Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider

UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.

Sources: [LBC] [The Register] [Sky News]

Security Tools Fail to Translate Risks for Executives

Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.

The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.

Source: [Help Net Security]

Gang Accused of MGM Hack Shifts Attacks to Finance Sector

The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.

Sources: [Bloomberg Law] [Claims Journal]

Are SMEs Paving the Way for Cyber Attacks on Larger Companies?

A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.

Sources: [Insurance Times] [Dark Reading]

Misconfigurations Drive 80% of Security Exposure, Report Finds

A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.

Sources: [Security Magazine]

Only 45% of Organisations Employ MFA Protections

A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.

Source: [Help Net Security]

You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever

For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.

Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.

Sources: [Security Brief] [Help Net Security] [IT Security Guru]

The Rise and Stealth of The Socially Engineered Insider

Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.

Source: [Forbes]

Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.

Sources: [Help Net Security] [IT Security Guru]

Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security

Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.

Source: [JDSupra]

Ransomware Activity Thrives, Despite Law enforcement Efforts

Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.

Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]

NATO Warns of Russian Hybrid Warfare

NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”.  The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.

Sources: [EU Reporter] [Financial Times]

Governance, Risk and Compliance

• You cannot protect what you do not understand (securitybrief.co.nz)

• Why 2024 will be the year of the CISO | CSO Online

• Security tools fail to translate risks for executives - Help Net Security

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)

• Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)

• Why SMBs are facing significant security, business risks - Help Net Security

• Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

• The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)

• CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)

• 92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire

• What's the Future Path for CISOs? (darkreading.com)

• RSAC: How CISOs Should Protect Themselves Against Indictments - Infosecurity Magazine (infosecurity-magazine.com)

• Three strategies for winning the cyber security arms race | Fintech Nexus

• Why Cyber Security Is More Important Than Ever | Inc.com

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• CIOs and CFOs, two parts of the same whole - IT Security Guru

Threats

Ransomware, Extortion and Destructive Attacks

• Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)

• The State of Ransomware 2024 - InfoRiskToday

• Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)

• Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Ransomware evolves from extortion to 'psychological attacks' • The Register

• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)

• Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security

• An overwhelming majority of organisations paid ransomware last year - eCampus News

• Global ransomware crisis worsens - Help Net Security

• The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)

• Law enforcement seized Lockbit group's website again (securityaffairs.com)

• Consultant charged with $1.5M extortion of IT giant • The Register

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• Alleged Russian hacker unmasked as Bermuda joins sanctions effort - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

• Ransomware crooks SIM swap kids to pressure parents • The Register

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• CISA boss: Secure software needed to stop ransomware • The Register

• Shields Up: How to Minimize Ransomware Exposure - Security Week

• How financial services organisations can protect valuable data in the age of ransomware (finextra.com)

• Defenders assemble: Time to get in the game – Sophos News

Ransomware Victims

• UnitedHealth’s 'egregious negligence' led to that ransomware • The Register

• Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)

• London Drugs president tight-lipped over recent cyber attack | CBC News

• Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop

• Cyber attack disrupts operations at major US health care network | CNN Business

• City of Wichita Shuts Down Network Following Ransomware Attack - Security Week

• Patient appointments imperilled by cyber attack on French radiologist (therecord.media)

• Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Social Engineering

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• What is social engineering penetration testing? | Definition from TechTarget

Artificial Intelligence

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

• Organisations go ahead with AI despite security risks - Help Net Security

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

• Strategies for preventing AI misuse in cyber security - Help Net Security

• AI is changing the game when it comes to cyber security | ITPro

• Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET

• LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)

• Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)

• How to detect deepfakes manually and using AI | TechTarget

• Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks - Infosecurity Magazine (infosecurity-magazine.com)

• Criminal Use of AI Growing, But Lags Behind Defenders - Security Week

2FA/MFA

• Only 45% of organisations use MFA to protect against fraud - Help Net Security

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

Malware

• Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (thehackernews.com)

• ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Hackers are using fake apps to distribute this dangerous Mac malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

Mobile

• Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

• Ransomware crooks SIM swap kids to pressure parents • The Register

Denial of Service/DoS/DDOS

• 87% of DDoS Attacks Targeted Windows OS Devices in 2023 (darkreading.com)

Data Breaches/Leaks

• How does a data breach affect you and why should you care? | TechRadar

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Dell customer order database stolen, for sale on dark web • The Register

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• 10,000 Customers’ Data Exposed in UK Government Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED

• Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)

• Security breach affects 6,000 German military VC meetings (avinteractive.com)

• Security company exposes 1.2M guard and suspect records • The Register

• Children's mental health records published after cyber attack - BBC News

• Georgia education agency's MOVEit data theft impacted 800K • The Register

• Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru

• Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week

• UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)

• 'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News

• Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years (bitdefender.com)

• Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)

• Dating apps kiss'n'tell all sorts of sensitive user info • The Register

Organised Crime & Criminal Actors

• Hackers of all kinds are attacking routers across the world | TechRadar

• Cyber crime stats you can't ignore - Help Net Security

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

• Threat Actors Weaponize Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Insider Risk and Insider Threats

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

Supply Chain and Third Parties

• UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)

• Details of UK military personnel exposed in huge payroll data breach | AP News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• The complexities of third-party risk management - Help Net Security

Cloud/SaaS

• What is Cloud Security in Banking? | HackerNoon

• Does cloud security have a bad reputation? | InfoWorld

Encryption

• Cop complaints won't stop E2EE, says encryption advocate • The Register

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

Linux and Open Source

• Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)

• Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)

• A Guide to Open Source Software Security - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News

• Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

• Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)

• What is credential stuffing? | Kaspersky official blog

• How secure is the “Password Protection” on your files and drives? - Help Net Security

Social Media

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

Training, Education and Awareness

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

Regulations, Fines and Legislation

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• EU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warn | TechCrunch

