Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.

Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.

Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]

1% of Users are Responsible for 88% of Data Loss Events

New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.

With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.

Source: [Help Net Security]

Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI

New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.

Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]

Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan

Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.

A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.

Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]

Risk and Regulation: Preparing for the Era of Cyber Security Compliance

The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.

In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.

Sources: [Security Week] [Verdict]

Ransomware Attacks Jump 73% Within a Year

A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.

Source: [TechTarget]

The New CISO - Rethinking the Role

The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.

Source: [Dark Reading]

90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.

Source: [MSSP Alert]

Chief Risk Officers Say Cyber Security is Most Pressing Risk

In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.

Source: [Insurance Journal]

Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.

Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.

To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.

Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]

Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.

A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.

Source: [TechRadar] [WSJ]

Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare

A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.

Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.

Sources: [Security Brief ] [Beta News]

Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.

Source: [Reinsurance News]

Governance, Risk and Compliance

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)

• Microsoft: 87% of UK Organisations Vulnerable to Costly Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro

• New research calls for ‘less fear and more action’ from SMEs, as cyber naivety leaves 4 out of 5 businesses wide open to threats - Business Mondays

• Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)

• UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• UK government's "scarcely believable" cyber security survey makes grim reading for all sizes of business | TechFinitive

• 75% of UK Businesses Experienced a Cyber Incident in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News

• Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live

• The New CISO: Rethinking the Role (darkreading.com)

• Most IT pros think cyber attacks are getting worse - and many firms don't know how to deal with them | TechRadar

• Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)

• Using A Security Assessment As A Measuring Stick (forbes.com)

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)

• Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)

• Navigating the Evolving Cyber Threat Landscape: Insights from the Cyber Stability Conference → UNIDIR

• Organisations under pressure to modernize their IT infrastructures - Help Net Security

• Adapting Military Solutions to the Corporate Battlefield - Infosecurity Magazine (infosecurity-magazine.com)

• Board-level buy-in: preparing cyber defences the right way | Computer Weekly

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surges as compliance falters - Thales Group - Verdict

• Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)

• Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands - Infosecurity Magazine (infosecurity-magazine.com)

• NCC Group: Ransomware attacks jump 73% in February | TechTarget

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The Big Question: Is the UK ready to meet the threat of ransomware to British business? - Emerging Risks Media Ltd

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Ransomware Victims

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The British Library looks to the future as it reveals the incalculable damage of its ransomware attack (diginomica.com)

• VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine

• UnitedHealth cyber attack "one of the most stressful things we've gone through," doctor says - CBS News

• UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com

• Scottish health board hit by huge cyber attack with ‘significant quantity’ of data at risk (scotsman.com)

• Why UnitedHealth, Change Healthcare were targets of ransomware hackers

• Criminal investigation into Leicester City Council cyber attack - BBC News

• Yacht dealer to the celebs attack claimed by Rhysida gang • The Register

• UK council eerily cagey about 'cyber incident' details • The Register

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

Phishing & Email Based Attacks

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro

• Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)

• Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Email threat landscape | Professional Security

• Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)

• How to defend against phishing as a service and phishing kits | TechTarget

Other Social Engineering

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)

Artificial Intelligence

• Microsoft report says UK is not prepared for the age of AI — barely any businesses are ‘resilient’ to cyber crime | TechRadar

• 87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)

• UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly

• In the rush to build AI apps, don't leave security behind • The Register

• AI adoption by hackers pushed financial scams in 2023 | CSO Online

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Malware

• The most prevalent malware behaviours and techniques - Help Net Security

• Malware stands out as the fastest-growing threat of 2024 - Help Net Security

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)

• Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)

Mobile

• Kaspersky Identifies Three New Android Malware Threats (darkreading.com)

Denial of Service/DoS/DDOS

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why DDoS Threat Actors Are Shifting Their Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• 300,000 Systems Vulnerable to New Loop DoS Attack - Security Week

• Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar

Internet of Things – IoT

• Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

Data Breaches/Leaks

• 1% of users are responsible for 88% of data loss events - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Hackers steal personal data of 43 million French job seekers | ITPro

• International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)

• IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)

• NHS Dumfries and Galloway Warns of “Significant” Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)

• AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• Top 5 Data Breaches That Cost Millions - Security Boulevard

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Serial data thief pleads guilty to cyber crime charges • The Register

• Changing cause of data breaches | Professional Security

• Fake data breaches: Countering the damage - Help Net Security

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• How to verify a data breach | TechCrunch

• Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week

Organised Crime & Criminal Actors

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• IT helpdeskers increasingly targeted by cyber criminals • The Register

• Serial data thief pleads guilty to cyber crime charges • The Register

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

Insider Risk and Insider Threats

• 1% of users are responsible for 88% of data loss events - Help Net Security

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• Why human risk management is key to data protection (betanews.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• China-based Canadian accused of stealing Tesla trade secret • The Register

Insurance

• UK cyber insurance findings | Professional Security

• New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)

• Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)

Supply Chain and Third Parties

• Third-party breaches create network weak spots (betanews.com)

• How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)

Cloud/SaaS

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• The Definitive Guide to SaaS Security - Security Boulevard

Identity and Access Management

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

Encryption

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• Future inevitability of quantum computers is a security problem today - Breaking Defence

Linux and Open Source

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard

• What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

Social Media

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

Training, Education and Awareness

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• The Weakest Link: Securing The Human Element From Cyber Attack  - Security Boulevard

Regulations, Fines and Legislation

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• ICO publishes new fining guidance | ICO

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert

Models, Frameworks and Standards

• Chinese media exposes criminal smartphone farms • The Register

Data Protection

• Why human risk management is key to data protection (betanews.com)

Careers, Working in Cyber and Information Security

• How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga

• 3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)

• Why cyber recruitment needs a rapid overhaul | TechRadar

• AI Won't Solve Cyber Security's Retention Problem (darkreading.com)

Law Enforcement Action and Take Downs

• Filipino police break up forced labour cyber operation • The Register

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• Court jails first person convicted of cyberflashing in England | Crime | The Guardian

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Serial data thief pleads guilty to cyber crime charges • The Register

• Ukrainian Police Arrest Suspected Brute Force Account Hijackers - Infosecurity Magazine (infosecurity-magazine.com)

• Money laundering network boss hit with multi-million pound confiscation order - National Crime Agency

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

Nation State Actors

China

• Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week

• Confronted with Chinese hacking threat, industrial cyber security pros ask: What else is new?  | CyberScoop

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• Chinese media exposes criminal smartphone farms • The Register

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

• A look inside the Chinese cyber threat at the biggest ports in US

• CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)

Russia

• Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard

• UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)

• The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Russia’s Hybrid Warfare with the United States | Geopolitical Monitor

• HUR and cyber activists hacked at least seven Russian companies between March 11 and 18 / The New Voice of Ukraine (nv.ua)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor

• Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (therecord.media)

• Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)

• Over 800 Russian cyber attacks on Ukraine's state institutions and services since February 2022 – Prosecutor General | Ukrainska Pravda

• I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

• Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.

