Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

• Half of CISOs Now Report to CEO as Influence Grows - Infosecurity Magazine (infosecurity-magazine.com)

• Auditors more worried about cyber security than AI risks | Accounting Today

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• CEOs concerned about organisations’ ability to avert cyber attacks, despite understanding their impact: Report - The Hindu

• Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar

• Warning as more businesses fall victim to cyber attacks | Insurance Times

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)

• 90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)

• The world was already horrifying — technology is making it more so - The Hustle

• State of Cyber Awareness in the Boardroom (harvard.edu)

• What The Board Needs To Know: Cyber Attack Costs - WSJ

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cyber Security | Jackson Lewis P.C. - JDSupra

• Cyber security should be a business priority for CEOs - Help Net Security

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• The undeniable benefits of making cyber resiliency the new standard | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• Cyber insurance costs pressure business budgets - Help Net Security

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023

• New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)

• Should businesses follow Google’s footsteps in cyber security? | TechRadar

• Cyber security is booming but it comes at a human cost (betanews.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)

• 6 steps to getting the board on board with your cyber security program (welivesecurity.com)

Threats

Ransomware, Extortion and Destructive Attacks

• First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine

• Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber criminals can go from click to compromise in less than a day - Help Net Security

• Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)

• Almost 60% Of Businesses Are 'Very' To 'Extremely' Concerned About Ransomware Attacks - Hornetsecurity Annual Ransomware Survey (Prnewswire.Com)

• Ransomwared health insurer wasn't using anti-virus software • The Register

• Everest searching for corporate insiders amid rare pivot • The Register

• HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)

• How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)

Ransomware Victims

• MGM Suffers $100mn loss following cyber attack, hopes insurance cover will be sufficient (insuranceinsider.com)

• Cyber attack victim Estes making ‘steady progress’ - FreightWaves

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Ransomwared health insurer wasn't using anti-virus software • The Register

• BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)

• Ransomware group starts leaking data allegedly from NJ cardiology consultants group (databreaches.net)

Phishing & Email Based Attacks

• The looming threat of a single phishing click to your business (cms-lawnow.com)

• Hackers are using AI for phishing | Windows Central

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Phishing, the campaigns that are affecting Italy (securityaffairs.com)

BEC – Business Email Compromise

• What is business email compromise (BEC)? | ITPro

Other Social Engineering; Smishing, Vishing, etc

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Artificial Intelligence

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• 'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)

• Cyber security pros predict rise of malicious AI - Help Net Security

• Downing Street trying to agree statement about AI risks with world leaders | Artificial intelligence (AI) | The Guardian

• Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Hackers are using AI for phishing | Windows Central

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

• US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)

• Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)

• How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)

2FA/MFA

• Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication (pcmag.com)

Malware

• Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)

• Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)

• How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)

• Endpoint malware attacks decline as campaigns spread wider - Help Net Security

Mobile

• Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)

• Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)

• 5 quick tips to strengthen your Android phone security today | ZDNET

Botnets

• Mirai DDoS malware botnet variant expands targets with 13 router exploits (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)

• Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert

Internet of Things – IoT

• Connected vehicles can be at risk of hacking, consumer awareness paramount: experts - Victoria Times Colonist

• Automotive cyber security: A decade of progress and challenges - Help Net Security

• Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

• Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week

• Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)

Data Breaches/Leaks

• 3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)

• US Smashes Annual Data Breach Record With Three Months Left - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)

• Hackers compile database of people of Jewish descent using stolen 23andMe user data - Washington Times

• DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)

• Lyca Mobile says customer data was stolen during cyber attack | TechCrunch

• Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Air Europa customers urged to cancel cards following hack on payment system (therecord.media)

• Dymocks breach happened while changing providers | Information Age | ACS

• 88% of Hospitals And Other Health-Care Organisations Faced Cyber Attacks Last Year (databreaches.net)

• Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The cyber villains are getting bolder. Businesses need to up their game - Raconteur

• Minister:  ‘Cyber criminals are often in uncooperative jurisdictions – making international collaboration essential’ – PublicTechnology

• Protecting your business against the cyber criminal enterprise (techuk.org)

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

Insider Risk and Insider Threats

• Everest searching for corporate insiders amid rare pivot • The Register

• Time to safeguard the financial sector? Navigating employee turnover to defend against cyber attacks - Digital Journal

• Former US soldier accused of trying to pass secrets to China • The Register

• The Mind of the Inside Attacker (informationweek.com)

• Understanding the human factor of digital safety | TechRadar

Fraud, Scams & Financial Crime

• Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media

• Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• UK users of illicit streaming services warned of risk of fraud or police visit | TV streaming | The Guardian

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• Never click on bank-draining words if message pops up, expert warns (ladbible.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Deepfakes

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

AML/CFT/Sanctions

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

Insurance

• Cyber insurance costs pressure business budgets - Help Net Security

• Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News

• Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)

Supply Chain and Third Parties

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• Cyber attack hits electronics firm Volex (cityam.com)

Software Supply Chain

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

Cloud/SaaS

• The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)

• Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology

• Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (thehackernews.com)

• Securely Moving Financial Services to the Cloud (darkreading.com)

