Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 March 2024
Black Arrow Cyber Threat Intelligence Briefing 29 March 2024:
-Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
-China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
-Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
-Hackers Hit High-Risk Individuals’ Personal Accounts
-Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
-High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
-Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
-Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
-IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
-Only 5% of Boards Have Cyber Security Expertise
-Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
-Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.
Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.
Sources: [PR Newswire] [SiliconANGLE]
China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”
Sources: [Sky News] [GovInfoSecurity] [The Guardian]
Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.
Source: [Business Wire] [Computer Weekly]
Hackers Hit High-Risk Individuals’ Personal Accounts
Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.
A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.
Source: [Gov Info Security]
Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.
The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.
Source: [Eurasia Review]
High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.
As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.
Source: [Financial Times]
Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.
Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.
Source: [The Hacker News]
Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.
Source: [Dark Reading]
IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.
Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.
With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.
Source: [Beta News] [The Fast Mode]
Only 5% of Boards Have Cyber Security Expertise
There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.
Source: [Infosecurity Magazine]
Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.
Source: [Bleeping Computer]
Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.
Source: [CyberScoop]
Governance, Risk and Compliance
Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)
Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
How threat intelligence data maximizes business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
More than half of organisations fall victim to cyber attacks (betanews.com)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Shareholders win when businesses do better at cyber | Computer Weekly
Getting Security Remediation on the Boardroom Agenda (darkreading.com)
New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)
The cyber security skills shortage: A CISO perspective | CSO Online
Cyber security essentials during M&A surge - Help Net Security
Companies told cyber security has to be cross business concern (emergingrisks.co.uk)
It's Time to Stop Measuring Security in Absolutes (darkreading.com)
True Cost of a Cyber Security Breach for Your Business - Converge
35 cyber security statistics to lose sleep over in 2024 (techtarget.com)
3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)
Cyber security plans should centre on resilience | MIT Sloan
Debunking compliance myths in the digital era - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Building Resiliency in the Face of Ransomware - Security Boulevard
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)
Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay
Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay
Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay
Ransomware Victims
Hackers threaten to publish huge cache of NHS Scotland data - BBC News
Alleged sale of Communication Workers Union’s users data (marcoramilli.com)
Scullion LAW becomes victim of cyber attack | Scottish Legal News
Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)
Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)
Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru
Western Isles council tax bills delayed due to cyber attack - BBC News
Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)
Phishing & Email Based Attacks
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
Artificial Intelligence
Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Scammers exploit tax season anxiety with AI tools - Help Net Security
Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)
Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru
Beware of rogue chatbot hacking incidents (securityintelligence.com)
The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)
AI weaponisation becomes a hot topic on underground forums - Help Net Security
AI bots hallucinate software packages and devs download them • The Register
Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)
Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)
2FA/MFA
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)
Malware
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek
ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Python devs are being targeted by this massive infostealing malware campaign | TechRadar
TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)
Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar
New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
AI bots hallucinate software packages and devs download them • The Register
Mobile
In-app browsers still a privacy, security, and choice issue • The Register
Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica
Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)
Internet of Things – IoT
Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)
Data Breaches/Leaks
AT&T won’t say how its customers’ data spilled online | TechCrunch
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
Cloud/SaaS
Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Identity and Access Management
Tackling DORA Compliance With a Focus on PAM - IT Security Guru
Organisations Grapple With Identity Pain Points | Decipher (duo.com)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Apple users targeted by annoying 'Reset Password' attack | Mashable
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Social Media
Malvertising
Training, Education and Awareness
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Regulations, Fines and Legislation
Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)
techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK
Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Models, Frameworks and Standards
Backup and Recovery
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
US and UK accuse China of cyber operations targeting domestic politics | CyberScoop
UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)
China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)
New Zealand follows UK in accusing China of hacking its parliament | The Independent
Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)
China linked to UK cyber-attacks on voter data, Dowden to say - BBC News
Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard
After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com
SNP MP claims Scottish universities 'overdependent' on Chinese money | The National
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)
Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes
What to make of China’s massive cyber-espionage campaign (economist.com)
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)
Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)
Chinese hackers target family members to surveil hard targets | CyberScoop
Russia
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran
North Korea
Vulnerability Management
Spyware vendors behind 75% of zero-days targeting Google | TechTarget
On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)
NVD slowdown leaves thousands of vulns without analysis data • The Register
Can Compensating Controls Be the Answer in a Sea of Vulnerabilities? - Security Boulevard
Vulnerabilities
Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)
SQL injection vulnerability in Fortinet software under attack | TechTarget
GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)
MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET
Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)
Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Double trouble for DNSSEC though the devil is in the details • The Register
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
Tools and Controls
How threat intelligence data maximises business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Organisations Grapple with Identity Pain Points | Decipher (duo.com)
Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)
Cyber security plans should center on resilience | MIT Sloan
Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Reports Published in the Last Week
Other News
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro
8 cyber security predictions shaping the future of cyber defence - Help Net Security
Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)
Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)
Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon
How to Prevent Your Company from Being Hacked in 2024 - DevX
Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs
US and Japan plan biggest upgrade to security pact in over 60 years
Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)
French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 November 2022
Black Arrow Cyber Threat Briefing 11 November 2022:
-Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats
-Some 98% of Global Firms Suffer Supply Chain Breach in 2021
-Only 30% of Cyber Insurance Holders Say Ransomware is Covered
-Companies Hit by Ransomware Often Targeted Again, Research Says
-Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz
-How Geopolitical Turmoil Changed the Cyber Security Threat Landscape
-Swiss Re Wants Government Bail Out academias Cyber Crime Insurance Costs Spike
-Extortion Economics: Ransomware's New Business Model
-Confidence in Data Recovery Tools Low
-Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus
-Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
-Why a Clear Cyber Policy is Critical for Companies
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats
In research conducted in the summer of 2022 by BlackBerry, the findings describe the situation facing organisations regardless of size or vertical.
The survey of 405 senior IT, networking, and security decision-makers in the US, Canada, and the UK revealed 83% of organisations agreed building cyber security programs is expensive due to required tools, licenses, and personnel, and 80% agreed it’s challenging to fill specialised security roles. Most organisations (78%) have an incident management process, but about half (49%) agree they lack the teams and tools to be effective 24x7x365. Evolving security threats (53%) and the task of integrating new technology (53%) are cited as top challenges in maintaining security posture.
While it’s likely these findings surprise no one, they do reveal the challenges facing organisations who are caught between limited resources and increased risk. The urgency increases if we look at the critical infrastructure that keeps things running–like utilities, banks, transportation, key suppliers, industrial controls, and more.
Some 98% of Global Firms Suffer Supply Chain Breach in 2021
Just 2% of global organisations didn’t suffer a supply chain breach last year, with visibility into cyber risk getting harder as these ecosystems expand, according to BlueVoyant.
The security firm polled 2100 C-level execs with responsibility for supply chain and cyber risk management from companies with 1000+ employees to compile its study, The State of Supply Chain Defense: Annual Global Insights Report 2022.
It found the top challenges listed by respondents were:
Awareness internally that third-party suppliers are part of their cyber security posture
Meeting regulatory requirements and ensuring third-party cyber security compliance
Working with third-party suppliers to improve their posture.
Supply chains are growing: the number of firms with over 1000 suppliers increased from 38% in 2021’s report to 50%. Although 53% of organisations audited or reported on supplier security more than twice annually, 40% still rely on suppliers to ensure security levels are sufficient. That means they have no way of knowing if an issue arises with a supplier.
Worse, 42% admitted that if they do discover an issue in their supply chain and inform their supplier, they cannot verify that the issue was resolved. Just 3% monitor their supply chain daily, although the number of respondents using security ratings services to enhance visibility and reduce cyber risk increased from 36% last year to 39% in this year’s report.
With the escalating threat landscape and number of high-profile incidents being reported, firms should focus more strategically on addressing supply chain cyber security risk. In the current volatile economic climate, the last thing any business needs is any further disruption to their operations, any unexpected costs, or negative impact on their brand.
https://www.infosecurity-magazine.com/news/98-global-firms-supply-chain/
Only 30% of Cyber Insurance Holders Say Ransomware is Covered
Cyber insurance providers appear to be limiting policy coverage due to surging costs from claimants, according to a new study from Delinea.