• Putin Sees Disastrous Start to Presidential Election (newsweek.com)

• Russia targets hundreds of Americans with new sanctions, including cyber journalists (therecord.media)

• Putin’s party hit by cyber attack as armed Russian troops oversee voters in occupied Ukraine | The Independent

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Iran

• Hackers claim to have breached Israeli nuclear facility’s computer network (therecord.media)

North Korea

• North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says

• North Korea's Kimsuky gang now exploiting Windows Help files • The Register

• Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Vulnerability Management

• NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)

• No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)

• 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Vulnerabilities

• Exploitation activity increasing on Fortinet vulnerability | TechTarget

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)

• Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)

• Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)

• Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)

• Another Microsoft vulnerability is being used to spread malware | TechRadar

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Google Chrome 123 launches with security fixes and Google Update changes on Windows - gHacks Tech News

• The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• iOS 17.4.1 release includes bug fixes and security updates | Macworld

• Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week

Tools and Controls

• Using A Security Assessment As A Measuring Stick (forbes.com)

• Mastering Physical Security In Information Security (informationsecuritybuzz.com)

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• How to choose the best cyber security vendor for your business | ITPro

• Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls - Security Boulevard

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)

• How To Not Fly Blind With API Security (forbes.com)

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

• EDR vs. antivirus: What's the difference? | TechTarget

• SIEM vs XDR: Capabilities and Key Differences | MSSP Alert

• Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK (darkreading.com)

• 95% of companies face API security problems - Help Net Security

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Reports Published in the Last Week

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• The 2024 Sophos Threat Report: Cyber Crime on Main Street – Sophos News

• 2024 Thales Data Threat Report Reveals Rise in Ransomware Attacks, as Compliance Failings Leave Businesses Vulnerable to Breaches | Thales Group

• Equifax Releases 2023 Security Annual Report (prnewswire.com)

Other News

• At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

• The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)

• Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)

• Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security

• Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post

• Cyber Security for Trustees: How to Reduce Risk and Respond to an Incident | Woodruff Sawyer - JDSupra

• How Can We Reduce Threats From the IABs Market? (darkreading.com)

• UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)

• Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

• Cyber security is an urgent priority for the museums sector - Museums Association

• Meet America’s Most Cyber Secure Banks 2024 (forbes.com)

• Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)

• Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)

• The Consequences for Schools and Students After a Cyber Attack - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw

A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.

No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.

Sources: [IT Security Guru] [Beta News] [Verdict]

Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable

According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.

The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.

Sources: [Infosecurity Magazine]  [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]

Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.

Source: [TechRadar]

UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.

Source: [The Record Media]

Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.

Sources: [JDSupra]

Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.

Source:[ SC Media] [TechRadar]

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.

Source: [The Hacker News]

Independent Cyber Security Audits Are Powerful Tools for Boards

Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by  the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.

Source: [Bloomberg Law]

Navigating Cyber Security in The Era of Mergers

In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.

Source: [Forbes]

Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.

Sources: [Help Net Security] [Dark Reading]

Governance, Risk and Compliance

• Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Three-Quarters of Cyber Incident Victims Are Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• Still on Top: Cyber Security Incidents Ranked #1 Global Business Threat in 2024 | Dinsmore & Shohl LLP - JDSupra

• Navigating Cyber Security In The Era Of Mergers (forbes.com)

• SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)

• New Risk for Weary CISOs: Becoming the Scapegoat After Cyber Criminals Strike | Corporate Counsel (law.com)

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• OODA Loop - How To Properly Cut Your Cyber Security Budget

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos: Remote ransomware attacks on SMBs increasing | TechTarget

• UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)

• Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack | Dinsmore & Shohl LLP - JDSupra

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding the multi-tiered impact of ransomware. (thecyberwire.com)

• Ransomware tracker: The latest figures [March 2024] (therecord.media)

• Cyber attack costing hospitals millions - The Boston Globe

• British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? (therecord.media)

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

• Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar

• StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

Ransomware Victims

• British Library’s legacy IT blamed for lengthy rebuild • The Register

• British Library shares lessons from cyber attack | UKAuthority

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Stanford University failed to detect intruders for 4 months • The Register

• Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)

• Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)

• Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages (voanews.com)

• UnitedHealth Sets Timeline to Restore Change Healthcare Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Belgian village whose brewery was hit by cyber attack faces another on its coffee roastery (therecord.media)

• Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)

• Child protection among critical services affected by cyber attack on English council (therecord.media)

• Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Image-based phishing tactics evolve - Help Net Security

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

• What is phishing? Examples, types, and techniques | CSO Online

• New email standards: what you need to know | TechRadar

Other Social Engineering

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

Artificial Intelligence

• AI Poses Extinction-Level Risk, State-Funded Report Says | TIME

• Cyber crime underworld has removed all the guardrails on AI frontier

• Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)

• Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data - Security Boulevard

• Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)

• Intelligence officials warn pace of innovation in AI threatens US | CyberScoop

• How advances in AI are impacting business cyber security - Help Net Security

• NCSC Blog - AI and cyber security: what you need to know (techuk.org)

• Are Global Companies Equipped to Tackle Emerging AI-Driven Cyber Threats? New Study Reveals Insights | Cryptopolitan

• 4 types of prompt injection attacks and how they work | TechTarget

• How data poisoning attacks work | TechTarget

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• How to craft a generative AI security policy that works | TechTarget

2FA/MFA

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security

• SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

• Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)

• RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)

• Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)

Mobile

• Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard

• SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)

• PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• French government sites disrupted by très grande DDOS • The Register

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

• RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR

• The Growing Threat of Application-Layer DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks reach critical levels in 14 seconds | Security Magazine

