digital threats • The Register

Misc Nation State/Cyber Warfare

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Sophisticated APT Clusters Target Southeast Asia - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Another Chrome security issue is exploited in the wild (and affecting all Chromium-based browsers) - gHacks Tech News

• Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)

• Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week

• Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)

• High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)

• GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica

• Firefox 118 Patches High-Severity Vulnerabilities - Security Week

• Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• macOS 14 Sonoma Patches 60 Vulnerabilities - Security Week

Tools and Controls

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

• The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld

• The Biggest AI Trends in Cyber Security - CNET

• How SOAR helps improve MTTD and MTTR metrics | TechTarget

• What Is a Network Security Assessment and Why You Need It | MSSP Alert

• Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)

• The pitfalls of neglecting security ownership at the design stage - Help Net Security

• Guide: SaaS Offboarding Checklist - Help Net Security

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)

• The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies (thehackernews.com)

• Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek

• Cyber security budgets show moderate growth - Help Net Security

• Evaluating Security Outsourcing in the Wake of Recent High-Profile Cyber Attacks: Info-Tech Research Group Publishes New Resource (prnewswire.com)

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

Other News

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET

• Why aviation needs to prioritise cyber security – Airport World (airport-world.com)

• The key threats facing ICS/OT environments (betanews.com)

• Are Fire Departments Prepared for a Cyber Attack? | HackerNoon

• Fintechs must brace for rising cyber security challenges | Mint (livemint.com)

• Space Force chief says commercial satellites may need defending | Ars Technica

• UK Cyber Security Council CEO reflects on a year of progress | CSO Online

• Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)

• Cyber Hygiene: A First Line of  Against Evolving Cyber Attacks (darkreading.com)

• Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)

• KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)

• US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek

• Recommendations for Managing Cyber Security Threats in the Manufacturing Sector | Foley & Lardner LLP - JDSupra

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

• Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

• Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

• Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

• Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

• Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

• Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

• 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

• The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

• The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

• SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors

Governance, Risk and Compliance

• Businesses are ignoring third-party security risks - Help Net Security

• Employees worry less about cyber security best practices in the summer - Help Net Security

• Digital-First Economy Has Transformed Role of CISO- IT Security Guru

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Over 130 Organisations, Millions of Individuals Believed to Be Impacted by MOVEit Hack - SecurityWeek

• MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)

• Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek

• UK cyber spies warn ransomware criminals targeting law firms • The Register

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Cl0p in Your Network? Here's How to Find Out (darkreading.com)

• Sixth anniversary of NotPetya - IT Security Guru

• July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert

• LockBit Dominates Ransomware World, New Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• 'Wagner' Ransomware Targets Computers in Russia | PCMag

Ransomware Victims

• Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica

• Manchester University Breach Victims Hit with Triple Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• 8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN

• MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)

• Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews

• UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)

• Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek

• Clop ransomware gang obtained personal data of 45,000 New York City students in MOVEit hack | Engadget

• 10 banks alleged victims of ransomware attacks on file transfer software | American Banker

• Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)

• Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET

• K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)

Phishing & Email Based Attacks

• Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• How a Layered Security Approach Can Minimise Email Threats - MSSP Alert

• Less than half of UK banks implement most secure DMARC level | CSO Online

• Over Half of UK Banks Are Exposing Customers to Email Fraud - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Widespread BEC attacks threaten European organisations - Help Net Security

• The Current State of Business Email Compromise Attacks (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Cyber Crime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering (thehackernews.com)

• How scammers use psychology to create some of the most convincing internet cons – and what to watch out for (theconversation.com)

• Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)

Artificial Intelligence

• Malwarebytes ChatGPT Survey Reveals 81% are Concerned by Generative AI Security Risks (darkreading.com)

• Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert

• ChatGPT users at risk for credential theft | TechTarget

• OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business

• Lawyers who cited fake cases invented by ChatGPT must pay • The Register

• Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)

• How to Deploy Generative AI Safely and Responsibly (trendmicro.com)

• Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)

• Does the world need an arms control treaty for AI? | CyberScoop

• When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)

2FA/MFA

• LastPass users furious after being locked out due to MFA resets (bleepingcomputer.com)

Malware

• SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)

• New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)

• Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online

• NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)

• Chinese state-backed hackers accidentally infected a European hospital with malware (therecord.media)

• Trojanized Super Mario Bros game spreads malware- - Security Affairs

• New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)

• NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)

• Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)

• North Korean Andariel APT used a new malware named EarlyRat - Security Affairs

Mobile

• Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge

• Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own – Naked Security (sophos.com)

• Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)

Denial of Service/DoS/DDOS

• Global rise in DDoS attacks threatens digital infrastructure - Help Net Security

• Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)

• Diablo IV video game hit by DDoS attacks • Graham Cluley

Internet of Things – IoT

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

• The tech flaw that lets hackers control surveillance cameras - BBC News

Data Breaches/Leaks

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• Latitude hit with $1 million lawsuit over data breach (9news.com.au)

• Recruitment portal exposes data of US pilot candidates • The Register

• Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers (darkreading.com)

