Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)

Vulnerability Management

• New law could turn UK into a hacker's playground | Computerworld

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• How did Clop get its hands on the MOVEit zero day? (therecord.media)

Vulnerabilities

• Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks (thehackernews.com)

• Microsoft Teams attack exposes collab platform security gaps | TechTarget

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)

• Google Chrome 116's second point update addresses a security issue - gHacks Tech News

• Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)

• Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week

• This WordPress plugin with 5 million users could have a serious security flaw | TechRadar

• Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)

Tools and Controls

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

• Enterprise dark web monitoring: Why it's worth the investment | TechTarget

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• Here's What Your Breach Response Plan Might Be Missing (darkreading.com)

• The Middleware Threats to Microsoft's Monopoly | HackerNoon

• Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)

• Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)

• Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)

• Detecting the Undetected: The Risk to Your Info (securityintelligence.com)

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Other News

• Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)

• Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt

• When lives rely on equipment, cyber security is essential | Healthcare IT News

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Rising cyber incidents challenge healthcare organisations - Help Net Security

• Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)

• Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• 69% of educational organisations suffered cyber attack in the past year - Netwrix survey

• Claroty's 2023 Global Healthcare Cyber Security Study Exposes Widespread Vulnerabilities And Impact (informationsecuritybuzz.com)

• Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)

• Debunking The Top Five Cyber Security Myths (forbes.com)

• Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)

• Cyber Attacks Targeting E-commerce Applications (thehackernews.com)

• Industrial networks need better security as attacks gain scale | ZDNET

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

• 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

• Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

• Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

• AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

• Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

• Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

• BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

• CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

• UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

• Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks

Threats

Ransomware, Extortion and Destructive Attacks

• Make them pay: Hackers devise new tactics to ensure ransomware payment | CSO Online

• Ransomware gangs display ruthless extortion tactics in April | TechTarget

• Our appetite for data increases the risk of being held to ransom (thetimes.co.uk)

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows - MSSP Alert

• Ransomware review: May 2023 (malwarebytes.com)

• Ransomware Attacks Adapt With New Techniques: Kaspersky Report - Infosecurity Magazine (infosecurity-magazine.com)

• The new ransomware strain is picking off big businesses one by one - and yours could be next | TechRadar

• Refined methodologies of ransomware attacks - Help Net Security

• Ranking ransomware: The gangs, the malware and the ever-present risks | CyberScoop

• Ransomware Encryption Rates Reach New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (therecord.media)

• Royal ransomware gang quickly expands reign | SC Media (scmagazine.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• Ransomware attack confirmed at Rochester Public Schools, FBI alerted - Bring Me The News

• Constellation Struck By Ransomware Attack, ALPHV Lays Claim (informationsecuritybuzz.com)

• New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (thehackernews.com)

• New Akira Ransomware Operation Hits Corporate Networks | Black Hat Ethical Hacking

• Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (bleepingcomputer.com)

• $1.1M Paid to Resolve Ransomware Attack on California County - SecurityWeek

• Western Digital store offline due to March breach - Help Net Security

• Western Digital Confirms Ransomware Group Stole Customer Information - SecurityWeek

• Former Conti members are behind latest Royal ransomware hacking spree, report finds (axios.com)

• Hackers Contacted Dragos CEO’s Son, Wife in Extortion Attempt - Bloomberg

• Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs (darkreading.com)

• Australian software giant won’t say if customers affected by hack | TechCrunch

• Multinational tech firm ABB hit by Black Basta ransomware attack (bleepingcomputer.com)

• Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band's songs -Security Affairs

Phishing & Email Based Attacks

• Q1 Cofense Phishing Intelligence Report - Cofense

• "Greatness" Phishing Tool Exploits Microsoft 365 Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• This dangerous phishing attack is targeting Microsoft users everywhere, so be on your guard | TechRadar

• Gmail gets blue verification checks to protect against spoofing and phishing | ZDNET

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

BEC – Business Email Compromise

• Exploring the Rise of Israel-Based BEC Attacks | Abnormal (abnormalsecurity.com)

2FA/MFA

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

Malware

• Chrome users, stay alert: Malware may be just one click away - gHacks Tech News

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• Millions of mobile phones come pre-infected with malware • The Register

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fake system update drops Aurora stealer via Invalid Printer loader (malwarebytes.com)

