Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 September 2023
Black Arrow Cyber Threat Intelligence Briefing 08 September 2023:
-More Than Half of UK Organisations Know They Aren’t Well Protected
-Generative AI Considered a Security Risk by 60% of Board Members: How Organisations Can Prepare
-Businesses Ignore Incident Response at Their Peril
-Blame Culture: An Organisation’s Ticking Time Bomb
-Spend to Save: CFO’s and Cyber Security Investment
-Cyber Security Tools Are New Targets for Attackers, including Nation-State Actors
-Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
-Common Tactics Used by Threat Actors to Weaponise PDFs
-Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
-Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
-71% of Organisations are Impacted by Cyber Security Skills Shortage
-Multiple Schools Hit by Cyber Attacks Before Term Begins
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Than Half of UK Organisations Know They Aren’t Well Protected
According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.
Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.
Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.
Sources: [IT Security Guru][Beta News]
Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare
A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.
The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.
For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.
Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]
Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]
Businesses Ignore Incident Response at Their Peril
According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.
Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.
One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it.
Source: [Infosecurity Magazine]
Blame Culture: An Organisation’s Ticking Time Bomb
An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.
Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.
Source: [ IT Security Guru]
Spend to Save: CFOs and Cyber Security Investment
For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.
When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.
Source: [Security Intelligence]
Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors
An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.
Source: [News Week]
Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.
Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Source: [The Register] [Tech Monitor]
Common Tactics Used by Threat Actors to Weaponise PDFs
PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.
Source: [Cyber Security News]
Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.
The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.
Source: [The Register]
Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability. Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.
Source: [IT Security Guru]
71% of Organisations are Impacted by Cyber Security Skills Shortage
Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.
Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.
Source: [Security Magazine] [Digital Journal]
Multiple Schools Hit by Cyber Attacks Before Term Begins
Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.
The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
The importance of CISOs is not recognised by senior leadership - IT Security Guru
Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
SEC tells companies to “show their work” on cyber security - Red Canary
Cyber security: a life cycle, not a destination | Hydrocarbon Engineering
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Compliance budgets under strain as inflation and workload grow - Help Net Security
Cyber Security pros battle discontent amid skills shortage - Help Net Security
CISOs weigh in on building security-focused culture | Healthcare IT News
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Attackers access military data through fencing supplier • The Register
Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)
Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Killware vs. Ransomware: What's the Difference? (makeuseof.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)
Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)
How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)
Ransomware Victims
LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)
Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)
Debenham High School IT system hit by cyber attack - BBC News
Highgate Wood School delays term by 6 days after cyber attack | This Is Local London
Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle
Ransomware gang claims credit for Sabre data breach | TechCrunch
Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)
Phishing & Email Based Attacks
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
Spam is up, QR codes emerge as a significant threat vector - Help Net Security
From unsuspecting click to data compromise - Help Net Security
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)
Other Social Engineering; Smishing, Vishing, etc
Emerging threat: AI-powered social engineering - Help Net Security
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Artificial Intelligence
Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)
AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)
Emerging threat: AI-powered social engineering - Help Net Security
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)
It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE
Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)
UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)
Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK
Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)
How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)
3 ways to strike the right balance with generative AI - Help Net Security
Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Malware
Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)
'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)
Malware configurations How to find and use them? (govinfosecurity.com)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)
New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Mobile
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld
Botnets
Denial of Service/DoS/DDOS
DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA
BYOD
Internet of Things – IoT
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
Connected cars and cyber crime: A primer - Help Net Security
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
Why consumer drones represent a special cyber security risk (securityintelligence.com)
Like privacy? Then smart devices are a dumb idea • The Register
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
Data Breaches/Leaks
Electoral Commission failed basic security test before hack - BBC News
Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)
Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)
Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)
Thousands of Popular Websites Leaking Secrets - SecurityWeek
Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)
Northern Ireland police chief quits in wake of data breach • The Register
Lawsuit blames Tesla for data breach it sued ex-staff over • The Register
Organised Crime & Criminal Actors
Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru
Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)