The security vendor polled 300 US-based IT decision makers to compile its latest report, Cyber insurance: if you get it be ready to use it.
Although 93% were approved for specialised cyber insurance cover by their provider, just 30% said their policy covered “critical risks” including ransomware, ransom negotiations and payments. Around half (48%) said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines and third-party damages.
That may be because many organisations are regularly being breached and look to their providers for pay-outs, driving up costs for carriers. Some 80% of those surveyed said they’ve had to call on their insurance, and half of these have submitted claims multiple times, the study noted.
As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they’re allowed to sign up.
Half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA) and data backups.
However, high-level checks may not be enough to protect insurers from surging losses, as they can’t guarantee customers are properly deploying security controls.
Cyber insurance providers need to start advancing beyond simple checklists for security controls. They must require their customers to validate that their security controls work as designed and expected. They need their customers to simulate their adversaries to ensure that when they are attacked, the attack will not result in a breach. In fact, we're already starting to see government regulations and guidance that includes adversary simulation as part of their proactive response to threats.
https://www.infosecurity-magazine.com/news/cyberinsurance-ransomware-cover/
Companies Hit by Ransomware Often Targeted Again, Research Says
It has been reported that more than a third of companies who paid a ransom to cyber criminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report.
The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data.
The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data.
The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems while 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.
Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz
According to an Allianz Global Corporate & Specialty cyber report, ransomware remains a top cyber risk for organisations globally, while the threat of state-sponsored cyber attacks grows.
There were a record 623 million attacks in 2021, which was double that of 2020, says Allianz.
It also notes that despite the frequency reducing 23% globally during H1 of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period. Allianz suggests that ransomware is forecast to cause $30bn in damages to organisations globally by 2023.
It adds that from an Allianz perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.
The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.
Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.
Many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.
Allianz observes that geopolitical tensions, such as the war in Ukraine, are a major factor reshaping the cyber threat landscape as the risks of espionage, sabotage, and destructive cyber-attacks against companies with ties to Russia and Ukraine increase, as well as allies and those in neighbouring countries.
How Geopolitical Turmoil Changed the Cyber Security Threat Landscape
ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.
With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.
However, the geopolitical situations particularly the Russian invasion of Ukraine have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase of the number of threats, we also see a wider range of vectors emerge such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cyber security threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”
State sponsored, cyber crime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.
ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.
Ransomware: 60% of affected organisations may have paid ransom demands
Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
Threats against data: Increasing in proportionally to the total of data produced
Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Threats against availability:
Largest denial of service (DDoS) attack ever was launched in Europe in July 2022
Internet: destruction of infrastructure, outages and rerouting of internet traffic.
https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/
Swiss Re Wants Government Bail Out as Cyber Crime Insurance Costs Spike
As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap.
Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates. In a study published this week, the insurance giant forecasted 20 percent annual growth to 2025, with premiums rising to $23 billion over the next few years.
Meanwhile, annual cyber attack-related losses total about $945 billion globally, and about 90% of that risk remains uninsured, according to insurance researchers at the Geneva Association.
While Forrester estimates a typical data breach costs an average $2.4 million for investigation and recovery, only 55 percent of companies currently have cyber insurance policies. Additionally, less than 20 percent have coverage limits in excess of $600,000, which the analyst firm cites as the median ransomware demand in 2021.
https://www.theregister.com/2022/11/08/government_cyber_insurance/
Extortion Economics: Ransomware's New Business Model
Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialised roles in service of ill-gotten gains.
Did you know that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cyber criminals have become emboldened by the underground ransomware economy.
And yet many threat actors work within a relatively small and interconnected ecosystem of players. This pool of cyber criminals has created specialised roles and consolidated the cyber crime economy, fuelling ransomware-as-a-service (RaaS) to become the dominant business model. In doing so, they've enabled a wider range of criminals to deploy ransomware regardless of their technical expertise and forced all of us to become cyber security defenders in the process.