Internet of Things – IoT

• Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard

• Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week

• The S in IoT stands for security • The Register

• Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

Data Breaches/Leaks

• Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra

• Jersey regulator's data breach leaks names and addresses - BBC News

• Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)

• Okta denies it was hacked again after data appears on hacking site | TechRadar

• Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)

• French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

Organised Crime & Criminal Actors

• How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)

• How to Identify a Cyber Adversary: What to Look For (darkreading.com)

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week

Insider Risk and Insider Threats

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Insider threats can damage even the most secure organisations - Help Net Security

• Your tech tools won’t save you from cyber threats | TechRadar

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• Meta Sues Former VP After Defection to AI Startup - Infosecurity Magazine (infosecurity-magazine.com)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

Insurance

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

Supply Chain and Third Parties

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International

Cloud/SaaS

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• How Not to Become the Target of the Next Microsoft Hack (darkreading.com)

• Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

• Cloud security vs. network security: What's the difference? | TechTarget

Encryption

• Building The Defence Sector's Quantum Threat Resilience (forbes.com)

• Are private conversations truly private? A cyber security expert explains how end-to-end encryption protects you (theconversation.com)

Linux and Open Source

• How to Ensure Open Source Packages Are Not Landmines (darkreading.com)

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)

• Overcoming the threat of account takeover fraud (securitybrief.co.nz)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leverage document publishing sites for ongoing credential and session token theft (talosintelligence.com)

• LastPass suffers worldwide outage causing site 404 error - 9to5Mac

Social Media

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

Training, Education and Awareness

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

Regulations, Fines and Legislation

• Everything you need to know about the EU's Cyber Solidarity Act | ITPro

• Cyber Security: European Parliament adopts Cyber Resilience Act at first reading | Practical Law (thomsonreuters.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

Models, Frameworks and Standards

• 4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

Backup and Recovery

• Immutability: A boost to your security backup (betanews.com)

Data Protection

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• How do you lot feel about Pay or OK model, ICO asks Brits • The Register

Careers, Working in Cyber and Information Security

• Half of firms struggling to hire cyber security experts (securitybrief.co.nz)

• UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

• Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

• How To Overcome The Machismo Problem In Cyber Security (forbes.com)

Law Enforcement Action and Take Downs

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

• WEF effort to disrupt cyber crime moves into operations phase • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

• Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. (thecyberwire.com)

• Chinese company at the centre of Biden's US port crane order denies it's a security threat | Fortune Asia

• Lithuania security services warn of China's espionage against the country (securityaffairs.com)

• Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

Russia

• Microsoft says Russian hackers stole source code after spying on its executives - The Verge

• Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)

• Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)

• Microsoft says it hasn't been able to evict Russian state hackers | AP News

• Why Cyber Attacks on Ukrainians Aren’t Working the Way Russia Expected - Carnegie Endowment for International Peace

• Kremlin accuses US of plotting election-day cyber attack • The Register

• Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC

• First-ever South Korean national detained for espionage in Russia (securityaffairs.com)

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

North Korea

• Japan Blames North Korea for PyPI Supply Chain Cyber Attack (darkreading.com)

Vulnerability Management

• How to Streamline the Vulnerability Management Life Cycle - Security Boulevard

• Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)

• Former CISA Dir. Krebs on cyber threats: Microsoft and others are 'hanging on by a thread' right now (cnbc.com)

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

Vulnerabilities

• Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (thehackernews.com)

• Adobe Patches Critical Flaws in Enterprise Products - Security Week

• Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week

• Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• SAP Patches Critical Command Injection Vulnerabilities - Security Week

• Cisco addressed severe flaws in its Secure Client (securityaffairs.com)

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard

• New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register

• Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)

• CISA confirms compromise of its Ivanti systems | TechTarget

• Threat actors breached two crucial systems of the US CISA (securityaffairs.com)

• Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)

• QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now | TechRadar

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week

Tools and Controls

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• 10 cloud security tips every IT leader should know | ITPro

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• Cloud security vs. network security: What's the difference? | TechTarget

• Immutability: A boost to your security backup (betanews.com)

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

• How teams can improve incident recovery time to minimize damages - Help Net Security

• New email standards: what you need to know | TechRadar

• Creating Security Through Randomness (darkreading.com)

• AI and the future of corporate security - Help Net Security

Reports Published in the Last Week

• The State of Email & Collaboration Security 2024 | Mimecast

Other News

• The rise of cyber attacks on financial institutions highlight the need to build a security culture   | SC Media (scmagazine.com)

• Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar

• French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)

• US Intelligence Predicts Upcoming Cyber Threats for 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard

• 78% of MSPs state cyber security is a prominent IT challenge | Security Magazine

• No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED

• Maritime cyber security: threats and challenges - Port Technology International

• What resources do small utilities need to defend against cyber attacks? | CyberScoop

• 10 free cyber security guides you might have missed - Help Net Security

• Using the wrong font could be a major security problem — and possibly not for the reason you might think | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

• Why governance, risk, and compliance must be integrated with cyber security | CSO Online

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)

• Beating the drum on cyber risk: the battle for boardroom attention - Risk.net

• What is cyber hygiene and why businesses should know about it - Security Boulevard

• Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard

• What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)

• Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)

• Essential Guide To Information Security Compliance (informationsecuritybuzz.com)

• Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)

• The CISO: 2024’s Most Important C-Suite Officer (forbes.com)

• UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)

• How to Prioritize Cyber Security Spending: A Risk-Based Strategy for the Highest ROI (thehackernews.com)

• Cyber security 'blind spot' leaves businesses exposed - Accountancy Age

• MTTR: The Most Important Security Metric (darkreading.com)

• Building Your Cyber Incident Response Team - Security Boulevard

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• AWS on why CISOs should track 'the metric of no' | TechTarget

• 2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey (databreaches.net)

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying - Infosecurity Magazine (infosecurity-magazine.com)

• 69% of Organisations Infected by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)

• What CISOs Need To Know About The Lockbit Takedown - Security Boulevard

• Ransomware crews lean into infostealers for initial access • The Register

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Do ransomware attackers keep their word? - TechCentral.ie

• What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg

• Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)

• FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)

• What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future

• 3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)

• What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)

• Cyber criminals follow the money to hit manufacturing sector • The Register

• Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)

Ransomware Victims

• Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week

• Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)

• Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)

• Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)

• Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie

• Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)

• German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week

• US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)

• MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)