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

Models, Frameworks and Standards

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

Data Protection

• Privacy requests increased 246% in two years - Help Net Security

Careers, Working in Cyber and Information Security

• How workforce reductions affect cyber security postures - Help Net Security

• One in Four Tech CISOs Unhappy with Compensation - Security Boulevard

Law Enforcement Action and Take Downs

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Law Enforcement Takedowns Force Ransomware Affiliates to Diversify - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)

• LockBit leader unmasked and sanctioned - National Crime Agency

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• German police bust Europe's 'largest' scam call centre – DW – 05/02/2024

• Consultant charged with $1.5M extortion of IT giant • The Register

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs

• 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)

Nation State Actors

China

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• Geopolitical tensions rise with China. (thecyberwire.com)

• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)

Russia

• Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter

• Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)

• How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)

• EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)

• Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK

• Foreign Ministry:  Czech institutions targeted by GRU cyber attacks | Radio Prague International

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Russia slammed for cyber attacks (emergingrisks.co.uk)

• Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)

• UK joins partners in condemnation of malicious cyber activity by Russian Intelligence Services: UK government statement - GOV.UK (www.gov.uk)

• Russian cyber attacks on Germany spur intensified cyber recruitment and training   - Freelance Informer

• Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED

• Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters

• Highlights of international and Ukrainian cyber security news in April 2024 - National Security and Defence Council of Ukraine (rnbo.gov.ua)

• Poland says it too was targeted by Russian hackers – POLITICO

• Kaspersky denies claims it helped Russia with drones • The Register

Iran

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

North Korea

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Far-right websites hacked and defaced  | CyberScoop

• Threat Actors Weaponise Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Amnesty International Cites Indonesia as a Spyware Hub (darkreading.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know | WIRED

Vulnerability Management

• Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Patch management vs. vulnerability management: Key differences | TechTarget

• How remote work is changing patch management | TechTarget

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• CISA’s KEV list improving private and public-sector patching • The Register

• CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week

Vulnerabilities

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)

• Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)

• Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security

• LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)

• New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (thehackernews.com)

• New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)

• Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

• Apple just fixed an iTunes security flaw for Windows users, but they probably have bigger issues to worry about anyway | iMore

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually (securityaffairs.com)

Tools and Controls

• Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)

• Security tools fail to translate risks for executives - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• A Guide to Cyber Threat Intelligence (greydynamics.com)

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica

• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Strategies for preventing AI misuse in cyber security - Help Net Security

• Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)

• How to detect deepfakes manually and using AI | TechTarget

• What is social engineering penetration testing? | Definition from TechTarget

• How workforce reductions affect cyber security postures - Help Net Security

• What is biometrics? 10 physical and behavioural identifiers that can be used for authentication | CSO Online

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• Top 10 physical security considerations for CISOs | CSO Online

• Three Battle-Tested Tips for Surviving a Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• A SaaS Security Challenge: Getting Permissions All in One Place  (thehackernews.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Tips for Controlling the Costs of Security Tools - The New Stack

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)

Reports Published in the Last Week

• The State of Ransomware 2024 - Sophos

Other News

• Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge

• Microsoft will base part of senior exec comp on security, add deputy CISOs to product groups – GeekWire

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• Complexity leads to trade-off between risk and innovation (betanews.com)

• When has the UK faced cyber attacks in the past? | The Independent

• Man-in-the-middle attack: The new cyber security threat | YourStory

• Paris 2024 gearing up to face unprecedented cyber security threat | Reuters

• From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats - Security Week

• 38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)

• Why undersea cables need high-priority protection • The Register

• GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)

• Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar

• Fujitsu sets aside £200m as calls mount for Post Office scandal payout

• eGates across UK airports go down (thelondoneconomic.com)

• FE News | Why the education sector needs to do the homework on cyber security as attacks soar

• Caught with our pants down - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.

The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.

According to Microsoft’s detailed report on the campaign, once hackers had broken into email inboxes via the use of stolen passwords and session cookies, they would exploit their access to launch Business Email Compromise (BEC) attacks on other targets.

By creating rules on victims’ email accounts, the attackers are able to then ensure that they maintain access to incoming email even if a victim later changes their password.

The global pandemic, and the resulting increase in staff working from home, has helped fuel a rise in the adoption of multi-factor authentication.

Cyber criminals, however, haven’t thrown in the towel when faced with MFA-protected accounts. Accounts with MFA are certainly less trivial to break into than accounts which haven’t hardened their security, but that doesn’t mean that it’s impossible.

Reverse-proxy phishing kits like Modlishka, for instance, impersonate a login page, and ask unsuspecting users to enter their login credentials and MFA code. That collected data is then passed to the genuine website – granting the cyber criminal access to the site.

As more and more people recognise the benefits of MFA, we can expect a rise in the number of cyber criminals investing effort into bypassing MFA.

Microsoft’s advice is that organisations should complement MFA with additional technology and best practices.

https://www.tripwire.com/state-of-security/featured/10000-organisations-targeted-by-phishing-attack-that-bypasses-multi-factor-authentication/

• Businesses Are Adding More Endpoints, But Can’t Manage Them All

Most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks, according to a survey conducted by Ponemon Institute.

Findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organisation’s IT department or the endpoints’ operating systems have become outdated.

Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.

IT organisations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.

https://www.helpnetsecurity.com/2022/07/14/businesses-are-adding-more-endpoints/

• Ransomware Activity Resurges in Q2

Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.

The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.

The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1,000 after a 13% growth in activity during the quarter.

LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.

At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.

Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.

https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/

• One-Third of Users Without Security Awareness Training Click on Phishing URLs

Phishing attacks just won't die, and new data underscores their effectiveness among users who have not been provided security awareness training.