Ransomware takes advantage of existing security compromises to gain access to internal networks. In the same way businesses hire gig workers to cut costs, cyber criminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.
This flourishing RaaS economy allows cyber criminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. What we think of as ransomware gangs are actually RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and payloads.
RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs can have 50 or more "affiliates," as they refer to their users, with varying tools, tradecraft, and objectives. Anyone with a laptop and credit card who is willing to search the Dark Web for penetration-testing tools or out-of-the-box malware can join this maximum efficiency economy.
https://www.darkreading.com/microsoft/extortion-economics-ransomware-s-new-business-model
Confidence in Data Recovery Tools Low
A recent IDC and Druva survey asked 505 respondents across 10 industries about their ransomware experiences and found that many organisations struggle to recover after an attack. In the survey, 85% of the respondents said their organisations had a ransomware recovery plan. The challenge seems to lie in effectively executing that plan.
"A majority of organisations suffered significant consequences from ransomware attacks including long recoveries and unrecoverable data despite paying a ransom," states the "You Think Ransomware Is Your Only Problem? Think Again" report.
Data resiliency is such an important element of cyber security that 96% of respondents considered it a top priority for their organisations, with a full 77% placing it in the top 3. What's striking about the survey results is that only 14% of respondents said they were "extremely confident" in their tools, even though 92% called their data resiliency tools "efficient" or "highly efficient."
When data is spread across hybrid, cloud, and edge environments, data resiliency becomes much more complicated. A plan might seem to cover everything, but then you realise that you lost your backup or can't find the latest restore point.
The ability to recover from an attack is vital, since the growth in ransomware makes it likely that your organisation will get hit. This is why agencies like NIST recommend preparing for when an attacker pierces your defences rather than trying to keep out every intruder. That mindset also shifts the priority to preparation and planning; you need to create a disaster recovery plan that includes policy on restore points and recovery tools — and you need to practice implementing that plan before disaster strikes.
The report lists three key performance indicators that reveal the success of an organisation's recovery from a cyber attack:
The ability to fully recover encrypted or deleted data without paying a ransom.
Zero data loss in the process of recovering the data.
Rapid recovery as defined by applicable service-level requirements.
When a recovery fails to meet these criteria, then the organisation may suffer financial loss, loss of reputation, permanently lost customers, and reduced employee productivity.
https://www.darkreading.com/tech-trends/confidence-in-data-recovery-tools-low
Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus
Russia-based ransomware gangs are some of the most prolific and aggressive, in part thanks to an apparent safe harbour the Russian government extends to them. The Kremlin doesn't cooperate with international ransomware investigations and typically declines to prosecute cyber criminals operating in the country so long as they don't attack domestic targets. A long-standing question, though, is whether these financially motivated hackers ever receive directives from the Russian government and to what extent the gangs are connected to the Kremlin's offensive hacking. The answer is starting to become clearer.
New research presented at the Cyberwarcon security conference in Arlington, Virginia, this week looked at the frequency and targeting of ransomware attacks against organisations based in the United States, Canada, the United Kingdom, Germany, Italy, and France in the lead-up to these countries' national elections. The findings suggest a loose but visible alignment between Russian government priorities and activities and ransomware attacks leading up to elections in the six countries.
The project analysed a data set of over 4,000 ransomware attacks perpetrated against victims in 102 countries between May 2019 and May 2022. The analysis showed a statistically significant increase in ransomware attacks from Russia-based gangs against organisations in the six victim countries ahead of their national elections. These nations suffered the most total ransomware attacks per year in the data set, about three-quarters of all the attacks.
The data was used to compare the timing of attacks for groups believed to be based out of Russia and groups based everywhere else. They looked at the number of attacks on any given day, and what they found was an interesting relationship where for these Russia-based groups, there was an increase in the number of attacks starting four months before an election and moving three, two, one month in, up to the event.