Phishing & Email Based Attacks

• European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar

• Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)

• Unmasking 2024's Email Security Landscape (securityaffairs.com)

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot

Other Social Engineering

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• How to stay safe from cyber criminal "quishing" attacks | TechRadar

• Scammers Often Rely on This Psychological Trick | TIME

Artificial Intelligence

• Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune

• AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• AI in cyber security presents a complex duality - Help Net Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

• BEAST AI attack can break LLM guardrails in a minute • The Register

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

• Ransomware crews lean into infostealers for initial access • The Register

• BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)

• GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

• Pikabot returns with new tricks up its sleeve - Help Net Security

• TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Cloud-focused malware campaigns on the increase (betanews.com)

• Hackers are infecting Macs with malware using calendar invites and meeting links | Tom's Guide (tomsguide.com)

• New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)

Mobile

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)

• Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)

Denial of Service/DoS/DDOS

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• DDoS attacks against web apps and APIs surge (betanews.com)

Internet of Things – IoT

• Half of IT Leaders Identify IoT as Security Weak Point - Infosecurity Magazine (infosecurity-magazine.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

Data Breaches/Leaks

• U-Haul says 67K customers' data was stolen in cyber attack • The Register

• Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar

Organised Crime & Criminal Actors

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• 8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)

• It’s only February and cyber crime is already running rampant (techinformed.com)

• Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)

• How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

Insider Risk and Insider Threats

• US man accused of making $1.8m from listening in on wife’s remote work calls | Securities and Exchange Commission | The Guardian

• Are remote workers at greater risk of cyber security threats? | TechRadar

• Over Half of UK Firms Concerned About Insider Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding employees' motivations behind risky actions - Help Net Security

• The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)

Insurance

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• A Cyber Insurance Backstop - Schneier on Security

Supply Chain and Third Parties

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• 98% of businesses linked to breached third parties - Help Net Security

Cloud/SaaS

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• CIOs rethink all-in cloud strategies | CIO

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

• Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert

• Cloud-focused malware campaigns on the increase (betanews.com)

Identity and Access Management

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)

Linux and Open Source

• From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

Social Media

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

Malvertising

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

• Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)

Training, Education and Awareness

• Cyber awareness education is a change-management initiative | CSO Online

• Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)

• 4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)

• Creating a cyber security training curriculum for SMBs and MSPs | TechRadar

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

Regulations, Fines and Legislation

• 81% of security leaders predict SEC rules will impact their businesses | Security Magazine

• Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)

• Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard

• NIST Publishes Final “Cyber Security Resource Guide” on Implementing the HIPAA Security Rule | Foley & Lardner LLP - JDSupra

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Backup and Recovery

• MTTR: The Most Important Security Metric (darkreading.com)

Models, Frameworks and Standards

• NIST CSF 2.0 released, to help all organisations, not just those in critical infrastructure - Help Net Security

• NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert

• Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)

• Preparing for the NIS2 Directive - Help Net Security

Data Protection

• UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• A Perfect Cyber Storm is Leading to Burnout | Network Computing

• The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)

• Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard

Law Enforcement Action and Take Downs

• Is the LockBit gang resuming its operation? (securityaffairs.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• US leading global alliance to counter foreign government disinformation | Cyberwar | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 15 Countries with Cyber Warfare Capabilities (yahoo.com)

• Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review

• When Hackers Are Hacked, A Chinese Spy Story - Worldcrunch

• Chinese Cyber Attacks:A 12-month Outlook (greydynamics.com)

• Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)

• The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

• Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

Russia

• Two Years On: How Ukraine's Cyber Warfront Is Redefining Global Cyber Security Strategies | HackerNoon

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia may have just carried out its first direct action against the West (yahoo.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• Ukraine signs security deals with Western allies to help counter Russian cyber attacks (therecord.media)

• Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies (therecord.media)

• Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

• Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

• Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (therecord.media)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

• Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

Iran

• Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defence Sectors (thehackernews.com)

North Korea

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

Vulnerability Management

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• CVE count set to rise by 25% in 2024 - Help Net Security

• Most Commercial Code Contains High-Risk Open Source Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• The rising threat of zero-day attacks | Security Magazine

Vulnerabilities

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)

• One of Apple's best iOS productivity tools had a pretty concerning security flaw, so patch now | TechRadar

• Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

• MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)

• Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)

• Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop

• Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)

Tools and Controls

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Cyber awareness education is a change-management initiative | CSO Online

• Why Cyber Security Must Include Protective DNS (hyas.com)

• Championing ethical hackers: a vital defence for the financial industry during turbulent times (finextra.com)

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard

• APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• MTTR: The Most Important Security Metric (darkreading.com)

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week

• Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)

• Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)

Reports Published in the Last Week

• A Comparative Study on Cyber Risk: Business vs. Security Perspectives (inforisktoday.com)

• Cyber threat landscape report | Professional Security

• Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE

Other News

• Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)

• IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)

• It's time to stop trusting your antivirus software | Digital Trends

• Three new advanced threat groups targeted industrial organisations last year | CSO Online

• What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard

• Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)

• Why Health Care Is Top Target for Cyber Criminals (govtech.com)

• RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)

• Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier

Spain’s second largest mobile operator, Orange España, suffered a major outage after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the network that delivers the company’s internet traffic. The attacker had posted the account they had compromised, and researchers found that the associated system had been infected with a Raccoon type infostealer back in September of 2023. The compromised account was Orange’s RIPE administrator account, with the password “ripeadmin”. The incident led to a 50% drop in connections for a 4 hour period, and  underscores the critical importance of robust cyber security measures, including strong passwords, and serves as a stark reminder that even seemingly minor oversights can lead to significant disruptions.

Source: [Ars Technica]

Russia Kyivstar Hack Should Alarm the West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organisations in the West could easily be next, Ukraine's SBU chief says. December's cyber attack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actor ‘Sandworm’ dealt a catastrophic blow to the telecoms provider, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cyber security department. It is believed that although the attack took place in December 2023, the threat actors likely had access to Kyivstar systems since May 2023.

Source: [Dark Reading]

23andMe Tells Victims It’s Their Fault Their Data Was Breached

A cyber incident at DNA data firm 23andMe started with credential stuffing 14,000 user accounts. Credential stuffing is the process by which a malicious actor uses previously harvested usernames and passwords from earlier unrelated breaches to break into other sites and services. Many of the 14,000 accounts had opted-in for a feature whereby information is shared with relatives, which meant that once compromised, attackers had access to 6.9 million users: nearly half of the user base.