According to data pulled from security awareness training provider KnowBe4's clients, 32.4% of users will fall for a phish — clicking on a link or following a phony request — if those users have not had any official training. The disconnect is worse in some industry sectors, including consulting, energy and utilities, and healthcare and pharmaceuticals, where half of all untrained users fall for phishing attacks.

The data was pulled from 23.4 million simulated phishing tests conducted at more than 30,000 organisations, encompassing some 9.5 million users. According to KnowBe4, 90 days after monthly or more training, the number of phishing test fails dropped to around 17.6%, and to 5% after one year of regular awareness training.

https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing

• Ransomware Scourge Drives Price Hikes in Cyber Insurance

Cyber security insurance costs are rising, and insurers are likely to demand more direct access to organisational metrics and measures to make more accurate risk assessments.

The rising cost of ransomware attacks is helping push significant premium increases in cyber insurance policies in the UK and US, new data shows.

With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cyber security insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber insurance industry.

However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.

Panaseer notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive.

Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analysing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it. Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance.

https://www.darkreading.com/attacks-breaches/ransomware-scourge-drives-price-hikes-in-cyber-insurance

• Conventional Cyber Security Approaches Are Falling Short

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organisations are not well prepared for today’s rapidly shifting threat landscape.

On average, organisations experienced 15% more cyber security incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.

The top four causes of the most significant breaches reported by the affected organisations were:

• Human error

• Misconfigurations

• Poor maintenance/lack of cyber hygiene

• Unknown assets.

https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/

• Virtual CISOs Are the Best Defence Against Accelerating Cyber-Risks

The cyber security challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmanoeuvre security controls effortlessly.

As technology races forward, companies without a full-time CISO (Chief Information Security Officer) are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.

Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.

The best vCISO engagements are long-term contracts. Typically, there's an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.

https://www.darkreading.com/careers-and-people/virtual-cisos-are-the-best-defense-against-accelerating-cyber-risks

• Firms Not Planning for Supply Chain Threats

Enterprises are failing to plan properly for supply chain risks and cyber security threats from the wider digital ecosystem, a leading technology consultancy has warned.

According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.

The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.

The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organisations with above-average profit and revenue growth were more likely to put cyber security on the agenda at board meetings.

TCS also found that enterprises view the cloud as a more secure environment than conventional data centres and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cyber security are more likely to be able to close the skills gap, according to the study.

https://www.infosecurity-magazine.com/news/planning-supply-chain-threats/

• Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?

IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.

Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.

The Razer data breach occurred due to an issue with an IT system. It may have exposed the personal information of about 100,000 Razer customers.

The Razer data breach may have occurred due to a misconfigured Elasticsearch cluster. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.

Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is therefore responsible for the incident.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/data-breach-lawsuit-gaming-company-razer-sues-capgemini-for-7-million/

• Security Culture: Fear of Cyber Warfare Driving Initiatives

KnowBe4, the provider of security awareness training and simulated phishing platform, has conducted a survey during Infosecurity Europe, which evaluated the opinions of nearly 200 security professionals towards security culture, or more specifically: the ideas, customs and social behaviours of an organisation that influence their security practices.

The research found the threat of cyber warfare (30%) or experiencing a data breach or cyber attack (30%) were the two biggest reasons why security professionals wanted to improve security culture at their organisations. Given the current invasion of Ukraine by Russia and the resulting cyber security warnings announced by many of the world’s leading governments, improving current cyber security efforts has continued to be a top priority for many.

The study also revealed just over two thirds (67%) answered that a strong security culture would very likely reduce the risk of security incidents, with the majority (85%) directing their efforts into both improving security awareness training and communicating values expected from employees regarding security.

However, there are many obstacles when attempting to create a strong security culture, with the main issue being a lack of budget (26%) which was followed security professionals facing indifference from fellow employees (24%) and a lack of senior management support (16%).

Interestingly, just under three quarters (73%) admitted to putting an increased effort into measuring employees understanding of security – this still leaves a considerable gap of 27% that do not, something many security professionals will want to consider closing. Thankfully, 38% agree this aspect of security culture would be an area they want to improve in their organisation. When witnessing a colleague display poor security practises, 67% of UK security experts would prefer to tell the individual discreetly, while just under a third (31%) would send the member of staff training material to review. Only 18% would report the individual to the security team.

https://www.itsecurityguru.org/2022/07/11/security-culture-fear-of-cyber-warfare-driving-initiatives/

• Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors

Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.

A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.

Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.

Mixers aren’t solely used by criminals, but they are extremely popular with them. 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% of the share of other sources of funds tracked by the firm, including decentralised finance projects.

The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.

The use of mixers by North Korea state-backed hackers, and a popular mixer they employed to launder funds, made up the rest of the transfers.

https://www.cyberscoop.com/cryptocurrency-mixers-see-record-transactions-from-sanctioned-actors/

• Online Payment Fraud Expected to Cost $343B Over Next 5 Years

Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organisations more than $343 billion over the next five years.

Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report.

Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users.

https://www.darkreading.com/application-security/online-payment-fraud-expected-to-cost-343b-over-5-years

Threats

Ransomware

• Largest ransom pay-outs by cyber-insurers averaged £3.2 million in the past two years – Intelligent CISO

• Risk & Repeat: Ransomware in 2022 so far (techtarget.com)

• Paying ransomware crooks won’t reduce your legal risk, warns regulator – Naked Security (sophos.com)

• Ransomware Attacks Reign Supreme in 2022 - MSSP Alert

• BlackCat (aka ALPHV) ransomware is increasing stakes up to $2.5 million in demands - Help Net Security

• New Lilith ransomware emerges with extortion site, lists first victim (bleepingcomputer.com)

• Experts warn of the new 0mega ransomware operation - Security Affairs

• Organisations Warned of New Lilith, RedAlert, 0mega Ransomware | SecurityWeek.Com

• Microsoft links H0ly Gh0st ransomware operation to North Korean hackers (bleepingcomputer.com)