It might be too soon to claim victory against Qakbot | Computer Weekly
Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Cyber criminals target graphic designers with GPU miners (talosintelligence.com)
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru
Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security
Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Impersonation Attacks
'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Deepfakes
Emerging threat: AI-powered social engineering - Help Net Security
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
AML/CFT/Sanctions
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Insurance
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Dark Web
Supply Chain and Third Parties
Attackers access military data through fencing supplier • The Register
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Supply chain related security risks, and how to protect against them (malwarebytes.com)
5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Creating a more cyber secure supply chain requires group effort - FreightWaves
Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)
Software Supply Chain
Cloud/SaaS
Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Hybrid/Remote Working
Attack Surface Management
What OSINT is, and why it’s dangerous | Kaspersky official blog
Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE
Top 10 riskiest assets threatening global business - IT Security Guru
Encryption
Government denies U-turn on encrypted messaging row - BBC News
UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop
API
Open Source
Software industry urged to assume risk on open source security | CIO Dive
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica
Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
75% of education sector attacks linked to compromised accounts - Help Net Security
Social Media
Malvertising
Parental Controls and Child Safety
Children's snack recalled after its website caught serving porn (bleepingcomputer.com)
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Regulations, Fines and Legislation
An Overview of ENISA’s Risk Management Standards Report | UpGuard
SEC tells companies to “show their work” on cyber security - Red Canary
Verizon to pay feds $4M over cyber security lapse | Light Reading
Government denies U-turn on encrypted messaging row - BBC News
UK drops 'spy clause' for scanning encrypted messages • The Register
Models, Frameworks and Standards
An Overview of ENISA’s Risk Management Standards Report | UpGuard
CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security
Explaining The New NIST Cyber Security Framework to the C-Suite
Backup and Recovery
Careers, Working in Cyber and Information Security
71% of organisations are impacted by cyber security skills shortage | Security Magazine
Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV
6 free resources for getting started in cyber security - Help Net Security
Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop
Cyber security pros battle discontent amid skills shortage - Help Net Security
Law Enforcement Action and Take Downs
It might be too soon to claim victory against Qakbot | Computer Weekly
Cops drill into chat apps to thwart coke-smuggling ring • The Register
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)
Attackers access military data through fencing supplier • The Register
Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)
Big Tech failed to police Russian disinformation: EU study • The Register
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
China
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
How Microsoft's highly secure environment was breached (malwarebytes.com)
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
German companies report more cyber attacks from Russia, China | Meta.mk
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica
South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times
Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)
Iran
Hackers push anti-Iranian government messages to millions via breached app | CyberScoop
Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)
North Korea
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)
Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
North Korean hackers target security researchers with new zero-day (therecord.media)
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Misc Nation State/Cyber Warfare
Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Vulnerability Management
Years-old Microsoft bugs are still hot targets for criminals • The Register
Old vulnerabilities are still a big problem - Help Net Security
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Vulnerabilities
Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)
Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News
Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)
Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek
Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)
ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Cisco SSO authentication bug patched - Security - Networking - iTnews
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Security or performance? Zenbleed forces you to choose | Digital Trends
Tools and Controls
Many businesses still aren't using BYOD protection | TechRadar
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
An Overview of ENISA’s Risk Management Standards Report | UpGuard
IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Dangling DNS Used to Hijack Subdomains of Major Organisations - SecurityWeek
Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)
Cut through cyber security vendor hype with these 6 tips | TechTarget
IAM, cloud security to drive new cyber security spending | CSO Online
Best practices for implementing a proper backup strategy - Help Net Security
Other News
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News
Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog
Insecure by design: What you need to know about defending critical infrastructure | CSO Online
Half of Switzerland's large companies have been the victim of a cyber attack | Euronews
Dangling DNS Used to Hijack Subdomains of Major Organizations - SecurityWeek
Securing the future: Safeguarding cyber-physical systems | CSO Online
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy - SecurityWeek
Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com
10 old-school security principles that (still) rule | CSO Online
Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18th August 2023
Black Arrow Cyber Threat Intelligence Briefing 18 August 2023:
-Ransomware Group Targeting MSPs Worldwide in New Campaign
-As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
-Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
-Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
-Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
-LinkedIn Suffers Significant Wave of Account Hacks
-High Net-Worth Families are at Risk of Cyber Crime
-Cyber Attack Rule Raises Insurance Risks for Corporate Officers
-PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
-The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
-Why Are Phones a Cyber Security Weak Spot?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Group Targeting MSPs Worldwide in New Campaign
Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.