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Mobile

• Millions of mobile phones come pre-infected with malware • The Register

• Mobile hacking and spyware – understanding the risks - TechHQ

• Google Announces New Privacy, Safety, and Security Features Across Its Services (thehackernews.com)

• Google Improves Android Security With New APIs - SecurityWeek

• New Android FluHorse malware steals your passwords, 2FA codes (bleepingcomputer.com)

• Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads (thehackernews.com)

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

Botnets

• Bad Bots Now Account For 30% of All Internet Traffic - Infosecurity Magazine (infosecurity-magazine.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Internet of Things – IoT

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

Data Breaches/Leaks

• Security researcher finds trove of Capita data exposed online | TechCrunch

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• Why the 'Why' of a Data Breach Matters (darkreading.com)

• OpenAI confirms ChatGPT data breach (cshub.com)

• Western Digital says hackers stole customer data in March cyber attack (bleepingcomputer.com)

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

• Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable | Tom's Hardware(tomshardware.com)

• 1 Million Impacted by Data Breach at NextGen Healthcare - SecurityWeek

• Twitter admits 'security incident' broke Circle privacy • The Register

• Food distribution giant Sysco warns of data breach after cyber attack (bleepingcomputer.com)

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• Brightly warns of SchoolDude data breach exposing credentials (bleepingcomputer.com)

• Simplify data hack cost the firm almost £7m - Property Industry Eye

Organised Crime & Criminal Actors

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• How hackers are recruiting on the dark web (thetimes.co.uk)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Briton pleads guilty in US to 2020 Twitter hack - BBC News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison - SecurityWeek

• UK cops score another legal win in EncroChat spying case • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Exploit Hardware Wallet to Steal Almost $30,000 - Infosecurity Magazine (infosecurity-magazine.com)

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Insider Risk and Insider Threats

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

Fraud, Scams & Financial Crime

• Banks warn of big increase in online scams - BBC News

• Fraud victims risk more than money - Help Net Security

• Five Things Scammers Are Hoping You Google (lifehacker.com)

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

• QR codes used in fake parking tickets, surveys to steal your money (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

Insurance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• Court Rules in Favour of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyber attack - SecurityWeek

Dark Web

• How hackers are recruiting on the dark web (thetimes.co.uk)

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

Supply Chain and Third Parties

• Security researcher finds trove of Capita data exposed online | TechCrunch

• Cyber hack to cost UK outsourcer Capita up to $25 mln | Reuters

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

Software Supply Chain

• The SBOM Bombshell - SecurityWeek

• 5 SBOM tools to start securing the software supply chain | TechTarget

Cloud/SaaS

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• How to reduce risk with cloud attack surface management | TechTarget

• ENISA leans into EU clouds with draft cyber security label • The Register

Hybrid/Remote Working

• 8 habits of highly-secure remote workers | ZDNET

Attack Surface Management

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Identity and Access Management

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

• Review your on-prem ADCS infrastructure before attackers do it for you | CSO Online

• Why the FTX Collapse Was an Identity Problem (darkreading.com)

Asset Management

• CISOs confront mounting obstacles in tracking cyber assets - Help Net Security

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Encryption

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

API

• Google Improves Android Security With New APIs - SecurityWeek

Open Source

• India bans open source messaging apps on security grounds • The Register

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 83% of Americans’ Passwords Can Be Hacked in Less Than a Second, Study Shows (thedailybeast.com)

• Top 5 Password Cracking Techniques Used by Hackers (bleepingcomputer.com)

Social Media

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Parental Controls and Child Safety

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• AI needs superintelligent regulation | Financial Times

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• India bans open source messaging apps on security grounds • The Register

• PEGA committee calls for EU level regulation of spyware • The Register

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

• ENISA leans into EU clouds with draft cyber security label • The Register

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

Governance, Risk and Compliance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Company executives can't afford to ignore cyber security anymore - Help Net Security

• Majority of US, UK CISOs unable to protect company 'secrets': Report | CSO Online

• Small- and medium-sized businesses: don’t give up on cyber security | CSO Online

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cyber security in Business Success (darkreading.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Why more transparency around cyber attacks is good for everyone - NCSC

• CISOs face mounting pressures, expectations post-pandemic | TechTarget

• CISOs' confidence in post-pandemic security landscape fades - Help Net Security