• Feds Issue Warning for North Korean-backed Ransomware Hijackers - MSSP Alert

• Ransomware gang now lets you search their stolen data (bleepingcomputer.com)

• Rise in ransomware drives IT leaders to implement data encryption - Help Net Security

• BlackCat Ransomware Group Deploys Brute Ratel Pen Testing Kit - Infosecurity Magazine (infosecurity-magazine.com)

• Bandai Namco confirms hack after ALPHV ransomware data leak threat (bleepingcomputer.com)

• 1.9m patients' medical data exposed in PFC ransomware attack • The Register

Phishing & Email Based Attacks

• Email scams are getting more personal – they even fool cyber security experts (theconversation.com)

• New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials (darkreading.com)

• Hackers impersonate cyber security firms in callback phishing attacks (bleepingcomputer.com)

• $8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)

• Almost a third of untrained users will click a phishing link - KnowBe4 research - IT Security Guru

• PayPal phishing kit added to hacked WordPress sites for full ID theft (bleepingcomputer.com)

Other Social Engineering

• Rise In Smishing Scams, Why And How To Protect? (informationsecuritybuzz.com)

• How Hackers Create Fake Personas for Social Engineering (darkreading.com)

• How attackers abuse Quickbooks to send phone scam emails - Help Net Security

Malware

• Criminals are now posing as security companies to trick you into installing malware | TechRadar

Mobile

• New Android malware on Google Play installed 3 million times (bleepingcomputer.com)

• The weaponizing of smartphone location data on the battlefield - Help Net Security

Internet of Things – IoT

• Honda Admits Hackers Could Unlock Car Doors, Start Engines | SecurityWeek.Com

• Watch This $80,000 Tesla Model Y Get Hacked With $20 Hardware - autoevolution

Data Breaches/Leaks

• Fewer Individuals Fall Victim to Data Breaches as Attackers Switch to Business in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• A look inside Russian cyber crime syndicate TrickBot reveals an organised, potent adversary - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto Scams Soar Despite Crash (informationsecuritybuzz.com)

• Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why? | Ars Technica

• Falling Cryptocurrency Market Stalling Cyber Crime Activity - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers stole $620 million from Axie Infinity via fake job interviews (bleepingcomputer.com)

Insider Risk and Insider Threats

• Joshua Schulte Convicted of Leaking CIA 'Vault 7' to Wikileaks (gizmodo.com)

Fraud, Scams & Financial Crime

• New Phishing Kit Hijacks WordPress Sites for PayPal Scam (darkreading.com)

Insurance

• Cyber Insurers Looking for New Risk Assessment Models - Infosecurity Magazine (infosecurity-magazine.com)

• How War Impacts Cyber Insurance | Threatpost4

• The cyber insurance market has a critical infrastructure problem - CyberScoop

Supply Chain and Third Parties

• 3 Golden Rules of Modern Third-Party Risk Management (darkreading.com)

Denial of Service DoS/DDoS

• Mantis, the tiny shrimp that launched 3,000 DDoS attacks • The Register

Identity and Access Management

• Report: Financial Institutions Overly Complacent About Current Authentication Methods (darkreading.com)

• Access Permissions: Manual Reviews Less Effective than Automation, Netwrix Study Finds - MSSP Alert

Encryption

• What to do now about tomorrow’s code-cracking computers | The Economist

Social Media

• Facebook 2FA scammers return – this time in just 21 minutes – Naked Security (sophos.com)

• Disneyland Social Media Hacked - IT Security Guru

Training, Education and Awareness

• Accessible Cyber security Awareness Training Reduces Your Risk of Cyber Attack (darkreading.com)

Privacy

• New Cache Side Channel Attack Can De-Anonymize Targeted Online Users (thehackernews.com)

• Amazon handed Ring video to police without warrant, consent • The Register

• TikTok Chief Security Officer Steps Down Amid Concerns About Privacy (businessinsider.com)

Regulations, Fines and Legislation

• Proposed SEC Rules Require More Transparency About Cyber-Risk (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine's Cyber Agency Reports Q2 Cyber-Attack Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber espionage groups increasingly target journalists and media organisations | CSO Online

• Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (darkreading.com)

• The Man at the Centre of the New Cyber World War - POLITICO

• How War Impacts Cyber Insurance | Threatpost

• Lithuanian Energy Firm Disrupted by DDOS Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Security vendor splits to address Russia’s war in Ukraine • The Register

• Apple previews Lockdown Mode, a new extreme security feature | ZDNet

Nation State Actors

Nation State Actors – North Korea

• ‘Nobody is holding them back’ — North Korean cyber-attack threat rises (cointelegraph.com)

• North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware - Microsoft Security Blog

Nation State Actors – Misc APT

• APT groups target journalists and media organisations since 2021 - Security Affairs

Vulnerability Management

• Rethinking Vulnerability Management in a Heightened Threat Landscape | Threatpost

• Using shields up to secure credentials and mitigate vulnerabilities (scmagazine.com)

• The enemy of vulnerability management? Unrealistic expectations - Help Net Security

Vulnerabilities

• DHS warns: Expect Log4j risks for 'a decade or longer' • The Register

• Microsoft's Patch Tuesday fixes one bug under active exploit • The Register

• Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (cisecurity.org)

• CISA orders agencies to patch new Windows zero-day used in attacks (bleepingcomputer.com)

• Flaw in Netwrix Auditor application allows arbitrary code execution - Security Affairs

• Elastix VoIP systems hacked in massive campaign to install PHP web shells (bleepingcomputer.com)

• Hackers Targeting VoIP Servers by Exploiting Digium Phone Software (thehackernews.com)

• Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature | The Daily Swig (portswigger.net)

• Anvil Mobile Hit By New Exploit - DNS Hijacking. (informationsecuritybuzz.com)

• Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now (darkreading.com)

• Patch these Juniper Networks bugs, CISA says • The Register

• Buggy WordPress plugin allows complete site takeover • The Register

• VMware patches vCenter Server flaw disclosed in November (bleepingcomputer.com)

• Vulnerabilities that could allow undetectable infections affect 70 Lenovo laptop models | Ars Technica

• AMD, Intel chips vulnerable to 'Retbleed' Spectre variant • The Register

• Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs (bleepingcomputer.com)

• Microsoft releases PoC exploit for macOS sandbox escape vulnerability (bleepingcomputer.com)

• AWS squashes authentication bugs in Kubernetes service • The Register

• Lenovo fixes trio of UEFI vulnerabilities • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in. 