Facing over 30 lawsuits from victims, 23andMe is now blaming victims, according to letters seen by victims. 23andMe stated “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe”. This has caused divide in the cyber world; on one side, recycling and failing to update passwords is poor cyber hygiene and on the other hand, there are technical controls that could have better prevented this type of well known and common attack.

Source: [TechCrunch] [The Register]

Financial Sector Faces More Cyber Attacks Than Other Sectors

A recent study found that more than three-quarters (77%) of financial organisations detected an attack on their infrastructures in 2023, compared with around two-thirds (68%) of other sectors. In particular, the study found that financial workers were at a higher than average risk of phishing compared to other workers. Despite their target attractiveness, only three-quarters (73%) of the financial sector respondents said that they have a cyber security policy in place or will do so within the next year. A separate report from Kaspersky stated that the financial sector is poised to experience an influx of artificial intelligence based attacks 2024, adding to the fire.

Sources: [SC Media] [TechRadar ]

An Innocent-Looking Instagram Trend Could Be a Gift to Hackers

A recent trend that has picked up traction at the end of December on social media apps such as Instagram and TikTok, encourages their followers to “get to know them better”. This trend gets people to answer a popular template, freely giving away personal information such as their height, date of birth, and various details that they feel strongly about including favourite food and phobias. While these questions may seem harmless, these sorts of personal details are used by companies for security questions, for example when a person wants to reset their password. Hackers can use this information to easily social engineer victims or impersonate them to get access to their accounts.

Source: [Business Insider]

Cyber Criminals Shared Millions of Stolen Records During Holiday Break

While many people unwind and enjoy their time off during the festive season, cyber criminals remain active. In fact, they leaked approximately 50 million records containing sensitive personal information during this period. These data breaches were not limited to the West; they had a global impact, affecting individuals in various countries such as Peru, Australia, South Africa, and more. It is important to note that not all the data leaks were recent; some appeared to be remnants of older incidents. For instance, some of the leaked data belonged to customers of the credit company Klarna, which was rumoured to have experienced a breach back in 2022, although it was never publicly confirmed. This ‘Free Leaksmas’ event, as it’s been dubbed, underscores the extensive global reach and serious consequences of these cyber criminal activities.

Sources: [Security Affairs] [Dark Reading]

Law Firm that Handles Data Breaches was Itself Hit by Data Breach

Orrick, Herrington & Sutcliffe, a law firm specialising in managing security incidents for other companies, has disclosed more details of the cyber attack it itself experienced in March 2023. The breach compromised the sensitive health and personal information of over 637,000 individuals. The stolen data was linked to client organisations and included the names of individuals alongside their social security numbers, medical details, and financial information. Despite the firm's expertise in cyber security, the attack highlights the pervasive risk of data breaches, even among those who advise on such matters. Orrick's delayed response and subsequent legal settlements underscore the importance of proactive security measures and swift action in the wake of a breach. This incident serves as a stark reminder to all organisations of the need for robust cyber defences and transparent communication strategies in today's digital landscape. The law firm has recently settled in principle to resolve four class action lawsuits that accused Orrick of failing to inform victims of the breach until months after the incident.

Source: [TechCrunch]

Nigerian Hacker Arrested for Stealing Millions from Charities

A Nigerian national, Olusegun Samson Adejorin, has been arrested for charges relating to business email compromise attacks that caused a charitable organisation in the US to lose more than $7.5 million. Adejorin had purchased a credential harvesting tool to steal login credentials, which were used to send emails to the charity’s financial service provider. The emails requested and authorised a transfer of $7.5 million, which the investment services provider believed it was paying to the charity whereas it was paying into a bank account controlled by the attacker.

Source: [Bleeping Computer]

Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud

A cyber criminal gang known as GXC Team has been seen selling an artificial intelligence tool for creating fraudulent invoices. The tool, known as Business Invoice Swapper, scrutinises compromised emails that are fed to it, looking for emails which mention invoices or include invoice attachments. It then alters the details of the intended recipient to details specified by the perpetrator. This altered invoice then either replaces the compromised one, or is sent to a predetermined set of contacts.

Source: [Security Affairs]

Shadow IT Threatens Corporate Cyber Security, Study Reveals

With remote working becoming more and more prevalent, organisations are finding themselves at risk of cyber threats due to what is known as shadow IT; this is any software, hardware or IT resource used without the IT department’s approval, knowledge or oversight. A study by Kaspersky found of the 77% of companies that had suffered from cyber incidents over the past two years, 11% of these were directly caused by the unauthorised use of shadow IT.

Source: [Security Brief]

Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge

In the constantly evolving cyber threat landscape, 2023 has witnessed a notable surge in the use of bots, fraud farms, and cryptojacking. A new report found that 73% of web and app traffic this year has been attributed to malicious bots and fraud farms, indicating a significant shift towards automated cyber attacks. This trend poses a heightened risk to the ecommerce sector, where cyber criminals exploit API connections and third-party dependencies.

Furthermore, the surge in cryptojacking, marked by a 399% increase, reveals a diversifying strategy among cyber criminals, targeting critical infrastructure with sophisticated methods. These developments serve as a crucial reminder for organisations to bolster their cyber defences and adopt a proactive stance against these emerging and increasingly automated threats.

Source: [Help Net Security]

Putin has Declared a Cyber War on Britain

This year over 2 billion people will vote for new governments across the world, and it is crucial to be aware of upcoming threats to these elections from foreign powers. In particular, Russia is notorious for deploying bots, trolls, and deepfakes, which are techniques used to manipulate information and influence public opinion. These malicious actors are adept at spreading misinformation and disinformation, often with the goal of interfering in elections. With the upcoming UK General Election in 2024 and the US Presidential Election also falling this year, it is imperative to exercise caution and discernment when consuming online content. Not everything we see can be taken at face value.

