Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions

The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.

The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.

Source: [iNews]

Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance

Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.

Sources: [The Record] [Security Affairs]

The Most Popular Passwords of 2023 are Easy to Guess and Crack

NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.

Source: [gHacks]

Dangerous Malware Pretends to be Some of Your Most Used Business Software

Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.

Source: [TechRadar]

MFA Helps You Stay Resilient, But Nothing is a Silver Bullet

Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.

Source: [Help Net Security]

Ransomware Leak Site Victims Reached Record-High in November

Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.

Source: [Infosecurity Magazine]

MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023

2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.

Source: [TechCrunch]

Europol Warns 443 Online Shops Infected with Credit Card Stealers

Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.

Source: [Bleeping Computer]

Physical Access Systems Open Door to IT Networks

Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.

Source: [Dark Reading]

Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks

Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.

Source: [Pymnts]

Daily Malicious Files Rise to 411,000 a day in 2023

Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.

Source: [Infosecurity Magazine]

Android Malware Actively Infecting Devices to Take Full Control

Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.

Source: [GBhackers]

Governance, Risk and Compliance

• Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)

• Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)

• 8 big IT failures of 2023 | CIO

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Leak Site Victims Reached Record-High in November - Infosecurity Magazine (infosecurity-magazine.com)

• Rethinking data security in the age of ransomware and AI - SiliconANGLE

• Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)

• Do the casino ransomware attacks make the case to pay? • The Register

• Windows CLFS and five exploits used by ransomware operators | Securelist

• Cyber crime experts reveal how to infiltrate ransomware gangs • The Register

• How ransomware operators try to stay under the radar | Malwarebytes

• How many times are you going to think about ransomware in 2024? (betanews.com)

• The Most Dangerous People on the Internet in 2023 | WIRED

Ransomware Victims

• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch

• Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)

• Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)

• Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week

• Indian IT services giant HCL Technologies hit by ransomware | TechRadar

• LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)

• Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)

• Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops

• After cyber attack, New York hospitals find stolen patient info stored in Massachusetts, look for its return (databreaches.net)

Artificial Intelligence

• Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)

• Justice Secretary in Deepfake General Election Warning - Infosecurity Magazine (infosecurity-magazine.com)

• H2 2023 Threat Landscape Dominated by AI and Android Spyware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week

• Rethinking data security in the age of ransomware and AI - SiliconANGLE

• Largest Dataset Powering AI Images Removed After Discovery of Child Sexual Abuse Material (404media.co)

• GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)

• Why data, AI, and regulations top the threat list for 2024 - Help Net Security

• 5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)

• The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week

• Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)

• Ethical Implications of AI in Cyber Security | HackerNoon

2FA/MFA

• 3 main tactics attackers use to bypass MFA - Help Net Security

Malware

• Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)

• This dangerous malware pretends to be some of your most-used business software tools, so watch out | TechRadar

• Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)

• Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)

• This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar

• 'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)

• Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)

• UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)

• New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)

• Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)

• Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)

• Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day - Security Week

• Daily Malicious Files Soar 3% in 2023, Kaspersky Finds - Infosecurity Magazine (infosecurity-magazine.com)

• Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)

• New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)

• Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)

• How the new Instegogram threat creates liability for organisations | CSO Online

Mobile

• TikTok makes users give iPhone passwords, reasons unclear (nypost.com)

• 'Most sophisticated' iPhone attack chain 'ever seen' used four 0-days to create a 0-click exploit - 9to5Mac

• Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)

• Chameleon Android Malware Can Bypass Biometric Security - Security Week

• H2 2023 Threat Landscape Dominated by AI and Android Spyware - Infosecurity Magazine (infosecurity-magazine.com)

• Apple reportedly faces pressure in India after sending out warnings of state-sponsored hacking (engadget.com)

• SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Essential DDoS statistics for understanding attack impact - Help Net Security

• How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)

• In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)

Internet of Things – IoT

• Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch

• Physical Access Systems Open Door to IT Networks (darkreading.com)

• Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru

Data Breaches/Leaks

• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch

• Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)

• Real estate agency exposes details of 690k customers (securityaffairs.com)