Identity and Access Management

• Why identity infrastructure is the new cyber attack surface (siliconrepublic.com)

Encryption

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

API

• You can't avoid APIs, so you need to secure them (betanews.com)

Open Source and Linux

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

• US Government Issues Open-Source Security Guidance for Critical Infras - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA publishes top 10 most common security misconfigurations • The Register

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

Social Media

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)

• What should you do if your Facebook is hacked? (pocket-lint.com)

Parental Controls and Child Safety

• New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise (thehackernews.com)

Regulations, Fines and Legislation

• SEC Adopts New and Burdensome Cyber Cecurity Disclosure Rules | Kohrman Jackson & Krantz LLP - JDSupra

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

Models, Frameworks and Standards

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

Data Protection

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

Careers, Working in Cyber and Information Security

• Work-related stress “keeps cyber professionals up at night” | ITPro

• Fifth of UK Cyber Security Pros Work Excessive Hours - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security is booming but it comes at a human cost (betanews.com)

• eBook: Cyber security career hacks for newcomers - Help Net Security

• Turning military veterans into cyber security experts - Help Net Security

• CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week

• Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)

Law Enforcement Action and Take Downs

• European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

• Cyber Attacks Targeting Israel Are on the Rise After Hamas Attack | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

• Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)

• Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week

• Israel Cyber Attacks: What MSSPs Need to Know | MSSP Alert

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

• The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cyber crime. (thecyberwire.com)

• Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)

• The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

Russia

• Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)

• Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)

• Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba

• Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

China

• A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)

• Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)

• Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Former US soldier accused of trying to pass secrets to China • The Register

• Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants (thehackernews.com)

Iran

• Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)

North Korea

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• North Korea's State-Sponsored APTs Organise & Align (darkreading.com)

Vulnerability Management

• Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)

• Microsoft Patch Tuesday turns 20 • The Register

• Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert

Vulnerabilities

• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws (securityaffairs.com)

• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)

• Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week

• Google Chrome 118 is a massive security update - gHacks Tech News

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)

• WhatsApp exploits commanding multi-million prices (computing.co.uk)

• High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)

• Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week

• Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)

• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

• New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)

• libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)

• D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• Apple releases iOS 16.7.1 to plug critical security holes | Macworld

• The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• 35 Squid proxy bugs still unpatched after 2 years • The Register

• Fortinet Releases Security Updates for Multiple Products | CISA

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

Tools and Controls

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

• 16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)

• A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)

• You can't avoid APIs, so you need to secure them (betanews.com)

• What is External Attack Surface Management (EASM)? | UpGuard

• Why You Should Phish In Your Own (informationsecuritybuzz.com)

• Why zero trust delivers even more resilience than you think - Help Net Security

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

• Unmasking the limitations of yearly penetration tests - Help Net Security

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Keep on keeping your organisation informed to stay cyber secure (techuk.org)

• Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)

Reports Published in the Last Week

• Global Incident Response Threat Report (vmware.com)

Other News

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Large law firms experiencing two 'cyber incidents' a month - Legal Futures

• Small businesses growing target for cyber criminals (planetradio.co.uk)

• The world was already horrifying — technology is making it more so - The Hustle

• Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)

• Subsea cable business seeks to plug its security holes (lightreading.com)

• Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)

• Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)

• Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star

• Proactive not reactive: adjusting the approach to cyber crime in education

• Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)

• As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security

• Social care and cyber-crime - Social care (blog.gov.uk)

• Electric Power System Cyber Security Vulnerabilities (trendmicro.com)

• Cable Giant Volex Targeted in Cyber Attack - Security Week

• Securing the Food Pipeline from Cyber Attacks (newswise.com)

• US construction giant reports cyber security incident • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

• Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

• 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

• UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

• Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

• An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

• Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

• Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

• Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

• Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

• Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

• PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

• Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Threats

Ransomware, Extortion and Destructive Attacks

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

• Bitcoin-demanding cyber criminals use bug from 2021 to initiate global ransomware attack  | TechCrunch

• UK second most targeted nation behind America for Ransomware - IT Security Guru

• Hackers who breached ION say ransom paid; company declines comment | Reuters

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)

• Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs

• Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)

• Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)

• Nevada Ransomware has released upgraded locker - Help Net Security

• Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs

• Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online

• Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• New Linux variant of Clop Ransomware uses a flawed encryption-security affairs

• After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop

• Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)

• Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools (darkreading.com)

• Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley

• MKS Instruments falls victim to ransomware attack | CSO Online

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop

Phishing & Email Based Attacks

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert

• An email attack can end up costing you over $1 million - Help Net Security

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• 'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

BEC – Business Email Compromise

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

Malware

• Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)

• Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)

• GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)

• Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)

• New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)

• Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)

Mobile

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• Android phones from Chinese vendors share private data • The Register

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDOS

• Passion botnet cyber  Attacks hit healthcare, as actors offer threat as DDoS-as-a-service  | SC Media (scmagazine.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

Internet of Things – IoT

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)

• Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Breaches/Leaks

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)

• 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek

• US Cyber Ambassador's Twitter account hacked • The Register

• Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Reddit reveals security incident • The Register

• Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)