• This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT - SecurityWeek

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

• Key Trends and Insights from RSAC 2023 (trendmicro.com)

• NCSC and ICO Dispel Incident Reporting Myths - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• ENISA leans into EU clouds with draft cyber security label • The Register

Data Protection

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

Careers, Working in Cyber and Information Security

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• 7 ways to mitigate CISO liability and risk | TechTarget

• Google Launches New Cyber security Analyst Training Program - SecurityWeek

Law Enforcement Action and Take Downs

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Briton pleads guilty to hacking stars' Twitter accounts to steal Bitcoin | Science & Tech News | Sky News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• UK cops score another legal win in EncroChat spying case • The Register

Privacy, Surveillance and Mass Monitoring

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Artificial Intelligence

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Top US cyber official warns AI may be the 'most powerful weapon of our time' | CyberScoop

• ‘A race it might be impossible to stop’: how worried should we be about AI? | Artificial intelligence (AI) | The Guardian

• OpenAI confirms ChatGPT data breach (cshub.com)

• AI needs superintelligent regulation | Financial Times

• Amazon Is Being Flooded With Books Entirely Written by AI (futurism.com)

• Your voice could be your biggest vulnerability - Help Net Security

• The security and privacy risks of large language models - Help Net Security

• Rethinking democracy for the age of AI | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NCSC and allies expose Snake malware threat - NCSC.GOV.UK

• It’s being called Russia's most sophisticated cyber espionage tool. What is Snake, and why is it so dangerous? (theconversation.com)

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Mobile hacking and spyware – understanding the risks - TechHQ

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• PEGA committee calls for EU level regulation of spyware • The Register

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• How one of Vladimir Putin’s most prized hacking units got pwned by the FBI | Ars Technica

Nation State Actors

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries - Infosecurity Magazine (infosecurity-magazine.com)

• Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon (theconversation.com)

• Microsoft warns Iran increasing its cyber-enabled influence operations | SC Media (scmagazine.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• LinkedIn shuts service in China, lays off employees | Fortune

• Microsoft: Iranian hacking groups join Papercut attack spree (bleepingcomputer.com)

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Beijing raids consultancy firm Capvision, promises more • The Register

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry (thehackernews.com)

• SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack (darkreading.com)

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA

Vulnerability Management

• The Problem of Old Vulnerabilities — and What to Do About It (darkreading.com)

Vulnerabilities

• Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug (thehackernews.com)

• Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) - Help Net Security

• Microsoft warns of two bugs under active exploit • The Register

• Light May Patch Tuesday will weigh heavily on Windows admins | TechTarget

• New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyber attacks (thehackernews.com)

• Fortinet fixed two severe issues in FortiADC and FortiOS-Security Affairs

• Azure API Management flaws highlight server-side request forgery risks in API development | CSO Online

• New PaperCut RCE exploit created that bypasses existing detections (bleepingcomputer.com)

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• Adobe Patches 14 Vulnerabilities in Substance 3D Painter - SecurityWeek

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• CyberGhost VPN patches command injection vulnerability | SC Media (scmagazine.com)

• A Linux NetFilter kernel flaw allows escalating privileges to 'root'-Security Affairs

• SAP Patches Critical Vulnerabilities With May 2023 Security Updates - SecurityWeek

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet-Security Affairs

Tools and Controls

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Identifying Compromised Data Can Be a Logistical Nightmare (darkreading.com)

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent attackers from using legitimate tools against you - Help Net Security

• Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts (thehackernews.com)

• How to implement principle of least privilege in Azure AD | TechTarget

• How to start handling Azure network security | TechTarget

• What is Digital Forensics? Tools, Types, Phases & History (cybersecuritynews.com)

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

• AI Will Take Many Cyber security Jobs, But It's Not a Complete Disaster | PCMag

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

• 5 SBOM tools to start securing the software supply chain | TechTarget

• The Industrywide Consequences of Making Security Products Inaccessible (darkreading.com)

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

Reports Published in the Last Week

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• Q1 Cofense Phishing Intelligence Report - Cofense

• 2023 AT&T Cyber security Insights Report: Edge Ecosystem (darkreading.com)

• 2023 Voice of the CISO | Proofpoint UK

Other News

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Why Should You Take IT Security Seriously? - IT Security Guru