• First, Rockstar Games Got Hacked, Then Sony's Insomniac, and now Ubisoft… Who's Next? - autoevolution

• Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx

• Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)

• Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)

• Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week

• Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)

• Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian

• Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)

• CBS, Paramount owner National Amusements says it was hacked | TechCrunch

• Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)

• Customers warned after major car dealership group Eagers Automotive hacked | The West Australian

• Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times

• After cyber attack, New York hospitals find stolen patient info stored in Massachusetts, look for its return (databreaches.net)

Organised Crime & Criminal Actors

• Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)

• Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch

• Convicted Thief Reveals Cyber Crime Tactics - DevX

• The Most Dangerous People on the Internet in 2023 | WIRED

• Meet the cyber criminals of 2023 | TechCrunch

• Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon

• 3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch

• Biggest Crypto Exploits and Hacks of 2023 - Decrypt

• Kyber Network Forced to Slash Staff by 50% After $46,500,000 Exploit, According to CEO - The Daily Hodl

• Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)

• Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)

Supply Chain and Third Parties

• Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)

• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch

Cloud/SaaS

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Data security and cost are key cloud adoption challenges for financial industry - Help Net Security

• The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)

Encryption

• Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)

Linux and Open Source

• Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• US water utilities were hacked after leaving their default passwords set to ‘1111,’ cyber security officials say (databreaches.net)

• The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News

• Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week

Social Media

• The Most Dangerous People on the Internet in 2023 | WIRED

• How the new Instegogram threat creates liability for organisations | CSO Online

Regulations, Fines and Legislation

• Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)

• Why data, AI, and regulations top the threat list for 2024 - Help Net Security

• Europe classifies three adult sites as worthy of its toughest internet regulations • The Register

• Countering Cyber Mercenaries | directions blog

• 5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)

• EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com

Models, Frameworks and Standards

• The US Department of Defence Releases Proposed CMMC Rule | Blank Rome LLP - JDSupra

Backup and Recovery

• 8 big IT failures of 2023 | CIO

Data Protection

• Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)

Careers, Working in Cyber and Information Security

• Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)

• Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)

• How leaders can look after information security professionals | ITPro

• Building Mental Resilience: A CISO's Journey - GovInfoSecurity

• What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)

• Will the Cyber Skills Gap Continue to Grow in 2024? - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Countering Cyber Mercenaries | directions blog

• Cyber crime experts reveal how to infiltrate ransomware gangs • The Register

Misinformation, Disinformation and Propaganda

• Countries brace for influence operations, hacking campaigns ahead of historic 2024 election cycle (therecord.media)

• Justice Secretary in Deepfake General Election Warning - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)

• Countries brace for influence operations, hacking campaigns ahead of historic 2024 election cycle (therecord.media)

• How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)

• Justice Secretary in Deepfake General Election Warning - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day - Security Week

• Chinese Spy Agency Rising to Challenge the CIA - The New York Times (nytimes.com)

Russia

• Ukrainian remote workers targeted in new espionage campaign (therecord.media)

• UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)

• Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)

• Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)

• Moldova establishes National Cyber Security Agency with help of Estonia's e-Governance Academy (baltictimes.com)

• Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)

• Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)

Iran

• Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)

• Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)

• A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes

North Korea

• Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)

• Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Apple reportedly faces pressure in India after sending out warnings of state-sponsored hacking (engadget.com)

Vulnerability Management

• 'Tis the Season to Secure: How CVEs Are the Grinch for Cyber Security | HackerNoon

Vulnerabilities

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)

• CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week

• 'Most sophisticated' iPhone attack chain 'ever seen' used four 0-days to create a 0-click exploit - 9to5Mac

• Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)

• Windows CLFS and five exploits used by ransomware operators | Securelist

• Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)

Tools and Controls

• Physical Access Systems Open Door to IT Networks (darkreading.com)

• Even cyber security pros don't fully trust AI just yet | TechRadar

• GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)

• Verification roadblocks cause frustration for digital nomads - Help Net Security

• Can AI Protect Against Modern Cyber Attacks? | MSSP Alert

• Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)

• API security in 2024: Predictions and trends - Help Net Security

Other News

• Domain Name Security Challenges - DataBreachToday

• 5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)