Organised Crime & Criminal Actors

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek

• Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security

• Australian Man Sentenced for Scam Related to Optus Hack  - SecurityWeek

• Bungling Optus scammer was no criminal mastermind • Graham Cluley

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Avraham Eisenberg in court accused of crypto exchange crash • The Register

• Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)

• Scammers steal $4 million in crypto during in-person meeting • The Register

• Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)

Insider Risk and Insider Threats

• Another RAC staffer nabbed for sharing road accident data • The Register

• Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Fraud, Scams & Financial Crime

• PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware (darkreading.com)

• As V-Day nears: Romance scams cost victims $1.3B last year • The Register

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• Father killed himself after falling victim to romance scam | News | The Times

• 'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• From ‘hi mum’ to crypto fraud: five of the latest scams to watch out for | Cyber crime | The Guardian

• Criminals use Telegram to recruit 'walkers' as America's big banks see an 84% increase in check fraud (cnbc.com)

• 5 Financial Scams To Watch Out For In 2023 (cnbc.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• Banks leave doors open for scammers with flaws in online security | This is Money

• Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Impersonation Attacks

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online

AML/CFT/Sanctions

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

Insurance

• Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)

• Cyber Insurance, A Must-Have for Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• How to Optimise Your Cyber Insurance Coverage (darkreading.com)

Dark Web

• BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Have we learnt nothing from SolarWinds supply chain attacks? • The Register

• Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek

Software Supply Chain

• Security pros say third parties are increasingly the cause of cyber security incidents | SC Media (scmagazine.com)

Cloud/SaaS

• How the Cloud Is Shifting CISO Priorities (darkreading.com)

• Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)

• Amazon S3 to apply security best practices for all new buckets - Help Net Security

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• 7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)

Hybrid/Remote Working

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Predictions For Securing Today's Hybrid Workforce (darkreading.com)

Identity and Access Management

• 4 identity predictions for 2023 | TechTarget

Encryption

• It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

API

• 10 API Security Best Practices To Protect Your Organisation (informationsecuritybuzz.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

Biometrics

• Novel face swaps emerge as a major threat to biometric security - Help Net Security

Social Media

• Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Malvertising

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

Training, Education and Awareness

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

• Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)

Parental Controls and Child Safety

• It’s never too early to chat to your kids about online safety | Sarah Ayoub | The Guardian

Regulations, Fines and Legislation

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Prioritising Cyber security Regulation Harmonisation (darkreading.com)

Governance, Risk and Compliance

• Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• The dangers of unsupported applications - Help Net Security

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Trends that impact on organisations' 2023 security priorities - Help Net Security

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)

• Surge of swatting attacks targets corporate executives and board members | CSO Online

• Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Models, Frameworks and Standards

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Protection

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• European Police Arrest 42 After Cracking Covert App - SecurityWeek

• Eurocops shut down Exclu encrypted messaging app • The Register

• Vastaamo hacking suspect arrested in France | TechTarget

• Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

Artificial Intelligence

• Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber  Attacks? Here are Some Clues - MSSP Alert

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security

• Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

• Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)

• Generative AI: A benefit and a hazard - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Google's Bard AI bot mistake wipes $100bn off shares - BBC News

• $120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)

• Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• What is hybrid warfare? Inside the centre dealing with modern threats - BBC News

• Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB's warrantless surveillance-security affairs

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek

• US teases new China tech sanctions to deflate balloon-makers • The Register

Nation State Actors

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek

• US Downs Chinese Balloon Off Carolina Coast - SecurityWeek

• How did the US successfully shoot down China's 'spy balloon' with a single missile - and what was on it? | US News | Sky News

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Android phones from Chinese vendors share private data • The Register

• US sources insist Chinese balloon was military - BBC News

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• SNP MP Stewart McDonald's emails hacked by Russian group - BBC News

• Australia to remove Chinese surveillance cameras amid security fears - BBC News

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek

• Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Downed balloon one of a ‘fleet’ of Chinese surveillance devices, US alleges | Surveillance | The Guardian

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

• NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (thehackernews.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

• US teases new China tech sanctions to deflate balloon-makers • The Register

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop

Vulnerability Management

• Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online

• The dangers of unsupported applications - Help Net Security

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• How to fix the top 5 cyber security vulnerabilities | TechTarget

• 20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)

Vulnerabilities

• High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek

• Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)

• Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs

• Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)

• GoAnywhere MFT zero-day flaw actively exploited-security affairs

• Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs

• Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online

• Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)

• Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)

• OpenSSL Ships Patch for High-Severity Flaws - SecurityWeek

• Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)

• SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)

• Chrome 110 Patches 15 Vulnerabilities - SecurityWeek

• OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Tools and Controls

• Growing number of endpoint security tools overwhelm users, leaving devices unprotected | CSO Online

• Poor Endpoint Device Management Trigger Cyber  Attacks, New Report Finds - MSSP Alert

• Implementing Digital Rights Management Systems to Safeguard Against Unauthorised Access Of Protected Content (informationsecuritybuzz.com)

• Endpoint security getting easier, but most organisations lack tool consolidation - Help Net Security

Other News

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)

• Surge of swatting a attacks targets corporate executives and board members | CSO Online

• Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• LastPass Admits Attackers have an Encrypted Copy of Customers’ Password Vaults 

Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contain the passwords to their accounts.