The findings showed broadly that non-Russian ransomware gangs didn't have a statistically significant increase in attacks in the lead-up to elections. Whereas two months out from a national election, for example, the researchers found that organisations in the six top victim countries were at a 41 percent greater chance of having a ransomware attack from a Russia-based gang on a given day, compared to the baseline.
https://www.wired.com/story/russia-ransomware-gang-connections/
Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
Twelve percent of all employees take sensitive intellectual property (IP) with them when they leave an organisation.
The data comes from workforce cyber intelligence and security company Dtex, which published a report about top insider risk trends for 2022. “Customer data, employee data, health records, sales contacts, and the list goes on,” reads the document. “More and more applications are providing new features that make data exfiltration easier. For example, many now provide the ability to maintain clipboard history and sync across multiple devices.”
Case in point, the report also suggests a 55% increase in unsanctioned application usage, including those making data exfiltration easier by allowing users to maintain clipboard history and sync IP across multiple devices. “Bring Your Own Applications (BYOA) or Shadow IT can be a source of intelligence for business innovation,” Dtex wrote. “Still, they pose a major risk if the security team has not tested these tools thoroughly.”
Further, the new data highlight a 20% increase in resignation letter research and creation from employees taking advantage of the tight labour market to switch positions for higher wages.
“In most cases, an individual planning to leave the business is not pleased with the company’s product, co-workers, work environment, or compensation,” reads the report. “Disgruntled employees are usually jaded by a business that has not shown any steps to alleviate concerns, even after communication attempts.”
Finally, the Dtex report says the industry has witnessed a 200% increase in unsanctioned third-party work on corporate devices from a high prevalence of employees engaged in side gigs.
https://www.infosecurity-magazine.com/news/12-of-employees-take-ip-when/
Why a Clear Cyber Policy is Critical for Companies
In October, Joe Sullivan, Uber’s former head of security, was convicted of covering up a 2016 data breach at the ride hailing giant by hiding details from US regulators and then paying off the hackers.
It was a trial followed nervously by cyber security professionals around the world — coming eight years after an incident that had compromised the personal information of more than 57mn people.
“Any news about another company dealing with a data security incident can strike a bit of fear across industries,” notes Mary Pothos, chief privacy officer at digital travel company Booking.com. She adds that incidents like these cause “many companies to pause, rethink or revisit their internal processes to make sure that they are operating effectively”.
These incidents, and threats, are growing at lightning speed, too. War in Ukraine is now being played out as much in cyber space as on the battlefield. The Covid pandemic has forced businesses to rethink where their employees work, and handle or access data. At the same time, the sheer number of web-connected devices is multiplying.
“We need to be people who can predict what is coming along the line, predict the future, almost” said Victor Shadare, head of cyber security at media company Condé Nast, at a recent FT event on cyber security.
Palo Alto Networks, a specialist security company, found that cyber extortion grew rapidly in 2021. Some 35 new ransomware gangs emerged, the average ransom demand increasing 144 per cent that year to $2.2mn, and the average payment rose by 78 per cent to $541,010.
Meanwhile, cyber security personnel have found themselves hemmed in by increasingly onerous regulations. These include threats of legal action if the right people are not informed about breaches, or if products come to market that are not safe enough. On September 15, for example, the European Commission presented a proposal for a new Cyber Resilience Act to protect consumers from products with inadequate security features.
“New domains of security have sprung up over the past years, so it’s not just an information technology problem any more, it’s really a full company risk issue,” says Kevin Tierney, vice-president of global cyber security at automotive group General Motors. He warns that automated and connected vehicles have thrown up additional threats to be addressed.
“You have to start out with the right governance structure and the right policies and procedures — that’s step one of really getting the company to understand what it needs to do,” he says. These include clear rules on how to disable access to tech equipment, on data protection and storage, on transferring and disposing of data, on using corporate networks, and on reporting any data breaches.