• 8 big IT failures of 2023 | CIO

• Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra

• All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)

• New insights into the global industrial cyber security landscape - Help Net Security

• NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)

• Unveiling the true cost of healthcare cyber security incidents - Help Net Security

• NCSC highlights cyber risk to cultural sector | UKAuthority

• Hackers see wealth of information to steal in kids' school records (cnbc.com)

• A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes

• How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)

• Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]

Governance, Risk and Compliance

• Cyber Insecurity: Report Finds Majority of Enterprises Expect an Imminent Cyber Attack (prnewswire.com)

• Cyber Crime Costs Soar to $8 Trillion, Spotlighting the Critical Need for Cyber security Experts (globenewswire.com)

• Many cyber bosses just aren't confident in their company's defences | TechRadar

• SMBs seek help as cyber threats reach an all-time high - Help Net Security

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• The real impact of the cyber security poverty line on small organisations - Help Net Security

• Cyber security investments show mature business mindset, says IT expert | Insider Media

• Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud

• The best time to deal with cyber attacks is before they happen (thetimes.co.uk)

• ‘A matter of when not if’: Why is it crucial for businesses to protect themselves from cyber attacks? | Euronews

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Over 70% of firms hit by cyber attack in last 12 months (rte.ie)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• Getting ready for NIS2 with strong identity controls | ITPro

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• 10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News

• How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• The Need for a Cyber security-Centric Business Culture (darkreading.com)

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine

• Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)

• Keeping control in complex regulatory environments - Help Net Security

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• 7 risk mitigation strategies to protect business operations | TechTarget

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

• Regulations are still necessary to compel adoption of cyber security measures | ZDNET

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Ready For Cyber Readiness - Any Time Now (forbes.com)

• CISOs and board members are finding a common language - Help Net Security

• IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)

• When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)

• 18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Cyber Insecurity, AI and the Rise of the CISO | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)

• Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)

• Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)

• Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)

• CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)

• What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon

• Healthcare Sector Warned About New Ransomware Group NoEscape - Infosecurity Magazine (infosecurity-magazine.com)

• New trend in ransomware: Anonymity (betanews.com)

• 63% of organisations restore data after a ransomware attack | Security Magazine

• Hacker Group GhostSec Unveils New Generation Ransomware Implant - Infosecurity Magazine (infosecurity-magazine.com)

• Black Basta ransomware is out and about, again. (thecyberwire.com)

• Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• Scammers are targeting plastic surgery clinics with extortion scams | TechRadar

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Ransomware Victims

• Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)

• Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)

• KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV (databreaches.net)

Phishing & Email Based Attacks

• More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)

• Make sure that email from HR is legit - it could be another phishing scam | TechRadar

• Human resources emails remain top phishing targets - SiliconANGLE

• CISA, NSA, FBI publish phishing guidance | TechTarget

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing: What’s in a Name? | CISA

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

Artificial Intelligence

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• AI Adoption Surges But Security Awareness Lags Behind - Infosecurity Magazine (infosecurity-magazine.com)

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)

• AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Research: GPT-4 Jailbreak Easily Defeats Safety Guardrails

• Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

2FA/MFA

• Google Authenticator synchronization raises MFA concerns | TechTarget

Malware

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• Valve upgrades Steam's security after several games are hacked and filled with malware | Rock Paper Shotgun

• DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)

• Researchers warn of increased malware delivery via fake browser updates - Help Net Security

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Beware - that Google Chrome update alert might actually just be malware | TechRadar

Mobile

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)

• The top 9 mobile security threats and how you can avoid them | ZDNET

• Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld

• Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS Attacks in 2024: Distributed DoS Explained | Splunk

Internet of Things – IoT

• Inadequate IoT protection can be a costly mistake - Help Net Security

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Logistics Matters - Alert: How hackers use printers to gain access

• Microsoft HoloLens for the military: Hacker attacks on VR headset may cause physical pain - NotebookCheck.net News

Data Breaches/Leaks

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)

• 530K people's info stolen from cloud PC gaming's Shadow • The Register

• Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) (databreaches.net)