• Automotive

• Construction

• Critical National Infrastructure (CNI)

• Defence & Space

• Education & Academia

• Energy & Utilities

• Estate Agencies

• Financial Services

• FinTech

• Food & Agriculture

• Gaming & Gambling

• Government & Public Sector (including Law Enforcement)

• Health/Medical/Pharma

• Hotels & Hospitality

• Insurance

• Legal

• Manufacturing

• Maritime

• Oil, Gas & Mining

• OT, ICS, IIoT, SCADA & Cyber-Physical Systems

• Retail & eCommerce

• Small and Medium Sized Businesses (SMBs)

• Startups

• Telecoms

• Third Sector & Charities

• Transport & Aviation

• Web3

Reports Published in the Last Week

State of Authentication in the Finance Industry 2022 | HYPR

Online Payment Fraud Market Report 2022-27: Size, Share, Trends (juniperresearch.com)

Other News

5 key considerations for your 2023 cyber security budget planning | CSO Online

What Are the Risks of Employees Going on a 'Hybrid Holiday'? (darkreading.com)

New ‘Luna Moth’ hackers breach orgs via fake subscription renewals (bleepingcomputer.com)

Experian accounts could still be at risk from hackers | TechRadar

Cyber security skills surpass cloud skills as this year's training priority, if professionals can find the time | ZDNet

Average American Accesses Suspicious Sites 6.5 Times a Day - Infosecurity Magazine (infosecurity-magazine.com)

Mergers and acquisitions are a strong zero-trust use case • The Register

Recruitment agency Morgan Hunt confirms 'cyber incident' • The Register

New Exploit Attacks UK Routers and Runs Up Mobile Data Bills - ISPreview UK

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub (darkreading.com)

CEO of Dozens of Companies Charged in Scheme to Traffic An Estimated $1bn in Fake Cisco Devices - Infosecurity Magazine (infosecurity-magazine.com)

Data breaches explained: Types, examples, and impact | CSO Online

President of European Central Bank Christine Lagarde targeted by hackers - Security Affairs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Sharp Rise in SMB Cyber Attacks by Russia and China

SaaS Alerts, a cloud security company, unveiled the findings of its latest report which analysed approximately 136 million security events across 2,100 small and medium businesses (SMBs) globally and identified cyber trends negatively impacting businesses.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from Russia and China. The data set is statistically significant and enables solution providers managing a portfolio of SaaS applications with pertinent data and trends to support defensive IT security re-alignments as required.

https://www.helpnetsecurity.com/2022/03/09/saas-security-events-smbs/

We're Seeing An 800% Increase in Cyber Attacks, Says One Managed Service Provider

Revenge and inflation are believed to be key drivers behind an 800 percent increase in cyber attacks seen by a single managed services provider since the days before the onset of Russia's invasion of Ukraine last month.

The attacks are coming not only from groups inside of Russia but also from elsewhere within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats.

The MSP serves about 2,400 companies around the world, most of them small businesses and midsize enterprises and most in North America. The MSP said it has seen the spike in cyber attacks throughout its customer base.

The sharp rise has been attributed to pro-Russian cyber criminal groups linked to nation states lashing out at countries – first Ukraine and then Western countries – angry at the sanctions being levelled against Russia. At the same time, the sharp inflation that is spreading around the world is also hitting hackers, who need to make money to keep up with rising costs.

https://www.theregister.com/2022/03/11/russia-invasion-cyber-war-rages/

Internet Warfare: How the Russians Could Paralyse Britain

The collapse of critical national infrastructure is a science fiction staple. Fifty years ago, actively switching off a country’s water and power networks would have required huge physical damage to power stations and the sources of those services. Today, however, many of the tools we use every day are connected to the internet.

All of those things now have remote access — and therefore, all of them could be vulnerable.

Ukraine has been blitzed by cyber attacks since the annexation of Crimea in 2014 and they have increased in the lead-up to the invasion. As Russia marched into Ukraine, British officials were concerned about “spillover” from any cyber offensives targeted thousands of miles away.

In today’s interconnected digital world, the reality is that distance from the conflict zone makes no difference.

As the West fears a cyber-reprisal, what would a successful attack look like in Britain — and how likely is a complete “network failure”?

https://www.thetimes.co.uk/article/russia-cyberattack-uk-what-would-happen-l3dt98dmb

Just 3% Of Employees Cause 92% Of Malware Events

A small group of employees is typically responsible for most of the digital risk in an organisation, according to new research.

The report, from cybersecurity company Elevate Security and cyber security research organisation Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

https://www.itpro.co.uk/security/malware/366011/just-3-of-employees-cause-92-of-malware-events

70% Of Breached Passwords Are Still in Use

A new report examines trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured Personally Identifiable Information (PII) records obtained from breaches in 2021.

Through its analysis of this data, it was found that despite increasingly sophisticated and targeted cyber attacks, consumers continue to engage in poor cyber practices regarding passwords, including the use of similar passwords for multiple accounts, weak or common passwords and passwords containing easy-to-guess words or phrases connected to pop culture.

https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/

Organisations Taking Nearly Two Months to Remediate Critical Risk Vulnerabilities

Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.