Security experts also tend to agree that there need to be robust systems of governance and accountability, to prevent the sort of trouble that befell Sullivan at Uber. Perhaps most crucially, staff across the organisation, from C-suite to assistants, need to know how to spot and manage a threat.
https://www.ft.com/content/0bb6df09-7d77-4605-aac3-89443ed65a18
Threats
Ransomware and Extortion
Medibank: Hackers release abortion data after stealing Australian medical records - BBC News
Medical data hacked from 10m Australians begins to appear on dark web | World news | The Guardian
How ransomware gangs and malware campaigns are changing - Help Net Security
Thales confirms hackers have released its data on the dark web | Reuters
Most SMBs Fear Ransomware Attack Amid Heightened Geopolitical Tensions - MSSP Alert
Australia to consider banning paying of ransoms to cyber criminals | Reuters
LockBit gang claims to have stolen data from Kearney & Company - Security Affairs
Azov Ransomware is a wiper, destroying data 666 bytes at a time (bleepingcomputer.com)
Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million | SecurityWeek.Com
Canadian food retail giant Sobeys hit by Black Basta ransomware (bleepingcomputer.com)
LockBit affiliate uses Amadey Bot malware to deploy ransomware (bleepingcomputer.com)
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
US Health Dept warns of Venus ransomware targeting healthcare orgs (bleepingcomputer.com)
Ransomware attacks on hospitals take toll on patients (nbcnews.com)
Hackers post Hereford schoolchildren's data records on dark web | Hereford Times
CISA and Spain Partnership to Develop Tool to Help Countries Combat Ransomware - MSSP Alert
Phishing & Email Based Attacks
Phishing threats are increasingly convincing and evasive - Help Net Security
Robin Banks phishing-as-a-service platform continues to evolve - Security Affairs
Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)
Massive Phishing Campaigns Target India Banks’ Clients (trendmicro.com)
BEC – Business Email Compromise
Malware
Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)
Cloud9 Malware Offers a Paradise of Cyber attack Methods (darkreading.com)
More malware is being hidden in PNG images, so watch out | TechRadar
Attackers Using IPFS for Distributed, Bulletproof Malware Hosting | SecurityWeek.Com
Malicious extension lets attackers control Google Chrome remotely (bleepingcomputer.com)
New hacking group uses custom 'Symatic' Cobalt Strike loaders (bleepingcomputer.com)
New StrelaStealer malware steals your Outlook, Thunderbird accounts (bleepingcomputer.com)
Mobile
5 Common Smartphone Security Myths, Debunked (makeuseof.com)
Oh, look: More malware in the Google Play store • The Register
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan - Security Affairs
Malicious droppers on Google Play deliver banking malware to victims - Help Net Security
Samsung phones are being targeted by some seriously shady zero-days | TechRadar
New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)
Worok hackers hide new malware in PNGs using steganography (bleepingcomputer.com)
Internet of Things – IoT
Organised Crime & Criminal Actors
An initial access broker claims to have hacked Deutsche Bank - Security Affairs
Cyber crime costs to hit $10.5tn by 2025 hears Saudi forum - Arabian Business
Cyber crime Group OPERA1ER Stole $11M From 16 African Businesses (darkreading.com)
Instagram star gets 11 years for $300m BEC conspiracy • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX says it is probing ‘abnormal transactions’ after potential hack | Financial Times
Kraken's CSO Claims To Have Identified The $600 Million FTX Hacker (coingape.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Fifth Of 18 To 34-year-olds Have Fallen Victim To Financial Scams – Information Security Buzz
Ukrainian Cyber Cops Bust $200m Fraud Ring - Infosecurity Magazine (infosecurity-magazine.com)
Retail Sector Prepares for Annual Holiday Cyber crime Onslaught (darkreading.com)
US seized 18 web domains used for recruiting money mules (bleepingcomputer.com)
Insurance
Rising cost of cyber attacks sends insurance policy charges soaring | Financial Times (ft.com)
Just 25% of businesses are insured against cyber attacks. Here's why (theconversation.com)
Re-Focusing Cyber Insurance with Security Validation (thehackernews.com)
Swiss Re: Cyber-Insurance Industry Must Reform - Infosecurity Magazine (infosecurity-magazine.com)
Dark Web
DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs
Silk Road drugs market hacker pleads guilty, faces 20 years inside – Naked Security (sophos.com)
Supply Chain and Third Parties
Hybrid Working
Attack Surface Management