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

• Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News

• 23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

• Care provider under fire over response to cyber attack (thetimes.co.uk)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• ServiceNow leak: thousands of companies at risk | Cybernews

Organised Crime & Criminal Actors

• Cyber attacks -- where they come from and the tactics they use (betanews.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

Insider Risk and Insider Threats

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• Employees leaving businesses open to cyber attack – QBE research - CIR Magazine

• Why disaffected employees are your greatest cyber security risk | Federal News Network

• Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)

Insurance

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

Supply Chain and Third Parties

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Why fourth-party risk management is a must-have | TechTarget

Identity and Access Management

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

Encryption

• Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication (thehackernews.com)

Linux and Open Source

• Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Report Finds Few Open Source Projects are Actively Maintained - Slashdot

Passwords, Credential Stuffing & Brute Force Attacks

• IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru

• Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)

• 39% of individuals use the same password for multiple accounts | Security Magazine

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

• Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)

• A worrying amount of corporate IDs still aren't properly protected | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

Malvertising

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Guide to detecting and disrupting fake ads | Netcraft

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)

Training, Education and Awareness

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

Regulations, Fines and Legislation

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)

• SEC stepping up cyber security efforts | Inquirer Business

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)

• Keeping control in complex regulatory environments - Help Net Security

• UN cyber crime treaty: A menace in the making – EURACTIV.com

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

Models, Frameworks and Standards

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

Backup and Recovery

• Principles for ransomware-resistant cloud backups - NCSC.GOV.UK

• 63% of organisations restore data after a ransomware attack | Security Magazine

Data Protection

• Care provider under fire over response to cyber attack (thetimes.co.uk)

Careers, Working in Cyber and Information Security

• Over half of cyber security pros say they want to switch jobs (betanews.com)

• Compelling Reasons Why You Should Study Cyber Security - Minutehack

• Your guide to landing a job in cyber security (fastcompany.com)

• New Cyber security Salary Report Guides Hiring in an $8 Trillion Cyber Crime Landscape (prnewswire.com)

• One in five CISOs miss out on pay raise - Help Net Security

Law Enforcement Action and Take Downs

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

• ‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes issues five tips on thwarting nation state threats | Computer Weekly

• APT trends report Q3 2023 | Securelist

• Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• The evolution of deception tactics from traditional to cyber warfare - Help Net Security

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Government officials debate effectiveness of multilateral relations in cyber security | ZDNET

• Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems

Geopolitical Threats/Activity

• How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)

• AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

• Mideast War Has Cyber Implications | Newsmax.com

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)

China

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft   | SC Media (scmagazine.com)

• Five Eyes Warn Of Chinese Cyber Espionage | Silicon UK

• Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)

• 20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian

• Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Huawei wants to know why EU labelled it high security risk • The Register

• Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)

Russia

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Russian Hackers Target Romanian Media - Valahia.News

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

Iran

• Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)

• Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop

North Korea

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• North Korean hackers exploit critical TeamCity flaw to breach networks (bleepingcomputer.com)

• FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program - SecurityWeek

Vulnerability Management

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)

Vulnerabilities

• Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek

• Cisco working on fix for critical IOS XE zero-day | TechTarget

• Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek

• Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)

• You Need to Update WinRAR, Right Now (gizmodo.com)

• Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek

• Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)

• Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• ServiceNow leak: thousands of companies at risk | Cybernews

Tools and Controls

• Well-informed employees act as 1st line of defence against cyber threats

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Why Zero Trust Is the Cloud Security Imperative (darkreading.com)

• 3 Essential Steps to Strengthen SaaS Security (darkreading.com)

• Cyber expert calls for renewed focus on zero-trust and recovery as threat actors scale-up - SiliconANGLE

• How hackers use printers to gain access

• Google Authenticator synchronization raises MFA concerns | TechTarget

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• Email Security Best Practices for Phishing Prevention (trendmicro.com)

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

• Reinforcing cyber security: The network's role to prevent, detect, and respond to attacks - Help Net Security

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What is Structured Threat Information eXpression (STIX)? (techtarget.com)