The report reveals that organisations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.

High rates of “known” (i.e. patchable) vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old. These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.

https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/

Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes.

The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorised transactions.

Like most banking trojans, Escobar displays overlay login forms to hijack user interactions with e-banking apps and websites and steal credentials from victims.

The malware also packs several other features that make it potent against any Android version, even if the overlay injections are blocked in some manner.

The authors have expanded the set of targeted banks and financial institutions to a whopping 190 entities from 18 countries in the latest version.

https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/

Smartphone Malware Is on The Rise - Here's How to Stay Safe

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cyber security researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.

https://www.techradar.com/nz/news/smartphone-malware-is-coming-for-more-and-more-of-us

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be wary of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine.

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

“In the face of mounting economic pressure on Russia, it is vitally important for financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das in a press statement.

https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/

How An 8-Character Password Could Be Cracked in Less Than an Hour

Security experts keep advising us to create strong and complex passwords to protect our online accounts and data from savvy cybercriminals. And “complex” typically means using lowercase and uppercase characters, numbers and even special symbols. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems.

As described in a recent report, Hive found that an 8-character complex password could be cracked in just 39 minutes if the attacker were to take advantage of the latest graphics processing technology. A seven-character complex password could be cracked in 31 seconds, while one with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, would take just minutes to crack.

https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

Cyber insurance is a significant industry and growing fast — according to GlobalData, it was worth $7 billion in gross written premiums in 2020. The cyber-insurance market is expected to reach $20.6 billion by 2025. Over the past few years, the cyber-insurance market was competitive, so premiums were low and policies were comprehensive. Over the past year, that has changed — the volume of claims has gone up and led to more payouts, which affected the insurance companies' profitability.

The recent Log4j issue will affect how insurance and reinsurance companies write their policies in future. Already, we're seeing discussions about Log4j-related issues being excluded from reinsurance policies in 2022, as many policies came up for renewal on Dec. 31, 2021. This will affect the policies that insurance companies can offer to their customers.

What does this mean for IT security teams? For practitioners, it will make their work more important than before, as preventing possible issues would be more valuable to the business. Carrying out standard security practices like asset inventory and vulnerability management will be needed, while examining software bills of materials for those same issues will help on the software supply chain security side. These practices will also need to be highly automated, as business must be able to gain accurate insights within hours, not months, to deal with future threats while reducing the cost impact.

For those responsible for wider business risk, these developments around cyber insurance will present a more significant problem. Cyber-insurance policies will still be available — and necessary where needed — but the policies themselves will cover less ground. While the past few years had pretty wide-ranging policies that would pay out on a range of issues, future policies will deliver less coverage.

https://www.darkreading.com/risk/cyber-insurance-and-business-risk-how-the-relationship-is-changing-reinsurance-policy-guidance-

Security Teams Prep Too Slowly for Cyber Attacks

Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analysing training and crisis scenarios.

The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.

The amount of time it takes for security professionals to get up to speed on new threats matters. CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Immersive Labs.

https://www.darkreading.com/risk/security-teams-prep-too-slowly-for-cyberattacks

Threats

Ransomware

• Inside Conti leaks: The Panama Papers of Ransomware - The Record by Recorded Future

• Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research

• Oh, The Irony! Conti Ransomware Gang, Which Leaked Ransomware Victims’ Data, Has Its Own Data Leaked (grahamcluley.com)

• CISA Added 98 Domains To The Joint Alert Related To Conti Ransomware Gang - Security Affairs

• Ragnar Locker Ransomware - What You Need To Know (tripwire.com)

• Conti Ransomware Group Spent Millions In 2021 - IT Security Guru

• Ragnar Locker Ransomware Hits Critical Infrastructure • The Register

• Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others (darkreading.com)

• FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs (bleepingcomputer.com)

• Alleged REvil Ransomware Hacker Extradited And Arraigned In Texas | CSO Online

• Bridgestone Americas Confirms Ransomware Attack, LockBit Leaks Data (bleepingcomputer.com)

Phishing & Email

• How Phishing Email Are Evading Email Security - MSSP Alert

• Watch Out For This Phishing Attack That Hijacks Your Email Chats To Spread Malware | ZDNet

• The Most Impersonated Brands In Phishing Attacks - Help Net Security

Malware

• Nvidia's Stolen Data Is Being Used To Disguise Malware As GPU Drivers | PC Gamer

• Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads | Threatpost

• Emotet Botnet Is Rapidly Growing, +130K Bots Spread Across 179 Countries - Security Affairs

• Raccoon Stealer Crawls Into Telegram | Threatpost

• All About the Bots: What Botnet Trends Portend for Security Pros | SecurityWeek.Com

Mobile

• Smartphone malware is on the rise, here's what to watch out for | ZDNet

• Samsung Confirms Hackers Stole Galaxy Devices Source Code (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Cyber Criminals Are Posing As Ukraine Fundraisers To Steal Cryptocurrency - CyberScoop

• Cyber Criminals Compromise Users With Malware Disguised As Pro-Ukraine Cyber Tools - Cisco Talos Intelligence Group

Cryptocurrency/Cryptomining/Cryptojacking

• Russians Liquidating Crypto In The UAE As They Seek Safe Havens | Reuters

Fraud, Scams & Financial Crime

• Consumers Worried About Digital Banking Security - Infosecurity Magazine (infosecurity-magazine.com)

• Shipping Fraud Quickly Emerging As One Of The Top Fraud Types - Help Net Security

Insurance

• The Cyber Insurance Market Needs More Money (hbr.org)

Supply Chain

• Major Tech Firms Launch Security First Initiative To Combat Third-Party Data Breaches - Help Net Security