The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.
Source [Dark Reading]
As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.
Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.
This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.
Sources [WWD] [InfoSecurity Magazine] [CRN]
Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.
Source [ITPro]
Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.
A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.
With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.
Sources [Tech Radar] [Makeuseof]
Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.
Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.
Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]
LinkedIn Suffers Significant Wave of Account Hacks
LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.
With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.
Source [Dark Reading]
High Net-Worth Families are at Risk of Cyber Crime
A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.
A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.
Source [Campdenfb]
Cyber Attack Rule Raises Insurance Risks for Corporate Officers
The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.
Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.
Whilst this is only in the US at the moment, other developed nations are likely to follow suit.
Source [Bloomberg Law]
PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.
The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.
Source [The Guardian]
The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.
A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.
Source [JDSupra]
Why Are Phones a Cyber Security Weak Spot?
Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.
Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.
Source [Tech Shout]
Governance, Risk and Compliance
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru
Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)
Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
4 reasons to understand technology risks when buying a business (businessplus.ie)
Boards Don't Want Security Promises — They Want Action (darkreading.com)
Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)
How threats to mid-sized businesses impact us all - Help Net Security
7 Reasons People Don't Understand What You Tell Them (darkreading.com)
6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)
As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN
Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)
Companies are finding it harder to detect ransomware | TechRadar
Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)
Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW
'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek
Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)
3 strategies that can help stop ransomware before it becomes a crisis | CSO Online
Latitude Financial takes profit hit from major cyber attack | The West Australian
Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)
Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)
HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED
Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)
How to Create a Ransomware Incident Response Plan (techtarget.com)
Ransomware Victims
Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)
Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)
Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)
Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
LockBit claims seven new victims in ransomware spree (techmonitor.ai)
Cyber attack strikes Prince George's County schools, district says - The Washington Post
Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Inside Housing - News - Hackney to procure new IT system after cyber attack
Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)
Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)
Alberta dental benefits administrator hit by cyber attack | Edmonton Sun
Phishing & Email Based Attacks
Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)
If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine
Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)
3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)
Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)
Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)
Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE
Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)
30% of phishing threats involve newly registered domains - Help Net Security
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)
BEC – Business Email Compromise
Artificial Intelligence
Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt
ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)
AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)
New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru
Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine
Navigating generative AI risks and regulatory challenges - Help Net Security
Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Top 10 AI Security Risks According to OWASP (trendmicro.com)
AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)
Cyber security practitioners' generative AI dilemma (iapp.org)
People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)
2FA/MFA
How to prevent multifactor authentication fatigue attacks - SiliconANGLE
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Malware
Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)
Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED
Macs are getting compromised to act as proxy exit nodes - Help Net Security
Malware Dwell Time: Everything You Need to Know (makeuseof.com)
Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)
Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)
Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag
New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)
North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)
Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)
Turns out AI probably isn't very good at writing malware • The Register
Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)
Mobile
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)
3 Mobile or Client-Side Security Myths Debunked (darkreading.com)
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)
Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)
FBI warns of money-stealing fake beta-release mobile apps • The Register
Three reasons why your smartphone needs security protection (securitybrief.co.nz)
Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)
This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch
Botnets
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)
Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)
Data Breaches/Leaks