In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that in the August 2022 attack “some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.” Those creds allowed the attacker to copy information “that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

The update reveals that the attacker also copied “customer vault” data, the file LastPass uses to let customers record their passwords. That file “is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” The passwords are encrypted with “256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password”.

LastPass’ advice is that even though attackers have that file, customers who use its default settings have nothing to do as a result of this update as “it would take millions of years to guess your master password using generally-available password-cracking technology.” One of those default settings is not to re-use the master password that is required to log into LastPass. The outfit suggests you make it a complex credential and use that password for just one thing: accessing LastPass.

LastPass therefore offered the following advice to individual and business users: If your master password does not make use of the defaults above, then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimising risk by changing passwords of websites you have stored.

LastPass’s update concludes with news it decommissioned the systems breached in August 2022 and has built new infrastructure that adds extra protections.

https://www.theregister.com/2022/12/23/lastpass_attack_update/

• Ransomware Attacks Increased 41% In November

Ransomware attacks rose 41% last month as groups shifted among the top spots and increasingly leveraged DDoS attacks, according to new research from NCC Group.

A common thread of NCC Group's November Threat Pulse was a "month full of surprises," particularly related to unexpected shifts in threat actor behaviour. The Cuba ransomware gang resurged with its highest number of attacks recorded by NCC Group. Royal replaced LockBit 3.0 as the most active strain, a first since September of last year.

These factors and more contributed to the significant jump in November attacks, which rose from 188 in October to 265.

"For 2022, this increase represents the most reported incidents in one month since that of April, when there were 289 incidents, and is also the largest month-on-month increase since June-July's marginally larger increase of 47%," NCC Group wrote in the report.

Operators behind Royal ransomware, a strain that emerged earlier this year that operates without affiliates and utilises intermittent encryption to evade detection, surpassed LockBit 3.0 for the number one spot, accounting for 16% of hack and leak incidents last month.

https://www.techtarget.com/searchsecurity/news/252528505/NCC-Group-Ransomware-attacks-increased-41-in-November

• The Risk of Escalation from Cyber Attacks Has Never Been Greater

In 2022, an American dressed in his pyjamas took down North Korea’s Internet from his living room. Fortunately, there was no reprisal against the United States. But Kim Jong Un and his generals must have weighed retaliation and asked themselves whether the so-called independent hacker was a front for a planned and official American attack.

In 2023, the world might not get so lucky. There will almost certainly be a major cyber attack. It could shut down Taiwan’s airports and trains, paralyse British military computers, or swing a US election. This is terrifying, because each time this happens, there is a small risk that the aggrieved side will respond aggressively, maybe at the wrong party, and (worst of all) even if it carries the risk of nuclear escalation.

This is because cyber weapons are different from conventional ones. They are cheaper to design and wield. That means great powers, middle powers, and pariah states can all develop and use them.

More important, missiles come with a return address, but virtual attacks do not. Suppose in 2023, in the coldest weeks of winter, a virus shuts down American or European oil pipelines. It has all the markings of a Russian attack, but intelligence experts warn it could be a Chinese assault in disguise. Others see hints of the Iranian Revolutionary Guard. No one knows for sure. Presidents Biden and Macron have to decide whether to retaliate at all, and if so, against whom … Russia? China? Iran? It's a gamble, and they could get unlucky.

Neither country wants to start a conventional war with one another, let alone a nuclear one. Conflict is so ruinous that most enemies prefer to loathe one another in peace. During the Cold War, the prospect of mutual destruction was a huge deterrent to any great power war. There were almost no circumstances in which it made sense to initiate an attack. But cyber warfare changes that conventional strategic calculus. The attribution problem introduces an immense amount of uncertainty, complicating the decision our leaders have to make.

https://arstechnica.com/information-technology/2022/12/the-risk-of-escalation-from-cyberattacks-has-never-been-greater/

• FBI Recommends Ad Blockers as Cyber Criminals Impersonate Brands in Search Engine Ads

The Federal Bureau of Investigation (FBI) this week raised the alarm on cyber criminals impersonating brands in advertisements that appear in search engine results. The agency has advised consumers to use ad blockers to protect themselves from such threats.

The attackers register domains similar to those of legitimate businesses or services, and use those domains to purchase ads from search engine advertisement services, the FBI says in an alert. These nefarious ads are displayed at the top of the web page when the user searches for that business or service, and the user might mistake them for an actual search result.

Links included in these ads take users to pages that are identical to the official web pages of the impersonated businesses, the FBI explains. If the user searches for an application, they are taken to a fake web page that uses the real name of the program the user searches for, and which contains a link to download software that is, in fact, malware.

“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms,” the FBI notes. Seemingly legitimate exchange platforms, the malicious sites prompt users to provide their login and financial information, which the cyber criminals then use to steal the victim’s funds.

“While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” the FBI says.

Businesses are advised to use domain protection services to be notified of domain spoofing, and to educate users about spoofed websites and on how to find legitimate downloads for the company’s software.