Identity and Access Management
API
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft Password Hacking Increase – Information Security Buzz
False sense of safety undermines good password hygiene - Help Net Security
Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen | ZDNET
Social Media
Twitter blue check unavailable after impostor accounts erupt on platform | Twitter | The Guardian
Twitter chief information security officer Lea Kissner departs | TechCrunch
Privacy, Surveillance and Mass Monitoring
World Cup apps pose a data security and privacy nightmare • The Register
Surveillance 'Existential' Danger of Tech: Signal Boss | SecurityWeek.Com
Regulations, Fines and Legislation
Careers, Working in Cyber and Information Security
Three million empty seats: What can we do about the cyber skills shortage? (computerweekly.com)
Cyber security, cloud and coding: Why these three skills will lead demand in 2023 | ZDNET
Cyber security leaders want to quit. Here's what is pushing them to leave | ZDNET
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Red Cross seeks digital equivalent of its emblems • The Register
Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless | WIRED
EU calls for joint cyber defence in response to Russia • The Register
Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft | SecurityWeek.Com
What Ukraine’s cyber defence tactics can teach other nations | Financial Times (ft.com)
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
APT29 abused Windows Credential Roaming in attacks - Security Affairs
Dutch MEP says illegal spyware ‘a grave threat to democracy’ | European Commission | The Guardian
Greece Is Banning Spyware After Predator Phone-Tapping Scandal (gizmodo.com)
British embassy security guard David Smith admits spying for Russia - BBC News
Nation State Actors
Nation State Actors – Russia
EU calls for joint cyber defence in response to Russia • The Register
Ukraine war: Russians kept in the dark by internet search - BBC News
Microsoft links Russia’s military to cyber attacks in Poland and Ukraine | Ars Technica
Putin ally Yevgeny Prigozhin admits interfering in US elections | Russia | The Guardian
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
Nation State Actors – China
Nation State Actors – Misc
Vulnerability Management
Why CVE Management as a Primary Strategy Doesn't Work (darkreading.com)
Why it's time to review your Microsoft patch management options | CSO Online
Risk-Based Vulnerability Management: Understanding the RBVM Trend (darkreading.com)
How can CISOs catch up with the security demands of their ever-growing networks? - Help Net Security
Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)
Types of vulnerability scanning and when to use each (techtarget.com)
Vulnerabilities
Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws (bleepingcomputer.com)
VMware fixes three critical auth bypass bugs in remote access tool (bleepingcomputer.com)
Citrix ADC and Citrix Gateway are affected by a critical auth bypass - Security Affairs
Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products | SecurityWeek.Com
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery | SecurityWeek.Com
Apple out-of-band patches fix RCE bugs in iOS and macOS - Security Affairs
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (bleepingcomputer.com)
SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 | SecurityWeek.Com
Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica
Foxit Patches Several Code Execution Vulnerabilities in PDF Reader | SecurityWeek.Com
LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover | SecurityWeek.Com
Reports Published in the Last Week
Other News
What Is Threat Hunting? A Definition for MSPs and Channel Partners - MSSP Alert
Cyber security: These are the new things to worry about in 2023 | ZDNET
What We Really Mean When We Talk About ‘Cyber security’ (darkreading.com)
Personal cyber security is now a company problem - Help Net Security
History of Computer Viruses & Malware | What Was Their Impact? (esecurityplanet.com)
5 Reasons to Consolidate Your Tech Stack (thehackernews.com)
Cookies for MFA Bypass Gain Traction Among Cyber attackers (darkreading.com)
Common lateral movement techniques and how to prevent them (techtarget.com)
Beyond the Pen Test: How to Protect Against Sophisticated Cyber criminals (darkreading.com)
5 ways to overcome multifactor authentication vulnerabilities (techtarget.com)
15,000 sites hacked for massive Google SEO poisoning campaign (bleepingcomputer.com)
Unencrypted Traffic Still Undermining Wi-Fi Security (darkreading.com)
Researchers Devise Wi-Peep Drone That Can 'See Through Walls' (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.