Electoral Commission had unpatched vulnerability on server • The Register
UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)
UK govt contractor MPD FM leaks employee passport data-Security Affairs
Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)
Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
Man arrested in Northern Ireland police data leak • The Register
teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company
Here’s what you need to do after your personal data is breached (telegraph.co.uk)
Organised Crime & Criminal Actors
Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)
Cyber security researchers become target of criminal hackers | Financial Times (ft.com)
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)
Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)
File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)
How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
Web3 projects suffered from forty-two exploits within a week (coinpaper.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)
“Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)
Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)
The road ahead for ecommerce fraud prevention - Help Net Security
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED
Insurance
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Building Cyber security into the supply chain is essential as threats mount (att.com)
Why the public sector still loves Capita (even though it got hacked) - Tech Monitor
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)
Software Supply Chain
Cloud/SaaS
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing
Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
Containers
Encryption
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
WhatsApp is right to be angry about the UK’s encryption mess | The Spectator
Google adds post-quantum encryption key protection to Chrome • The Register
API
The Evolution of API: From Commerce to Cloud-Security Affairs
How financial services cyber regulations are hotting up for API security (betanews.com)
Open Source
Why a Software Bill of Materials Is Business-Critical - The Futurum Group
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
6 best practices to defend against corporate account takeover attacks | CSO Online
What's the State of Credential theft in 2023? (thehackernews.com)
Building a secure future without traditional passwords - Help Net Security
Are browser-stored passwords secure? | Kaspersky official blog
Passwordless is more than a buzzword among cyber security pros - Help Net Security
More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Social Media
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malvertising
Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser
Malvertisers up their game against researchers (malwarebytes.com)
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Navigating generative AI risks and regulatory challenges - Help Net Security
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra
Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)
How financial services cyber regulations are hotting up for API security (betanews.com)
A closer look at the new TSA oil and gas pipeline regulations - Help Net Security
Models, Frameworks and Standards
Center for Internet Security announces secretive Microsoft partnership | StateScoop
What's New in the NIST Cyber security Framework 2.0 (darkreading.com)
Data Protection
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE
Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)
Vietnam admits massive shortage of infosec pros • The Register
Heavy workloads driving IT professionals to resign - Help Net Security
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)
Law Enforcement Action and Take Downs
Polish police arrest five in swoop on Cyber Crime site - TVN24
Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Sextortion suspects on trial after one victim dies • The Register
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)
Man arrested in Northern Ireland police data leak • The Register
Privacy, Surveillance and Mass Monitoring
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs
Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Suspected spies for Russia held in major UK security investigation - BBC News
Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian
China
Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)
New Zealand says it is aware of China-linked intelligence activity in country | Reuters
China teases imminent exposé of seismic US spying scheme • The Register
Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)
15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan
US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch
Iran
German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)
Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Vulnerabilities
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)
Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)
Magento shopping cart attack targets critical vulnerability • The Register
New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)
Data centers at risk due to flaws in power management software | CyberScoop
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News
Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)
AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar
Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Tools and Controls
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
AI-powered fraud detection: Strengthening security in fintech | The Financial Express
MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)
Evaluate the risks and benefits of AI in cyber security | TechTarget
How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Building a secure future without traditional passwords - Help Net Security
Passwordless is more than a buzzword among cyber security pros - Help Net Security
SEC cyber security rules shape the future of incident management - Help Net Security
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam
Why You Need Continuous Network Monitoring? (thehackernews.com)
CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Other News
Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News
Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)
Government highlights cyber threat to health and social care | UKAuthority
Why is the Education Sector a Target for Cyber Attacks? | UpGuard
Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard
What would an OT cyber attack really cost your organisation? | CSO Online
Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)
Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)
Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)
Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.