DoS/DDoS

• Mitel VoIP Systems Used In Staggering DDoS Attacks • The Register

• In-The-Wild DDoS Attack Can Be Launched From A Single Packet To Create Terabytes Of Traffic | ZDNet

• Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers | Threatpost

• The Fight Against the Hydra: New DDoS Report from Link11 (darkreading.com)

• Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks (thehackernews.com)

Parental Controls and Child Safety

• Still Too Many Parents Don't Monitor Their Children's Online Activity - Help Net Security

Spyware, Espionage & Cyber Warfare

• ‘We are not ready’: a Cyber Expert on US Vulnerability to a Russian Attack | Cyberwar | The Guardian

• China-Aligned APT Renews Cyber Attack On European Diplomats, As War Rages | CSO Online

• European Lawmakers Launch Investigation Into Use Of Pegasus Spyware By EU States | TechCrunch

Nation State Actors

Nation State Actors - Russia

• Jump In Cyber Attacks Since Start Of Ukraine Invasion (rte.ie)

• Will Russian Oil Ban Spur Increased Cyber-Attacks (trendmicro.com)

• Russia to Create Its Own Security Certificate Authority, Alarming Experts - CyberScoop

• Russian APTs Furiously Phish Ukraine – Google | Threatpost

• Russia Mulls Legalizing Software Piracy As It’s Cut Off From Western Tech | Ars Technica

• Ukrainian IT Army Hijacked by Infostealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (thehackernews.com)

• French Bank Denies Access to Russian Workforce - Infosecurity Magazine (infosecurity-magazine.com)

• New RURansom Wiper Targets Russia (trendmicro.com)

• Anonymous & its Affiliates Hacked 90% of Russian Misconfigured Databases (hackread.com)

• Anonymous Claims to Have Leaked Over 360,000 Files From Russian Federal Agency - Infosecurity Magazine

Nation State Actors - China

• Chinese Phishing Actors Consistently Targeting EU Diplomats (bleepingcomputer.com)

• Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks - Information Security Buzz

• Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (thehackernews.com)

Nation State Actors – North Korea

• Targeted APT Activity: BABYSHARK Is Out for Blood - MSSP Alert

Nation State Actors - Iran

• Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (thehackernews.com)

Vulnerabilities

• Linux Has Been Bitten By Its Most High-Severity Vulnerability In Years | Ars Technica

• High Rates Of Known, Exploitable Vulnerabilities Still Found In The Wild, Report Reveals - IT Security Guru

• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday | Threatpost

• New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs (thehackernews.com)

• Google Attempts to Explain Surge in Chrome Zero-Day Exploitation | SecurityWeek.Com

• “Dirty Pipe” Linux Kernel Bug Lets Anyone Write To Any File – Naked Security (sophos.com)

• Microsoft Azure Flaw Allowed Unauthorized Account Access • The Register

• Intel, AMD, Arm Warn Of New Speculative Execution CPU Bugs (bleepingcomputer.com)

• Adobe Patches 'Critical' Security Flaws in Illustrator, After Effects | SecurityWeek.Com

• Up to 30% of WordPress Plugin Bugs Don't Get Patched - IT Security Guru

• Within Hours of the Log4j Flaw Being Revealed, These Hackers Were Using It | ZDNet

• Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape | Threatpost

• Microsoft Warns of Spoofing Vulnerability in Defender for Endpoint | SecurityWeek.Com

• Microsoft Fixes Critical Azure Bug That Exposed Customer Data (bleepingcomputer.com)

• Researchers Disclose New Spectre V2 Vulnerabilities (techtarget.com)

• Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices (thehackernews.com)

• Over 40% of Log4j Downloads Are Vulnerable Versions of the Software (darkreading.com)

• HP Patches 16 UEFI Firmware Bugs Allowing Stealthy Malware Infections (bleepingcomputer.com)

• Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (thehackernews.com)

Sector Specific

Health/Medical/Pharma Sector

• Medical and IoT Devices From More Than 100 Vendors Vulnerable to Attack (darkreading.com)

• Oklahoma Hospital Data Breach Impacts 92,000 People - Infosecurity Magazine

Transport and Aviation

• Finnish Govt Agency Warns Of Unusual Aircraft GPS Interference (bleepingcomputer.com)

Automotive

• Small Business Owners Worried About The Cyber Security Of Their Commercial Vehicles - Help Net Security

CNI, OT, ICS, IIoT and SCADA

• ICS Vulnerability Disclosures Surge 110% Over The Last Four Years - Help Net Security

• New Security Threats Target Industrial Control And OT Environments - CyberScoop

Reports Published in the Last Week

• 2022 Vulnerability Statistics Report - Edgescan

• Pinpoint the Origins of Workforce Risk - Elevate Security

Other News

• Why You Should Be Using CISA's Catalog of Exploited Vulns (darkreading.com)

• How Attackers Sidestep The Cyber Kill Chain | CSO Online

• How to Combat the No. 1 Cause of Security Breaches: Complexity (darkreading.com)

• Every Business Is A Cyber Security Business - Help Net Security

• Operationalising a “Think Like The Enemy” Strategy | CSO Online

• SpaceX Shifts Resources To Cyber Security To Address Starlink Jamming - SpaceNews

• Report: Cyber Security Teams Need Nearly 100 Days To Develop Threat Defenses | VentureBeat

• 6 Potential Enterprise Security Risks With NFC Technology (techtarget.com)

• BBC Targeted With 383,278 Spam, Phishing And Malware Attacks Every Day - Help Net Security

• Ubisoft Says It Experienced A ‘Cyber Security Incident’, And The Purported Nvidia Hackers Are Taking Credit - The Verge

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Strain Of Ransomware Implements Self-Spreading Capabilities

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks.