Source: [Telegraph]

Governance, Risk and Compliance

• Thoughts for Boards: Key Issues in Corporate Governance for 2024 (harvard.edu)

• Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Help Net Security

• Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security

• Navigating the New Age of Cyber Security Enforcement (darkreading.com)

• Facts and misconceptions about cyber security budgets - Help Net Security

• Budget cuts take a toll on IT decision makers' mental health - Help Net Security

• Consumers prepared to ditch brands after cyber security issues - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Firms urged to stop ransomware payments as attacks become “astronomical” (emergingrisks.co.uk)

• How ransomware could cripple countries, not just companies (economist.com)

• New Black Basta decryptor exploits ransomware flaw to recover files (bleepingcomputer.com)

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• Sophos reports spike in ransomware groups using remote encryption (securitybrief.co.nz)

• Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop (securityaffairs.com)

• Police locate missing Chinese student who was victim of ‘cyber kidnapping’ (msn.com)

• Kai Zhuang: Cyber kidnapping in US illustrates growing crime trend - BBC News

• Ban on ransomware payments? The alternative isn't working • The Register

• December ransomware attacks disrupt healthcare organisations | TechTarget

• Ransomware's deadly toll: Hacking is killing patient as errors and delays plague healthcare systems, as 2,200 hospitals, schools and government entities were hit in 2023 | Daily Mail Online

• Study: Ransomware Is Actually Killing One American Per Month (tech.co)

• Zeppelin ransomware source code sold for $500 on hacking forum (bleepingcomputer.com)

Ransomware Victims

• Cyber attack on Massachusetts hospital disrupted records system, emergency services (therecord.media)

• Hospitals ask courts to force cloud storage firm to return stolen data (bleepingcomputer.com)

• Ransomware's deadly toll: Hacking is killing patients as errors and delays plague healthcare systems, as 2,200 hospitals, schools and government entities were hit in 2023 | Daily Mail Online

• Software Used by Hundreds of Museums Taken Down by Ransomware Attack (pcmag.com)

• CTS cyber attack: Disruption to home sales now over - BBC News

• Xerox says subsidiary XBS US breached after ransomware gang leaks data (bleepingcomputer.com)

• Cyber attackers breach trove of Victoria court recordings • The Register

• Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyber Attack (huntress.com)

• Estes refuses to pay off ransomware crew, says data stolen • The Register

Phishing & Email Based Attacks

• Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails (thehackernews.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

• Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)

Artificial Intelligence

• Cyber Criminals Implemented Artificial Intelligence (AI) for Invoice Fraud (securityaffairs.com)

• The Imperative of Cyber Security in the Era of AI (thefastmode.com)

• Finance orgs to face increasingly prevalent AI cyber attacks | SC Media (scmagazine.com)

• Enterprise cyber security in 2024: The AI play comes to the fore - Verdict

• Law Firms Taken Aback By The Impact Of AI And The Rise Of Exclusions On Their Cyber Insurance Policies - Above the Law

• NIST Identifies Types of Cyber Attacks That Manipulate Behaviour of AI Systems | NIST

• AI watermarking could be exploited by bad actors to spread misinformation. But experts say the tech still must be adopted quickly | FedScoop

• Use of generative AI in the legal profession accelerating despite accuracy concerns | ITPro

• A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless. - POLITICO

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• CISO Planning for 2024 May Struggle When It Comes to AI (darkreading.com)

• Reflecting on Defence and Security Strategies in the AI Era: A New Perspective for Modern Nations - Modern Diplomacy

• Cyber resilience in the age of AI | TechRadar

• Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security

• AI Is Driving a Silent Cyber Security Arms Race (govtech.com)

Malware

• Google accounts may be vulnerable to new hack, changing password won’t help | Cybernews

• Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts (bleepingcomputer.com)

• Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser

• Microsoft disables Windows app installation, again • The Register

• CISA warns of a nasty flaw abusing Excel | TechRadar

• New Version of Meduza Stealer Released in Dark Web (securityaffairs.com)

• Weak password and infostealer blamed for Orange Spain outage • The Register

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)

• Activity of Rugmi malware loader spikes | SC Media (scmagazine.com)

• Kronos Malware Reemerges with Increased Functionality (securityintelligence.com)

• Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)

• New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections (thehackernews.com)

• 29 malware families target 1,800 banking apps worldwide - Help Net Security

• Google password resets not enough to stop this malware • The Register

• 21 New Mac Malware Families Emerged in 2023 - Security Week

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

• New Bandook RAT Variant Resurfaces, Targeting Windows Machines (thehackernews.com)

Mobile

• Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week

• How to prevent hackers from breaking into your Android, stealing bank info (nypost.com)

• QR code hacking: How to protect yourself from rogue QR codes (androidpolice.com)

• 29 malware families target 1,800 banking apps worldwide - Help Net Security

Denial of Service/DoS/DDOS

• Guarding against DDoS attacks during high-traffic periods | CSO Online

• Busting three common DDoS myths (betanews.com)

Internet of Things – IoT

• Study Finds IoT Cyber Security Risk Increased 400 Percent Last Year - RFID JOURNAL

• 4 essential smart home cameras tips to protect your sensitive data

• Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)

Data Breaches/Leaks

• Cyber Criminals launched 'Leaksmas' event in the Dark Web exposing massive volumes of leaked PII and compromised data (securityaffairs.com)

• 23andMe tells victims it’s their fault that their data was breached | TechCrunch

• Law firm that handles data breaches was hit by data breach | TechCrunch

• Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week

• Here we go again: 2023’s badly handled data breaches | TechCrunch

• Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service - Security Week

• Data breach at healthcare tech firm impacts 4.5 million patients (bleepingcomputer.com)

• Highlands Oncology Group Notifies Patients of September 2023 Data Breach | Console and Associates, P.C. - JDSupra

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)

• Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)

• Accounting Firm Battling Cyber Security Lawsuit Seeks Dismissal (bloomberglaw.com)

Organised Crime & Criminal Actors

• Nigerian hacker arrested for stealing $7.5M from charities (bleepingcomputer.com)

• Hackers employ nuanced tactics to evade detection - Help Net Security

• The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)

• What’s It Like to Be the Victim of Cyber Crimes? (govtech.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Help Net Security

• Beware: Scam-as-a-Service Aiding Cyber Criminals in Crypto Wallet-Draining Attacks (thehackernews.com)

• Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)

• Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam | Tripwire

• Cyber criminals set their sights on crypto markets - Help Net Security

• Orbit Chain loses $86 million in the last fintech hack of 2023 (bleepingcomputer.com)

• Crypto-crook Sam Bankman-Fried spared a second trial • The Register

• Bitconned review — Netflix documentary about a fortune built on brazen lies

• Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)