• To enable ethical hackers, a law reform is needed - Help Net Security

• How datacentre operators can fend off cyber attacks | Computer Weekly

• US Advances Cyber Defences Since Colonial Pipeline Attack But More Work Remains, CISA Director Says - MSSP Alert

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

• 'Windows for Gamers' Rolls Dice With Your Security (vice.com)

• Risk of cyber attack is main Eurovision worry, says BBC executive | Eurovision 2023 | The Guardian

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

500 Million Attempted Ransomware Attacks (So Far) in 2021, With No Sign Of Slowing

So far, 2021 is stacking up to be the most costly and dangerous year on record for the volume of ransomware attacks, SonicWall said in a new report.

The security provider has logged nearly 500 million attempted ransomware attacks through September, 2021, with 1,748 attempts per customer in that nine-month period. The overall total of 495 million to date amounts to a 148 percent surge as compared to the same period last year. SonicWall expects to record 714 million attempted ransomware attacks by the close of 2021, a 134 percent skyrocket over last year’s totals. https://www.msspalert.com/cybersecurity-research/500-million-attempted-ransomware-attacks-so-far-in-2021/

Top 10 Ways Attackers Are Increasing Pressure On Their Ransomware Victims To Pay

Sophos researchers have detailed how ransomware attackers are implementing a wide range of ruthless pressure tactics to persuade victims to pay the ransom.

Their research is based on evidence and insight from a team of 24/7 incident responders who help organisations under active cyberattack. It highlights the shift in ransomware pressure techniques from solely encrypting data to including other pain points, such as harassing employees.

Since organisations have become better at backing up their data and restoring encrypted files from backups, attackers are supplementing their ransom demands with additional extortion measures that increase the pressure to pay.

For example, the Sophos Rapid Response team has seen cases where attackers email or phone a victim’s employees, calling them by their name and sharing personal details they’ve stolen – such as any disciplinary actions or passport information – with the aim of scaring them into demanding their employer pays the ransom. This kind of behavior shows how ransomware has shifted from a purely technical attack targeting systems and data into one that also targets people. https://www.helpnetsecurity.com/2021/11/04/attackers-pressure-ransomware-victims/

40% Of Organisations Suffered A Cloud-Based Data Breach In The Past 12 Months

Despite increasing cyber attacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organisations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research.

Cloud adoption is on the rise and businesses are continuing to diversify the way they use cloud solutions. Globally, 57% of respondents reported they make use of two or more cloud infrastructure providers, whilst 24% of organisations flagged that the majority of their workloads and data now reside in the cloud. https://www.helpnetsecurity.com/2021/11/02/experienced-cloud-based-data-breach/

Midsize Business Cyber Attacks: A Security Reality Check

Ransomware bombshells hit large enterprises. Carpet-bomb cyberattacks target MSP software supply chains and their small business customers. But what’s the state of cybersecurity among midsize businesses?

Actually, that landscape also faces its share of digital bombshells. Indeed, nearly two in three midsize organisations have suffered a ransomware attack in the past 18 months and 20 percent of them spent at least $250,000 to recover from it, according to research by UncommonX, an MSSP that leans heavily on its own SaaS-based solutions..

The Chicago-based MSSP’s newly released State of Cybersecurity for Midsize Organisations found that smaller companies are often not properly prepared to fend off a cyber attack nor do they engage in adequate network monitoring. In short, cybersecurity is often not enough of a priority within midsize companies. https://www.msspalert.com/cybersecurity-news/midsize-business-cyberattacks-a-security-reality-check/

70% Of Dev Teams Admit To Skipping Security Steps

According to a new study by Invicti Security, 70% of development teams always or frequently skip security steps due to time pressures when completing projects. This explains why, in the average organisation, 33% of security issues in remediation at any given time come from production code.

Security and development teams spend every day inside a catch-22: relentless demand for continued digital innovation amid increasing security threats to a sprawling attack surface. While there are some bright spots emerging on the road to secure innovation, these professionals are stressed — and too often make bad choices. https://venturebeat.com/2021/10/27/report-70-of-dev-teams-admit-to-skipping-security-steps/

79% Of IT Teams Have Seen Increase In Endpoint Security Breaches

According to a new report by HP Wolf Security, 79% of IT teams have seen an increase in rebuild rates, indicating that hackers are becoming more successful at breaching the endpoint and compromising organisations’ devices and data.