This new version has a new attribute that allows it to self replicate over the local network allowing the malware to propagate itself – machine to machine – within the Windows domain. Once launched, it will spread itself to every Windows machine it can reach.

https://securityaffairs.co/wordpress/115064/reports/ryuk-ransomware-self-spreading-capabilities.html

One In Four People Use Work Passwords For Consumer Websites

The report found that one in four consumers admit to using their work email or passwords to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps. The report found that consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic.

https://www.helpnetsecurity.com/2021/02/26/use-work-passwords-for-consumer-websites/

Massive Rise In Threats Across Expanding Attack Surfaces

New malware samples nearly doubled: New ransomware samples increased 106% year-over-year. Trojans increased 128%, with threat actors using trojans to exploit lower-severity vulnerabilities. Sophisticated, multi-staged attacks and malware-as-a-service have become the norm. Vulnerabilities hit a new high: 18,341 new vulnerabilities in 2020 have been reported. To stay ahead of attacks, security and risk leaders need sophisticated insights into which vulnerabilities are high-risk and remediation options for all assets, including non-patching options.

https://www.helpnetsecurity.com/2021/02/26/expanding-attack-surfaces/

Half of Organisations Concerned Remote Working Puts Them at Greater Risk of Cyber Attacks

Half of organizations are concerned that the shift to remote work is putting them a greater risk of Cyber Attacks, according to a new study with IDG. A survey of UK CIOs, CTOs and IT decision makers revealed that insecure practices are regularly taking place among remote workers, providing more opportunities for Cyber Criminals to strike.

https://www.infosecurity-magazine.com/news/half-orgs-remote-working-risk/

Microsoft Patches Four Zero-Day Exchange Server Bugs

Microsoft has been forced to release out-of-band patches to fix multiple zero-day vulnerabilities being exploited by Chinese state-backed threat actors. The unusual step was taken to protect customers running on-premises versions of Microsoft Exchange Server.

https://www.infosecurity-magazine.com/news/microsoft-patch-four-zeroday/

A Booming Trade In Bugs Is Undermining Cyber Security

If you discover that a favourite vending-machine dispenses free chocolate when its buttons are pressed just so, what should you do? The virtuous option is to tell the manufacturer, so it can fix it. The temptation is to gorge.

https://www.economist.com/books-and-arts/2021/03/06/a-booming-trade-in-bugs-is-undermining-cyber-security

Is Your Browser Extension A Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/

Cyber Attack Shuts Down Online Learning At 15 UK Schools

A threat actor was able to access the trust's central network infrastructure and while an investigation took place, all existing phone, email, and website communication had to be pulled. Students are still learning remotely in England. Schools are set to reopen on March 8, but in the meantime, only a small subset of children are attending school physically, such as the children of key workers.

https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/

First Fully Weaponized Spectre Exploit Discovered Online

A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered and targets Spectre, a major vulnerability that was disclosed in January 2018. According to its website, the Spectre bug is a hardware design flaw in the architectures of Intel, AMD, and ARM processors that allows code running inside bad apps to break the isolation between different applications at the CPU level and then steal sensitive data from other apps running on the same system.

https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

Solarwinds Security Fiasco May Have Started With Simple Password Blunders

We still do not know just how bad the SolarWinds security breach is. We do know over a hundred US government agencies and companies were cracked. "The largest and most sophisticated attack the world has ever seen," with more than a thousand hackers behind it. It may have all started when an intern first set an important password to "'solarwinds123." Then, adding insult to injury, the intern shared the password on GitHub.

https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders/

Threats

Ransomware

• Data analytics agency Polecat held to ransom after server exposed 30TB of records

• Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

• Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

• Search crimes – how the Gootkit gang poisons Google searches

• Qualys hit with ransomware: customer invoices leaked on extortionists' tor blog

Phishing

• COVID19 Vaccine Phishing Scams Surge 26% in Three Months

Malware

• Compromised Website Images Camouflage ObliqueRAT Malware

• Malicious NPM packages target Amazon, Slack with new dependency attacks

Mobile

• This new jailbreak threat could put nearly all iPhones at risk

Vulnerabilities

• These Microsoft Exchange Server zero-day flaws are being used by hackers, so update now

• High severity Linux network security holes found, fixed

• Working Windows and Linux Spectre exploits found on VirusTotal

• Google shares PoC exploit for critical Windows 10 Graphics RCE bug

• Another Chrome zero-day exploit – so get that update done!

• If you own a MacBook, download and install macOS Big Sur 11.2.2 ASAP

Data Breaches

• Data is the world’s most valuable (and vulnerable) resource

• Far-Right Platform Gab Has Been Hacked—Including Private Data

• Singapore Airlines frequent flyer members hit in third-party data security breach

Organised Crime

• Three Top Russian Cyber Crime Forums Hacked

• Hackers share methods to bypass 3D Secure for payment cards

• Cyber Crime 'Help Wanted': Job Hunting on the Dark Web

Dark Web

• The 20 Most Common Passwords Found On The Dark Web

Supply Chain

• Why supply chains are today's fastest growing cyber security threat

• Bombardier is latest victim of Accellion supply chain attack

Nation-State Actors

• Indian cyber espionage activity rising amid growing rivalry with China, Pakistan

• Microsoft accuses China over email cyber-attacks

• New nation-state cyber attacks

• Lazarus Targets Defense Companies with ThreatNeedle Malware

• Security News This Week: The SolarWinds Body Count Now Includes NASA and the FAA

Privacy

• How To Reclaim Your Privacy from Windows 10

• Home-security cameras have become a fruitful resource for law enforcement — and a fatal risk

Reports Published in the Last Week

• Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Other News

• Next Cyber War will hit regular People online

• Prime-factor mathematical foundations of RSA cryptography ‘broken’, claims cryptographer

• Criminals 'Posing As Cyber Security Experts' As Number Of Firms Rises

• NSA, Microsoft promote a Zero Trust approach to cyber security

• Inside the race to keep secrets safe from the quantum computing revolution

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.