Insurance

• 6 Cyber Security Insurance Requirements | Proofpoint US

• Cyber insurance should go hand in hand with cyber resilience | Insurance Business America (insurancebusinessmag.com)

• Law Firms Taken Aback By The Impact Of AI And The Rise Of Exclusions On Their Cyber Insurance Policies - Above the Law

Supply Chain and Third Parties

• Online museum collections down after cyber attack on service provider (bleepingcomputer.com)

• A new framework for third-party risk in the European Union | ITPro

Cloud/SaaS

• This company made a significant Google Drive security error that could put a million users at risk | TechRadar

• 5 Ways to Reduce SaaS Security Risks (thehackernews.com)

• 8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)

Identity and Access Management

• The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat

• Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)

Encryption

• Quantum Risks and Rewards: Forward-Defending Cyber Security (govinfosecurity.com)

• Saving Schrödinger’s Cat: Getting serious about post-quantum encryption in 2024 - Breaking Defence

• Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)

Linux and Open Source

• 2023: The Year Open Source Security Supply Chain Grew Up - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica

• 23andMe tells victims it’s their fault that their data was breached | TechCrunch

• The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat

• Using Stronger Passwords Among Top 2024 Digital Resolutions - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Instagram Trend Could Be a Gift to Hackers (businessinsider.com)

• Social media made $11 billion in US ad sales from minors and therefore has 'overwhelming financial incentives' to avoid protecting children, study finds | Fortune

• Cyber Attackers Target Nuclear Waste Company via LinkedIn (darkreading.com)

• Cyber Criminals Flood Dark Web with X (Twitter) Gold Accounts (darkreading.com)

• Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)

• Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack (thehackernews.com)

Malvertising

• Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’ - Security Week

• Google Just Disabled Cookies for 30 Million Chrome Users. Here’s How to Tell If You’re One of Them. (gizmodo.com)

• Social media made $11 billion in US ad sales from minors and therefore has 'overwhelming financial incentives' to avoid protecting children, study finds | Fortune

Regulations, Fines and Legislation

• New risk management framework helps with SEC mandate compliance | CSO Online

• A new framework for third-party risk in the European Union | ITPro

• Finding The Silver Lining In Cyber Regulations (forbes.com)

• Navigating the New Age of Cyber Security Enforcement (darkreading.com)

Models, Frameworks and Standards

• An Overview Of The Defence Department’s Long-awaited Proposed Regulations For Its Cyber Security Maturity Model Certification Program | Morrison & Foerster LLP - Government Contracts Insights - JDSupra

Careers, Working in Cyber and Information Security

• Cyber security skills gap poses threat to business protection measures (securitybrief.co.nz)

• Many cyber security workers feel burnt out and worry about understaffing | TechRadar

Law Enforcement Action and Take Downs

• Police investigate virtual sex assault on girl's avatar - BBC News

• The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)

• Additional cyber agents to be deployed by FBI | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)

• AI watermarking could be exploited by bad actors to spread misinformation. But experts say the tech still must be adopted quickly | FedScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• The FBI is adding more cyber focused agents to US embassies | CyberScoop

Nation State Actors

China

• CISA warns of a nasty flaw abusing Excel | TechRadar

• BT Miss Deadline to Remove All Huawei Kit from UK Core Network UPDATE - ISPreview UK

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• Three Chinese balloons float near Taiwanese airbase • The Register

Russia

• Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns (darkreading.com)

• Russian hackers were inside Ukraine telecoms giant for months – cyber spy chief – Euractiv

• Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)

• UK exposes Russia for attempted political interference (ukdefencejournal.org.uk)

• Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• Massive missile strike disrupts Kyiv's internet and power supply (therecord.media)

• The "Tallinn Mechanism" is Designed to Enhance Civilian Cyber Assistance to Ukraine

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

Iran

• Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania (securityaffairs.com)

• Multiple organisations in Iran breached by a mysterious hacker (securityaffairs.com)

• Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)

• Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online (darkreading.com)

North Korea

• Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)

• Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)

• Analysing DPRK's SpectralBlur

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• 'Everything on the internet is monitored': Israel's cyber security head - The Week

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)

• Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)

• Field spy or electronic espionage: Lebanon’s cyber security challenge against Israeli security breach - Lebanon News (lbcgroup.tv)

Vulnerability Management

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)

• 10 of the biggest zero-day attacks of 2023 | TechTarget

• Vulnerability management remains a moving target | SC Media (scmagazine.com)

Vulnerabilities

• Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser

• CISA warns of a nasty flaw abusing Excel | TechRadar

• Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Security Week

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)

• Ivanti warns critical EPM bug lets hackers hijack enrolled devices (bleepingcomputer.com)

• 10 of the biggest zero-day attacks of 2023 | TechTarget

• Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover - Security Week

• Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)

• Qualcomm chip vulnerability enables remote attack by voice call | SC Media (scmagazine.com)

• Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)

• WordPress Google Fonts Plugin Vulnerability Affects Up To +300,000 Sites (searchenginejournal.com)

• January Android Security Bulletin Arrives, So Does Pixel Update (droid-life.com)

Tools and Controls

• Why training LLMs with endpoint data will strengthen cyber security | VentureBeat

• Cyber security challenges emerge in the wake of API expansion - Help Net Security

• 6 Cyber Security Insurance Requirements | Proofpoint US

• Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security Week

• Guarding against DDoS attacks during high-traffic periods | CSO Online

• Cyber resilience in the age of AI | TechRadar

• 8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)

• Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)

Other News

• Over 100 European Banks Face Cyber Resilience Test - Infosecurity Magazine (infosecurity-magazine.com)

• Can We Protect the Ballot Box? Global Guide to Election Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks (telegraph.co.uk)

• IT and OT cyber security: A holistic approach (securityintelligence.com)

• The FBI is adding more cyber focused agents to US embassies | CyberScoop

• Hackers hit Australian state's court recording database | Reuters

• Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Firm responsible for burying the UK’s nuclear waste faces repeated cyber attacks | Engineering and Technology Magazine (theiet.org)

• Securing the Defence Industrial Base | AFCEA International

• Reflecting on Defence and Security Strategies in the AI Era: A New Perspective for Modern Nations - Modern Diplomacy

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment

According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.

Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.

Sources: [ITPro] [Emerging Risks Media Ltd]

Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions

Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.

The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.

Sources: [CIR Magazine] [Gartner]

Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies

Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.