Users are advised to check URLs to make sure they access authentic websites, to type a business’ URL into the browser instead of searching for that business, and to use ad blockers when performing internet searches. Ad blockers can have a negative impact on the revenues of online businesses and advertisers, but they can be good for online security, and even the NSA and CIA are reportedly using them.

https://www.securityweek.com/fbi-recommends-ad-blockers-cybercriminals-impersonate-brands-search-engine-ads

• North Korea-Linked Hackers Stole $626 Million in Virtual Assets in 2022

South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.

According to the spy agency, more than half the crypto assets (about 800 billion won ($626 million)) have been stolen this year alone, reported the Associated Press. The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh UN sanctions.

“South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cyber crimes since UN economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” reported the AP agency. North Korea cannot export its products due to the UN sanctions imposed in 2016 and 1017, and the impact on its economy is dramatic.

The NIS added that more than 100 billion won ($78 million) of the total stolen funds came from South Korea. Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. National Intelligence Service experts believe that North Korea-linked APT groups will focus on the theft of South Korean technologies and confidential information on South Korean foreign policy and national security.

Data published by the National Intelligence Service agency confirms a report published by South Korean media outlet Chosun early this year that revealed North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple exchanges during the past five years.

https://securityaffairs.co/wordpress/139909/intelligence/north-korea-cryptocurrency-theft.html

• UK Security Agency Wants Fresh Approach to Combat Phishing

The UK National Cyber Security Centre (NCSC) has called for a defence-in-depth approach to help mitigate the impact of phishing, combining technical controls with a strong reporting culture.

Writing in the agency’s blog, technical director and principal architect, “Dave C,” argued that many of the well-established tenets of anti-phishing advice simply don’t work. For example, advising users not to click on links in unsolicited emails is not helpful when many need to do exactly that as part of their job.

This is often combined with a culture where users are afraid to report that they’ve accidentally clicked, which can delay incident response, he said. It’s not the user’s responsibility to spot a phish – rather, it’s their organisation’s responsibility to protect them from such threats, Dave C argued.

As such, they should build layered technical defences, consisting of email scanning and DMARC/SPF policies to prevent phishing emails from arriving into inboxes. Then, organisations should consider the following to prevent code from executing:

• Allow-listing for executables

• Registry settings changes to ensure dangerous scripting or file types are opened in Notepad and not executed

• Disabling the mounting of .iso files on user endpoints

• Making sure macro settings are locked down

• Enabling attack surface reduction rules

• Ensuring third-party software is up to date

• Keeping up to date about current threats

Additionally, organisations should take steps such as DNS filtering to block suspicious connections and endpoint detection and response (EDR) to monitor for suspicious behaviour, the NCSC advised.

https://www.infosecurity-magazine.com/news/uk-security-agency-combat-phishing/

• GodFather Android malware targets 400 banks, crypto exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log into the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.

The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defences. ThreatFabric first discovered Godfather in March 2021, but it has undergone massive code upgrades and improvements since then.

Also, Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play. Group-IB has found a limited distribution of the malware in apps on the Google Play Store; however, the main distribution channels haven't been discovered, so the initial infection method is largely unknown.

Almost half of all apps targeted by Godfather, 215, are banking apps, and most of them are in the United States (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17).

Apart from banking apps, Godfather targets 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.

https://www.bleepingcomputer.com/news/security/godfather-android-malware-targets-400-banks-crypto-exchanges/

• Companies Overwhelmed by Available Tech Solutions

92% of executives reported challenges in acquiring new tech solutions, highlighting the complexities that go into the decision-making process, according to GlobalDots.

Moreover, some 34% of respondents said the overwhelming amount of options was a challenge when deciding on the right solutions, and 33% admitted the time needed to conduct research was another challenge in deciding.

Organisations of all varieties rely on technology more than ever before. The constant adoption of innovation is no longer a luxury but rather a necessity to stay on par in today’s fast-paced and competitive digital landscape. In this environment, IT and security leaders are coming under increased pressure to show ROIs from their investment in technology while balancing operational excellence with business innovation. Due to current market realities, IT teams are short-staffed and suffering from a lack of time and expertise, making navigating these challenges even more difficult.

The report investigated how organisations went about finding support for their purchasing decisions. Conferences, exhibitions, and online events served as companies’ top source of information for making purchasing decisions, at 52%. Third-party solutions, such as value-added resellers and consultancies, came in second place at 48%.

54% are already using third parties to purchase, implement, or support their solutions, highlighting the value that dedicated experts with in-depth knowledge of every solution across a wide range of IT fields provide.

We are living in an age of abundance when it comes to tech solutions for organisations, and this makes researching and purchasing the right solutions for your organisation extremely challenging.

https://www.helpnetsecurity.com/2022/12/20/tech-purchasing-decisions/

• Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected

Talon Cyber Security surveyed 258 third-party providers to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.

Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so they took a step back with their research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.

Here’s what Talon discovered:

• Most third parties (89%) work from personal, unmanaged devices, where organisations lack visibility and cannot enforce the enterprise’s security posture on. Talon pointed to a Microsoft data point that estimated users are 71% more likely to be infected on an unmanaged device.