Reports Published in the Last Week

• Trustwave SpiderLabs Research: Cyber security in the Financial Services Sector

• APT trends report Q3 2023 | Securelist

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• ENISA THREAT LANDSCAPE REPORT 2023 REPORT IS OUT! (securityaffairs.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• The CISO Report | Splunk

• VIPRE Security Group’s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - VIPRE

Other News

• SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru

• Many SMBs really don't know exactly what security tools they need | TechRadar

• Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN

• What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)

• Progress gets SEC subpoena over MOVEit breach – and more! • The Register

• 51% of Financial Services Firms Reporting Breaches are From US: Trustwave Threat Landscape Report | The Fintech Times

• Cyber attacks on healthcare organisations affect patient care - Help Net Security

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)

• Cyber risk report says shipping remains ‘easy target’, paying an average $3.2m In cyber attacks (shipmanagement idcinternational.com)

• Space industry group turns up volume on satellite vulnerabilities - SpaceNews

• 5 Tips for Improving Security in Public Sector (govinfosecurity.com)

• Marketers Must Make Cyber security A Priority Every Day (forbes.com)

• UK at risk of massive security breach from national HMRC IT meltdown | The Independent

• UK warns nuclear power plant operator of cyber security failings (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

https://www.theguardian.com/business/2021/jun/10/worlds-biggest-meat-producer-jbs-pays-11m-cybercrime-ransom

Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen

https://finance.yahoo.com/news/ransomware-jackware-115229732.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr

Lewd Phishing Lures Aimed At Business Explode

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

UK Schools Forced To Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.

https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/

Emerging Ransomware Targets Dozens Of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.

https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

https://www.techrepublic.com/article/covid-19-has-transformed-work-but-cybersecurity-isnt-keeping-pace-report-finds/

Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.

https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/

Evil Corp Rebrands Ransomware To Escape Sanctions

Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/

Billions Of Passwords Leaked Online From Past Data Breaches

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

Threats

Ransomware

• Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says

• Ransomware Gangs Are Increasingly Going After SonicWall Devices

• A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies

• Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups

Phishing

• New Sophisticated Email-Based Attack From Nobelium

• Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed

• This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs

Other Social Engineering

• Dangerous Connections: Sextortion Scams Soar During Lockdown, ITV News Investigation Finds

• WhatsApp Hijack Scam Continues To Spread

Malware

• Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs

• Steam Gaming Platform Hosting Malware

• Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?

• Unit 42 Discovers First Known Malware Targeting Windows Containers

• Freakout Malware Worms Its Way Into Vulnerable VMware Servers

Mobile

• Android Banking Malware Sharply Increased In The First Chunk Of 2021, Reckons ESET

Vulnerabilities

• Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild

• Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products

• Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability

• Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities

• Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability

• Google Patches Critical Android RCE Bug

• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software

• Microsoft Office MSGraph Vulnerability Could Lead To Code Execution

• WordPress Force Installs Jetpack Security Update On 5 Million Sites

Data Breaches

• EA Got Hit By A Data Breach, And Hackers Are Selling Source Code

• Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company

Organised Crime & Criminal Actors

• ANOM: Hundreds Arrested In Massive Global Crime Sting Using Messaging App

Cryptocurrency

• Bitcoin Falls After US Seizes Most Of Colonial Ransom

• Crypto Currency Dealers Face Closure For Failing Uk Money Laundering Test

Nation State Actors

• Gelsemium: When Threat Actors Go Gardening

• Security Researcher Says Attacks On Russian Government Have Chinese Fingerprints – And Typos, Too

• Novel ‘Victory’ Backdoor Spotted In Chinese APT Campaign

• Chinese Hackers Using Previously Unknown Backdoor

Denial of Service

• ‘Fancy Lazarus’ Cyber Attackers Ramp Up Ransom DDoS Efforts

• DDoS Attacks Increase 341% Amid Pandemic

Charities

• Hackers Stole $650,000 From Nonprofit And Got Away

Other News

• US Investigates Leak Of Records Showing Billionaires Pay Little Tax

• Most Mobile Finance Apps Vulnerable To Data Breaches

• Many Executives Still Don't Understand Basic Tech

• The Rise Of Cyber Security Debt

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.