So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.

Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.

Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]

81% of Companies had Malware, Phishing and Password Attacks in 2023

According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.

Source: [Security Magazine]

Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors

According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.

Sources: [Washington Times] [SiliconANGLE]

Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.

The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.

Sources: [NSA] [Dark Reading] [The Register]

Why Cyber Security Is a Competitive Advantage: Reaching Digital Success

In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.

However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.

Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.

Source: [Forbes]

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.

Source: [Hacker News]

66% of Employees Prioritise Daily Tasks Over Cyber Security

According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.

The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.

Source: [Security Magazine]

Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days

Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.

Source: [Security Week]

Who Is Responsible for Cyber Security? You.

Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.

Source: [Forbes]

Many Popular Websites Still Cling to Password Creation Policies From 1985

Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.

The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.

Source: [Help Net Security]

Governance, Risk and Compliance

• Who Is Responsible For Cyber Security? You. (forbes.com)

• How C-Level Executives Can Increase Cyber Resilience (forbes.com)

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast

• 7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert

• Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal

• Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)

Threats

Ransomware, Extortion and Destructive Attacks

• UK ransomware attack could bring country to a "standstill" as scathing report calls for greater security investment | ITPro

• UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)

• Ransomware Surge is Driving UK Inflation, Says Veeam - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)

• CNI 'vulnerable to ransomware' | Professional Security

• Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• The end of ransomware payments: how businesses fit into the fight | ITPro

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

• US reveals email addresses used to send ransomware demands • The Register

• Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)

Ransomware Victims

• Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE

• Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)

• US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack | TechCrunch

• Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)

• BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)

• Nissan dealerships in ANZ crippled by cyber attack - Drive

Phishing & Email Based Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• 39% of security leaders cite phishing as most feared cyber attack | Security Magazine

• Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET

• Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)

• Google Forms Used in Call-Back Phishing Scam | Tripwire

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US reveals email addresses used to send ransomware demands • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Artificial Intelligence

• SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• AI in 2024: More business use, more fraud risks | Premium | Compliance Week

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)

• Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra

• Responsibly Implementing AI, the Unstoppable Force (darkreading.com)

• How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)

• Israel's AI can produce 100 bombing targets a day in Gaza. Is this the future of war? (theconversation.com)

Malware

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)

• Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

• Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)

• Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security

• How criminals disguise URLs | Kaspersky official blog

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

• Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)

Mobile

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• Apple Testing New Stolen Device Protection Feature for iPhones - Security Week

• Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - Help Net Security

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Websites down as Newsquest hit by cyber attack - Journalism News from HoldtheFrontPage

Internet of Things – IoT

• How Cyber Security Can Build Consumer Trust In Self-Driving Vehicles (forbes.com)

Data Breaches/Leaks

• Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)

• UK Ministry of Defence Fined For Afghan Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• DNA companies should receive severe penalties for losing our data | TechCrunch

• Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)

• US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)

• Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)

• 2.5m people's data lost in Norton hospital ransomware hit • The Register

• Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)

• Toyota Financial Services discloses data breach (securityaffairs.com)

• US Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak - Security Week

• DonorView exposes 1M records for unknown time frame • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Organised Crime & Criminal Actors

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)

• Interpol strikes slavers who force people to scam you online • The Register

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE

• Dark web forums reveal next year’s cyber security threats - Digital Journal

• Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)

• How cyber criminals are using Wyoming shell companies for global hacks | Reuters

• Exploitation of the internet and the mind: How cyber criminals operate | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg

• Ledger says attacker conducted phishing attack on former employee - Blockworks

Insider Risk and Insider Threats

• 66% of employees prioritize daily tasks over cyber security | Security Magazine

• Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)

• Prison for man who wiped bank's data after being fired for accessing porn in the office (bitdefender.com)

• Employees are weaponizing private emails with colleagues | Fortune

Insurance

• Making Cyber Insurance Available for Small Biz, Contractors (darkreading.com)

Supply Chain and Third Parties

• Gartner Survey Finds 45% of Organisations Experienced Third Party-Related Business Interruptions During the Past Two Years

• UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)

• Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)

Cloud/SaaS

• Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)

• SAP's attempt to migrate security tools to cloud failed • The Register

• Cloud engineer wreaks havoc on bank's network after firing • The Register

Linux and Open Source

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Almost 90 percent say they're prepared for password-based attacks -- but half still fall for them (betanews.com)

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• Many popular websites still cling to password creation policies from 1985 - Help Net Security

Social Media

• How a social engineering hack turned these Facebook pages into a dumping ground for spam (engadget.com)

Regulations, Fines and Legislation

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• How European countries are implementing new cyber security framework – EURACTIV.com

• Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure  - Security Week

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert

• Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch

• Government plans to regulate to tackle datacentre threats | Computer Weekly

• eIDAS: EU’s internet reforms will undermine a decade of advances in online security - Help Net Security

Models, Frameworks and Standards

• MITRE Launches Critical Infrastructure Threat Model Framework - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• UK IT staff working nearly as much overtime as law enforcement | ITPro

• Getting Into Cyber Security: A Guide for IT Security Careers | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Law Enforcement Action and Take Downs

• Cloud engineer wreaks havoc on bank's network after firing • The Register

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• International justice – France offers support to the International Criminal Court to step up cyber security (12 Dec. 2023) - Ministry for Europe and Foreign Affairs (diplomatie.gouv.fr)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Nation State Actors

• What CISOs Need to Know About Nation State Actors (informationweek.com)

China

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• China's Cyber Attacks Target US Infrastructure In Preparation For Potential Conflict: Report - Benzinga

• Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)

• China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post

• CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop

• Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet  - Security Week

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• China warns its geographic data breach puts industry at risk (techinformed.com)

Russia

• Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)

• Ukraine’s Largest Phone Operator Hacked in “Act of War” - Infosecurity Magazine (infosecurity-magazine.com)

• 24 million Kyivstar users urged to change all passwords due to cyber attack / The New Voice of Ukraine (nv.ua)

• Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter - Infosecurity Magazine (infosecurity-magazine.com)

• UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)

• NCSC warning on Russian targeting | Professional Security

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation

• MI6 chief thanks Russian state television for its 'help' in encouraging Russians to spy for the UK | AP News

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• User activity showed greater increase in traffic on 3G network compared to 4G (LTE) network / The New Voice of Ukraine (nv.ua)

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)