• With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used their devices to:

  • Browse the internet for personal needs (76%)

  • Indulge in online shopping (71%)

  • Check personal email (75%)

  • Save weak passwords in the web browser (61%)

  • Play games (53%)

  • Allow family members to browse (36%)

  • Share passwords with co-workers (24%)

• Legacy apps such as Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organisations.

https://www.msspalert.com/cybersecurity-research/nine-in-10-third-party-contractors-freelancers-use-personal-unmanaged-devices-likely-to-be-infected/

• UK Privacy Regulator Names and Shames Breached Firms

The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts.

The data, available from Q4 2021 onwards, includes the organisation’s name and sector, the relevant legislation and the type of issues involved, the date of completion and the outcome.

Given the significance of this development, it’s surprising that the ICO has (1) chosen to release it with limited fanfare, and (2) buried the data sets on its website. Indeed, it seems to have flown almost entirely under the radar.

Understanding whether their breach or complaint will be publicised by European regulators is one of – if not the – main concern that organisations have when working through an incident, and the answer has usually been no. That is particularly the understanding or assumption where the breach or complaint is closed without regulatory enforcement. Now, at least in the UK, the era of relative anonymity looks to be over.

Despite the lack of fanfare around the announcement, this naming and shaming approach could make the ICO one of the more aggressive privacy regulators in Europe. In the future, claimant firms in class action lawsuits may adopt “US-style practices” of scanning the ICO database to find evidence of repeat offending or possible new cases.

The news comes even as data reveals the value of ICO fines issued in the past year tripled from the previous 12 months. In the year ending October 31 2022, the regulator issued fines worth £15.2m, up from £4.8m the previous year. The sharp increase in the value of fines shows the ICO’s increasing willingness selectively to crack down on businesses – particularly those that the ICO perceives has not taken adequate measures to protect customer and employee data.

https://www.infosecurity-magazine.com/news/uk-privacy-regulator-names-and/

Threats

Ransomware, Extortion and Destructive Attacks

• 20 companies affected by major ransomware attacks in 2021 | TechTarget

• NCC Group: Ransomware attacks increased 41% in November | TechTarget

• Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (trendmicro.com)

• Adversarial risk in the age of ransomware - Help Net Security

• Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record by Recorded Future

• FIN7 hackers create auto-attack platform to breach Exchange servers (bleepingcomputer.com)

• New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure (thehackernews.com)

• Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com

• New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080) - Help Net Security

• British newspaper The Guardian says it’s been hit by ransomware | TechCrunch

• Play ransomware actors bypass ProxyNotShell mitigations | TechTarget

• Preventing Cryptocurrency Cyber Extortion (trendmicro.com)

• FIN7 Cyber crime Syndicate Emerges as Major Player in Ransomware Landscape (thehackernews.com)

• Vice Society ransomware gang is using a custom locker - Security Affairs

• NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost

• German industrial giant ThyssenKrupp targeted in a cyber attack - Security Affairs

• Paying Ransom: Why Manufacturers Shell Out to Cyber criminals (darkreading.com)

• France Seeks to Protect Hospitals After Series of Cyber attacks | SecurityWeek.Com

• Fire and rescue service in Victoria, Australia, confirms cyber attack - Security Affairs

• Ransomware hits Leiden University - Techzine Europe

• Play Ransomware Gang Lay Claims For Cyber Attack On H-Hotels (informationsecuritybuzz.com)

• Evolving threats and broadening responses to Ransomware in the UAE - Security Boulevard

• Cyber Incident Causes System Failures at Canadian Children’s Hospital - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Five Best Practices for Consumers to Beat Phishing Campaigns This Holiday Season - CPO Magazine

• Hackers continue to exploit hijacked MailChimp accounts in cyber crime campaigns (bitdefender.com)

• Holiday Spam, Phishing Campaigns Challenge Retailers (darkreading.com)

• Email hijackers scam food out of businesses, not just money • The Register

• Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK

• UK Security Agency Calls for Fresh Approach to Combat Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• “Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)

• Simple Steps to Avoid Phishing Attacks During This Festive season | Tripwire

• Web3 IPFS Currently Used For Phishing (trendmicro.com)

BEC – Business Email Compromise

• Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK

• What happens once scammers receive funds from their victims - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Amplified security trends to watch out for in 2023 - Help Net Security

2FA/MFA

• Why Security Teams Shouldn't Snooze on MFA Fatigue (darkreading.com)

• Comcast Xfinity accounts hacked in widespread 2FA bypass attacks (bleepingcomputer.com)

Malware

• DarkTortilla malware spreads on phishing sites masquerading as legitimate domains | SC Media (scmagazine.com)

• Malicious ‘SentinelOne’ PyPI package steals data from developers (bleepingcomputer.com)

• Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)

• Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)

• Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (darkreading.com)

• Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)

• Raspberry Robin Worm Targets Telcos & Governments (darkreading.com)

• Detecting Windows AMSI Bypass Techniques (trendmicro.com)

• Raspberry Robin worm drops fake malware to confuse researchers (bleepingcomputer.com)