• 3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)

• Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek

• US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)

Organised Crime & Criminal Actors

• 2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek

• Security analyst wanted by both Russia and the US • The Register

• Former Group-IB manager has been arrested in Kazahstan - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

• JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs

• Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)

Insider Risk and Insider Threats

• Employees worry less about cyber security best practices in the summer - Help Net Security

Fraud, Scams & Financial Crime

• How scammers use psychology to create some of the most convincing internet cons – and what to watch out for (theconversation.com)

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

• Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)

• Safety checks run down and boom time for criminals: this is why the UK is becoming the ‘dustbin of Europe’ | Polly Toynbee | The Guardian

• This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)

• The robotic falcon maker who was targeted by cyber criminals - BBC News

Deepfakes

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)

Insurance

• University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ

• Second Wave of Cyber Insurance | Arctic Wolf

• Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business

• How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)

Dark Web

• Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs

• Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)

Supply Chain and Third Parties

• Businesses are ignoring third-party security risks - Help Net Security

Cloud/SaaS

• 95% fear inadequate cloud security detection and response - Help Net Security

• The unhappy reality of cloud security in 2023 | InfoWorld

• Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online

• 5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert

• Uncovering attacker tactics through cloud honeypots - Help Net Security

• How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security

• Outlook for the web outage impacts users across America (bleepingcomputer.com)

• 3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)

Identity and Access Management

• 10 things every CISO needs to know about identity and access management (IAM) | VentureBeat

• Human vs Machine Identity Risk Management (trendmicro.com)

Encryption

• Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge

• Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer

• How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)

Open Source

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring The Anatomy Of A Linux Kernel Exploit | Hackaday

Passwords, Credential Stuffing & Brute Force Attacks

• A New Era Of Security: Are Passwords No Longer Fit For Purpose? (informationsecuritybuzz.com)

Social Media

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

Travel

• Employees worry less about cyber security best practices in the summer - Help Net Security

Cyber Bullying, Cyber Stalking and Sextortion

• Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek

Regulations, Fines and Legislation

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• US firm 'breached GDPR' by reputation-scoring EU citizens • The Register

• JP Morgan accidentally deletes 47 million comms records • The Register

Models, Frameworks and Standards

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• How to Reach Compliance with HIPAA (trendmicro.com)

Careers, Working in Cyber and Information Security

• SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online

• Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)

• Experts Unconvinced by Upskill in UK Cyber Program - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch

• Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs

• 2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)

• Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)

• What is Cyberwar? - SecurityWeek

• Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)

• Sachkov's Revenge: Jailed On Treason Charges, A Russian Cyber security Exec Goes On The Offensive (rferl.org)

• Microsoft hackers say they work for Sudan, not Russia | Fortune

• 'Chinese spy balloon' was 'crammed' with US hardware • The Register

• 'Wagner' Ransomware Targets Computers in Russia | PCMag

• Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop

China

• Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks (thehackernews.com)

• China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)

• Ministers accused of ‘letting Huawei off the hook’ after scrapping release of security report (telegraph.co.uk)

• Chinese state-backed hackers accidentally infected a European hospital with malware (therecord.media)

• 'Chinese spy balloon' was 'crammed' with US hardware • The Register

Iran

• The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop

• From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)

• Charming Kitten’s PowerStar Malware Evolves with Advanced Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer

North Korea

• New EarlyRAT malware linked to North Korean Andariel hacking group (bleepingcomputer.com)

Misc/Other/Unknown

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

Vulnerability Management

• SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)

• Cyber attackers Still Rely on Decades-Old Security Weaknesses & Tactics, Barracuda Reports - MSSP Alert

• Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)

• Micropatches: What they are and how they work - Help Net Security

• MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk? (thehackernews.com)

• When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)

• It's 2023 and out-of-bounds write bugs are still number one • The Register

Vulnerabilities

• VMware fixed five memory corruption issues in vCenter Server - Security Affairs

• US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)

• CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek

• Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)

• Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs

• Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek

• Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online

• Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs

• Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek

• Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts (thehackernews.com)

• Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)

• The tech flaw that lets hackers control surveillance cameras - BBC News

• Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)

Tools and Controls

• 95% fear inadequate cloud security detection and response - Help Net Security

• How a Layered Security Approach Can Minimize Email Threats - MSSP Alert

• ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)

• How API gateways improve API security | TechTarget

• Uncovering attacker tactics through cloud honeypots - Help Net Security

• How Active Directory Bridging Extends Security Automation to Hybrid IT Environments (darkreading.com)

• Are GPT-Based Models the Right Fit for AI-Powered Cyber security? - Infosecurity Magazine (infosecurity-magazine.com)

• 10 things every CISO needs to know about identity and access management (IAM) | VentureBeat

• FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)

• 3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)

Other News

• Submarine Cables at Growing Risk of Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Businesses count the cost of network downtime - Help Net Security

• Exploring the persistent threat of cyber attacks on healthcare - Help Net Security

• How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)

• Ex-FBI employee jailed for mishandling classified material • The Register

• Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek

• Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.