This sudden increase in rebuild rates is particularly affecting enterprises with 1,000 employees or more — organisations of this kind have the highest average number of rebuilds per month at 67.3. The study also highlights that employees are clicking on more malicious emails. Whether this is because people are less vigilant working from home or because they find it harder to determine what is safe to open, the rising number of rebuilds suggests that hackers have become more successful at breaching the endpoint through malicious links. https://venturebeat.com/2021/10/28/report-79-of-it-teams-have-seen-increase-in-endpoint-security-breaches/

Enterprises With Subsidiaries More Prone To Cyber Attacks, Study Says

Global enterprises with multiple subsidiaries are more exposed to cybersecurity threats and have more difficulty managing risk than companies with no, or fewer, subsidiaries, according to an Osterman Research report commissioned by CyCognito.

The study surveyed 201 organisations with at least 10 subsidiaries and at least 3,000 employees or $1 billion in annual revenue.

Despite being extremely confident about running effective subsidiary risk management, about 67% of respondents said their organisations had either experienced a cyberattack where the attack chain included a subsidiary, or that they lacked the ability or information to rule out the possibility.

About half of the respondents acknowledged that they wouldn't be surprised if a cyberbreach were to occur "tomorrow." https://www.csoonline.com/article/3639014/enterprises-with-subsidiaries-more-prone-to-cyberattacks-study-says.html

Cisco Talos Reports New Variant Of Babuk Ransomware Targeting Exchange Servers

Cisco Talos has a warning out for companies about a new variant of the Babuk ransomware. The security researchers discovered the campaign in mid-October and think that the variant has been active since July 2021. The new element in this attack is an unusual infection chain technique.

The researchers think that the initial infection vector is an exploitation of ProxyShell vulnerabilities in Microsoft Exchange Server through the deployment of China Chopper web shell.

Babuk can affect several hardware and software platforms but this version is targeting Windows. The ransomware encrypts the target's machine, interrupts the system backup process and deletes the volume shadow copies. https://www.techrepublic.com/article/cisco-talos-reports-new-variant-of-babuk-ransomware-targeting-exchange-servers/

Ransomware Gangs Target Corporate Financial Activities

The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.

Ransomware gangs are zeroing in on publicly held companies with the threat of financial exposure in an effort to encourage ransom payments, the FBI is warning.

In an alert issued this week the Bureau said that activity over the course of the past year shows a trend toward targeting companies when they’re coming up to “significant, time-sensitive financial events,” such as quarterly earnings reports and mandated SEC filings, initial public offerings, M&A activity, and so on. The idea is to ratchet up the extortion thumb-screws by threatening to leak stolen information relevant to these events if the target doesn’t pay up.

Impending events that could affect a victim’s stock value, such as announcements [or] mergers and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion. https://threatpost.com/ransomware-corporate-financial/175940/

Web Of Deceit: The Rising Threat Of Ransomware

With payouts of almost £260m last year alone, it has become the biggest – and easiest – money-earner available to hackers.

Heists at famous jewellers usually involve masked men, guns, shouting and terrified staff and customers. That was indeed the scene in August 2009 at the London branch of Graff, the famous diamond merchants, when a gang stole around £40million worth of jewels. They were caught not long after.

But the latest heist on Graff, revealed recently, was quieter. No guns, no masks, no shouting. Instead the company – which supplies a dizzying parade of top-name stars such as the Beckhams, Tom Hanks and Tamara Ecclestone – faced a demand, displayed on a computer screen, for millions of pounds, payable to a group of Russian hackers.

Graff, like hundreds of companies around the world, had been hit by “ransomware”: an attachment to an email delivered a malicious program which let in hackers, who scrambled all the files on its computer systems using an uncrackable computer code, for which they had the digital “key”.

They’d hand it over in exchange for a payment worth millions of pounds in untraceable cryptocurrency such as bitcoin, where transactions are made between digital “wallets” that do not pass through any bank and are not tied to any identity.

Without the key, the systems are useless. The option is to restore the system from backups – but frequently the hackers will have targeted those too. https://www.telegraph.co.uk/news/2021/11/06/web-deceit-rising-threat-ransomware/

While Businesses Are Ramping Up Their Risk Mitigation Efforts, They Could Be Doing More

Zurich North America and Advisen have released a survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk management.