• Number of command-and-control servers spiked in 2022: report - The Record by Recorded Future

Mobile

• GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)

• Godfather makes banking apps an offer they can’t refuse • The Register

• Beware: Cyber criminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users (thehackernews.com)

• T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)

Botnets

• Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)

• Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)

• Flaws within IoT devices exploited by the Zerobot botnet (izoologic.com)

• Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)

Denial of Service/DoS/DDOS

• How AI/ML Can Thwart DDoS Attacks (darkreading.com)

• DDoS Attacks are Slowly Growing in the Technology Era (analyticsinsight.net)

• Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)

BYOD

• Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected - MSSP Alert

Internet of Things – IoT

• Millions of IP cameras around the world are unprotected | TechRadar

• Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)

• Eufy has removed privacy-focused language from its website amid ongoing security camera fiasco (androidpolice.com)

• Throw away all your Eufy cameras right now | Android Central

• Read what Anker’s customer support is telling worried Eufy camera owners - The Verge

• Amazon Ring Cameras Used in Nationwide ‘Swatting’ Spree, US Says - Bloomberg

• Connected homes are expanding, so is attack volume - Help Net Security

• Security Risks, Serious Vulnerabilities Rampant Among XIoT Devices in the Workplace - CPO Magazine

• Researchers Develop AI-powered Malware Classification for 5G-enabled IIoT - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

• Okta's source code stolen after GitHub repositories hacked (bleepingcomputer.com)

• McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register

• NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost

• Notice of Recent Security Incident - The LastPass Blog

• Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days - Security Affairs

• Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale (bleepingcomputer.com)

• Leading sports betting firm BetMGM discloses data breach (bleepingcomputer.com)

• MP blasts water firm over cyber attack that saw customers' details leaked to dark web - Staffordshire Live (staffordshire-live.co.uk)

Organised Crime & Criminal Actors

• 'Russian hackers' help two New York men game JFK taxi system - CyberScoop

• Hackers Mined a Single Software Flaw for a Year in NY Cyber attack - The New York Times (nytimes.com)

• What happens once scammers receive funds from their victims - Help Net Security

• [FIN7] Fin7 Unveiled: A deep dive into notorious cyber crime gang - PRODAFT

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Microsoft bans cryptomining in Azure | TechRadar

• FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)

• GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)

• Preventing Cryptocurrency Cyber Extortion (trendmicro.com)

• Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian

• North Korea-linked hackers stole $626M in virtual assets in 2022 - Security Affairs

Insider Risk and Insider Threats

• Amplified security trends to watch out for in 2023 - Help Net Security

Fraud, Scams & Financial Crime

• FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)

• “Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)

• Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register

• Over 67,000 DraftKings Betting Accounts Hit by Hackers (gizmodo.com)

• What happens once scammers receive funds from their victims - Help Net Security

• T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)

• Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)

• Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian

• Inside The Next-Level Fraud Ring Scamming Billions Off Holiday Retailers (darkreading.com)

Supply Chain and Third Parties

• teiss - Supply Chain Security - Hacking the supply chain

• Supply Chain Risks Got You Down? Keep Calm and Get Strategic! (darkreading.com)

Cloud/SaaS

• Microsoft bans cryptomining in Azure | TechRadar

• McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register

• AWS simplifies Simple Storage Service to prevent data leaks • The Register

• Organisations Warned of New Attack Vector in Amazon Web Services - Infosecurity Magazine (infosecurity-magazine.com)

• New Brand of Security Threats Surface in the Cloud (darkreading.com)

• Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)

• Dealing with cloud security shortfalls - Help Net Security

• It’s time to fill those cloud security gaps • The Register

• Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses (darkreading.com)

Hybrid/Remote Working

• Remote Workers Are Blowing the Whistle, Employees Exposing Companies

Attack Surface Management

• Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected - MSSP Alert

Encryption

• Biden Signs Post-Quantum Cyber security Guidelines Into Law (darkreading.com)

API

• APIs are placing your enterprise at risk - Help Net Security

Open Source

• Open source vulnerabilities add to security debt - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass admits attackers copied password vaults • The Register

• LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

• Notice of Recent Security Incident - The LastPass Blog

Social Media

• Meta Takes Down Over 200 Covert Influence Operations Since 2017 - Infosecurity Magazine (infosecurity-magazine.com)

• Social media use can put companies at risk: Here are some ways to mitigate the danger | CSO Online

• Colleges Move To Ban TikTok on Campus (gizmodo.com)

Malvertising

• Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register

• Don't click too quick! FBI warns of malicious search engine ads | Tripwire

• FBI Recommends Ad Blockers as Cyber criminals Impersonate Brands in Search Engine Ads | SecurityWeek.Com

• Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)

Parental Controls and Child Safety

• Buggy parental-control apps could allow device takeover • The Register

• Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cyber security Book for Children (darkreading.com)

• Children And The Dangers Of The Virtual World (informationsecuritybuzz.com)

Regulations, Fines and Legislation

• TSB fined nearly $60m for platform migration disaster • The Register

• FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children's Privacy Law (thehackernews.com)

• UK Privacy Regulator Names and Shames Breached Firms - Infosecurity Magazine (infosecurity-magazine.com)

• FCC proposes record-breaking $300 million fine against robocaller (bleepingcomputer.com)

• France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com

• The long, long reach of the UK’s national security laws | Financial Times

Governance, Risk and Compliance

• Make sure your company is prepared for the holiday hacking season - Help Net Security

• Rethinking Risk After the FTX Debacle (darkreading.com)

• The benefit of adopting a hacker mindset for building security strategies - Help Net Security

Careers, Working in Cyber and Information Security

• CISO roles continue to expand beyond technical expertise - Help Net Security

• UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times

Law Enforcement Action and Take Downs

• Swatting spree suspects charged after compromising Ring cams • The Register

Privacy, Surveillance and Mass Monitoring

• Not Big Brother, but close: a surveillance expert explains some of the ways we’re all being watched, all the time (theconversation.com)

• France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com

• What is surveillance capitalism? - Definition from WhatIs.com (techtarget.com)

• Google Maps: Important reason you should blur your house on Street View (ladbible.com)

• Blur Your House ASAP if It's on Google Maps. Here's Why - CNET

Artificial Intelligence

• Threat Modeling in the Age of OpenAI's Chatbot (darkreading.com)

• This is how OpenAI's ChatGPT can be used to launch cyber attacks (techmonitor.ai)

• How AI/ML Can Thwart DDoS Attacks (darkreading.com)

• Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cyber security Book for Children (darkreading.com)

Misinformation, Disinformation and Propaganda

• Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber Warfare Is Getting Real | WIRED

• State level cyber attacks – Why and how (ukdefencejournal.org.uk)

• The risk of escalation from cyber attacks has never been greater | Ars Technica

• Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)

• Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)

• NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine (darkreading.com)

• Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine | SecurityWeek.Com

• Kremlin-linked hackers tried to spy on oil firm in NATO country, researchers say | CNN Politics

• ‘Our weapons are computers’: Ukrainian coders aim to gain battlefield edge | Ukraine | The Guardian

• The long, long reach of the UK’s national security laws | Financial Times

• UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times

Nation State Actors

Nation State Actors – Russia

• UK orders sale of Russian-backed broadband firm Upp over ‘security risk’ | Telecommunications industry | The Guardian

• Dark Web Profile: Killnet - Russian Hacktivist Group - SOCRadar

Nation State Actors – China

• Apple accused of censoring apps in Hong Kong and Russia • The Register

• The long, long reach of the UK’s national security laws | Financial Times

Nation State Actors – North Korea

• North Korea-linked hackers stole $626M in virtual assets in 2022 - Security Affairs

Vulnerability Management

• Open source vulnerabilities add to security debt - Help Net Security

• Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future - Infosecurity Magazine (infosecurity-magazine.com)

• Top 5 Vulnerabilities Routinely Exploited by Threat Actors in 2022 (socradar.io)

• Over 50 New CVE Numbering Authorities Announced in 2022 | SecurityWeek.Com

• A Guide to Efficient Patch Management with Action1 (thehackernews.com)

• Digging into the numbers one year after Log4Shell | SC Media (scmagazine.com)

Vulnerabilities

• Critical Windows code-execution vulnerability went undetected until now | Ars Technica

• FoxIt Patches Code Execution Flaws in PDF Tools | SecurityWeek.Com

• Old vulnerabilities in Cisco products actively exploited in the wild - Security Affairs

• OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations

• Microsoft reports macOS Gatekeeper has an 'Achilles' heel • The Register

• Microsoft will turn off Exchange Online basic auth in January (bleepingcomputer.com)

• Cisco’s Talos security bods predict new wave of Excel Hell • The Register

• Microsoft pushes emergency fix for Windows Server Hyper-V VM issues (bleepingcomputer.com)

• Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com

• New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080) - Help Net Security

• Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)

• Two New Security Flaws Reported in Ghost CMS Blogging Software (thehackernews.com)

• Critical Security Flaw Reported in Passwordstate Enterprise Password Manager (thehackernews.com)

• This critical Windows security flaw could be as serious as WannaCry, experts claim | TechRadar

• Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)

• Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems (thehackernews.com)

Tools and Controls

• Companies overwhelmed by available tech solutions - Help Net Security

• Is Enterprise VPN on Life Support or Ripe for Reinvention? | SecurityWeek.Com

Reports Published in the Last Week

• National Cyber Security Centre (NCSC) Annual Review 2022: Highlights and Thoughts | Tripwire

Other News

• 'Sextortion,' Business Disruption, and a Massive Attack: What Could Be in Store for 2023 (darkreading.com)

• The Growing Risk Of Malicious QR Codes (informationsecuritybuzz.com)

• NASA infosec again falls short of required standard • The Register

• US Joint Cyber Force Elevated to Newest Subordinate Unified Command - MSSP Alert

• The Rise of the Rookie Hacker - A New Trend to Reckon With (thehackernews.com)

• What enumeration attacks are and how to prevent them | TechTarget

• US consumers seriously concerned over their personal data | CSO Online

• The FBI is worried about wave of crime against small businesses (cnbc.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.