The survey results indicate that risk professionals are increasingly aware of their intensifying cyber risks and the need to manage them using risk mitigation and risk transfer. However, a deeper dive into the numbers found that there is much room for improvement in building cyber resilience.

Sixty-five percent of respondents have invested in cyber security solutions to mitigate risk, which means that 35 percent of respondents still have not. https://www.helpnetsecurity.com/2021/11/03/gaps-risk-mitigation-efforts/

Threats

Ransomware

• Ransomware Attacks Increased 148% In Q3 2021, Showing No Sign Of Slowing - Help Net Security

• Conti Group Leak Celebs’ Data After Ransom Attack on Jeweller - Infosecurity Magazine (infosecurity-magazine.com)

• Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities | SecurityWeek.Com

• Toronto Subways Hit By Ransomware As US Lawmakers Slam 'Burdensome' Cyber Security rules | ZDNet

• FBI Says Ransomware Gangs Are Using Future Merger And Acquisition Info To Pressure Victims - The Record By Recorded Future

• BlackMatter Ransomware Moves Victims To LockBit After Shutdown (Bleepingcomputer.Com)

Phishing

• Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents (darkreading.com)

Other Social Engineering

• Consumers Warned About Rise in Call Center Threats - Infosecurity Magazine (infosecurity-magazine.com)

• “Customer Complaint” Email Scam Preys On Your Fear Of Getting Into Trouble At Work – Naked Security (Sophos.Com)

• Voice Phishing Attack Spoofs Amazon To Steal Credit Card Information - Techrepublic

Malware

• Stealthier Version Of Mekotio Banking Trojan Spotted In The Wild (Bleepingcomputer.Com)

• 77% Of Rootkits Are Used For Espionage Purposes - Help Net Security

Mobile

• Why You Should Delete Google Chrome On Your Phone (forbes.com)

• Phishing Attacks Are Harder To Spot On Your Smartphone. That's Why Hackers Are Using Them More | ZDNet

• Android Patches Actively Exploited Zero-Day Kernel Bug | Threatpost

• Stealthy Trojan That Roots Android Devices Makes Its Way On App Stores | CSO Online

• Android Hit By AbstractEmu Malware • The Register

Vulnerabilities

• Apple macOS Flaw Allows Kernel-Level Compromise | Threatpost

• BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released | Threatpost

• Get Patching: Cisco Warns Of These Critical Product Vulnerabilities | ZDNet

• 50% Of Internet-Facing Gitlab Installations Are Still Affected By A RCE Flaw - Security Affairs

• Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module (thehackernews.com)

Data Breaches/Leaks

• UK Labour Party Blames Breach Of Members’ Data On Third-Party Cyber Attack | Techcrunch

• Medical School Exposes Personal Data Of Thousands Of Students | ZDNet

Cryptocurrency/Cryptojacking

• Squid Game Crypto Scammers Rip Off Investors for Millions | Threatpost

• Threat Actors Stole $55m Worth Of Cryptocurrency From bZx DeFi Platform - Security Affairs

OT, ICS, IIoT and SCADA

• Keeping An Eye On Critical Infrastructure And Industrial Sys • The Register

Privacy

• Facebook Kills Its Facial Recognition System, Citing 'Societal Concerns,' Uncertain Rules From Regulators - CyberScoop

Parental Controls

• 44% of Parents Struggle to Follow Tech Rules They Set for Their Kids (darkreading.com)

• Annual Cost of Child Identity Fraud Almost $1Bn - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

• Report: More Than Half Of Organisations Do Not Effectively Defend Against Cyberattacks - TechRepublic

• Cyber Security Threat Landscape Growing In Sophistication, Complexity And Impact - Help Net Security

Other News

• Hackers Are Stealing Data Today So Quantum Computers Can Crack It In A Decade | MIT Technology Review

• Another Cyber Security Awareness Month Has Passed and Little Has Changed | SecurityWeek.Com

• Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar | Threatpost

• Organisations Seldom Prioritize Cyber Security Over Business Outcomes - Help Net Security

• Are Your Passwords On The Dark Web? How To Check What Leaked After A Data Breach - CNET

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.