Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.

Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.

Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]

1% of Users are Responsible for 88% of Data Loss Events

New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.

With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.

Source: [Help Net Security]

Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI

New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.

Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]

Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan

Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.

A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.

Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]

Risk and Regulation: Preparing for the Era of Cyber Security Compliance

The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.

In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.

Sources: [Security Week] [Verdict]

Ransomware Attacks Jump 73% Within a Year

A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.

Source: [TechTarget]

The New CISO - Rethinking the Role

The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.

Source: [Dark Reading]

90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.

Source: [MSSP Alert]

Chief Risk Officers Say Cyber Security is Most Pressing Risk

In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.

Source: [Insurance Journal]

Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.

Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.

To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.

Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]

Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.

A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.

Source: [TechRadar] [WSJ]

Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare

A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.

Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.

Sources: [Security Brief ] [Beta News]

Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.

Source: [Reinsurance News]

Governance, Risk and Compliance

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)

• Microsoft: 87% of UK Organisations Vulnerable to Costly Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro

• New research calls for ‘less fear and more action’ from SMEs, as cyber naivety leaves 4 out of 5 businesses wide open to threats - Business Mondays

• Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)

• UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• UK government's "scarcely believable" cyber security survey makes grim reading for all sizes of business | TechFinitive

• 75% of UK Businesses Experienced a Cyber Incident in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News

• Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live

• The New CISO: Rethinking the Role (darkreading.com)

• Most IT pros think cyber attacks are getting worse - and many firms don't know how to deal with them | TechRadar

• Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)

• Using A Security Assessment As A Measuring Stick (forbes.com)

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)

• Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)

• Navigating the Evolving Cyber Threat Landscape: Insights from the Cyber Stability Conference → UNIDIR

• Organisations under pressure to modernize their IT infrastructures - Help Net Security

• Adapting Military Solutions to the Corporate Battlefield - Infosecurity Magazine (infosecurity-magazine.com)

• Board-level buy-in: preparing cyber defences the right way | Computer Weekly

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surges as compliance falters - Thales Group - Verdict

• Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)

• Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands - Infosecurity Magazine (infosecurity-magazine.com)

• NCC Group: Ransomware attacks jump 73% in February | TechTarget

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The Big Question: Is the UK ready to meet the threat of ransomware to British business? - Emerging Risks Media Ltd

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Ransomware Victims

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The British Library looks to the future as it reveals the incalculable damage of its ransomware attack (diginomica.com)

• VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine

• UnitedHealth cyber attack "one of the most stressful things we've gone through," doctor says - CBS News

• UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com

• Scottish health board hit by huge cyber attack with ‘significant quantity’ of data at risk (scotsman.com)

• Why UnitedHealth, Change Healthcare were targets of ransomware hackers

• Criminal investigation into Leicester City Council cyber attack - BBC News

• Yacht dealer to the celebs attack claimed by Rhysida gang • The Register

• UK council eerily cagey about 'cyber incident' details • The Register

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

Phishing & Email Based Attacks

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro

• Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)

• Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Email threat landscape | Professional Security

• Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)

• How to defend against phishing as a service and phishing kits | TechTarget

Other Social Engineering

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)

Artificial Intelligence

• Microsoft report says UK is not prepared for the age of AI — barely any businesses are ‘resilient’ to cyber crime | TechRadar

• 87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)

• UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly

• In the rush to build AI apps, don't leave security behind • The Register

• AI adoption by hackers pushed financial scams in 2023 | CSO Online

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Malware

• The most prevalent malware behaviours and techniques - Help Net Security

• Malware stands out as the fastest-growing threat of 2024 - Help Net Security

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)

• Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)

Mobile

• Kaspersky Identifies Three New Android Malware Threats (darkreading.com)

Denial of Service/DoS/DDOS

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why DDoS Threat Actors Are Shifting Their Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• 300,000 Systems Vulnerable to New Loop DoS Attack - Security Week

• Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar

Internet of Things – IoT

• Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

Data Breaches/Leaks

• 1% of users are responsible for 88% of data loss events - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Hackers steal personal data of 43 million French job seekers | ITPro

• International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)

• IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)

• NHS Dumfries and Galloway Warns of “Significant” Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)

• AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• Top 5 Data Breaches That Cost Millions - Security Boulevard

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Serial data thief pleads guilty to cyber crime charges • The Register

• Changing cause of data breaches | Professional Security

• Fake data breaches: Countering the damage - Help Net Security

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• How to verify a data breach | TechCrunch

• Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week

Organised Crime & Criminal Actors

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• IT helpdeskers increasingly targeted by cyber criminals • The Register

• Serial data thief pleads guilty to cyber crime charges • The Register

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

Insider Risk and Insider Threats

• 1% of users are responsible for 88% of data loss events - Help Net Security

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• Why human risk management is key to data protection (betanews.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• China-based Canadian accused of stealing Tesla trade secret • The Register

Insurance

• UK cyber insurance findings | Professional Security

• New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)

• Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)

Supply Chain and Third Parties

• Third-party breaches create network weak spots (betanews.com)

• How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)

Cloud/SaaS

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• The Definitive Guide to SaaS Security - Security Boulevard

Identity and Access Management

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

Encryption

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• Future inevitability of quantum computers is a security problem today - Breaking Defence

Linux and Open Source

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard

• What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

Social Media

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

Training, Education and Awareness

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• The Weakest Link: Securing The Human Element From Cyber Attack  - Security Boulevard

Regulations, Fines and Legislation

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• ICO publishes new fining guidance | ICO

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert

Models, Frameworks and Standards

• Chinese media exposes criminal smartphone farms • The Register

Data Protection

• Why human risk management is key to data protection (betanews.com)

Careers, Working in Cyber and Information Security

• How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga

• 3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)

• Why cyber recruitment needs a rapid overhaul | TechRadar

• AI Won't Solve Cyber Security's Retention Problem (darkreading.com)

Law Enforcement Action and Take Downs

• Filipino police break up forced labour cyber operation • The Register

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• Court jails first person convicted of cyberflashing in England | Crime | The Guardian

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Serial data thief pleads guilty to cyber crime charges • The Register

• Ukrainian Police Arrest Suspected Brute Force Account Hijackers - Infosecurity Magazine (infosecurity-magazine.com)

• Money laundering network boss hit with multi-million pound confiscation order - National Crime Agency

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

Nation State Actors

China

• Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week

• Confronted with Chinese hacking threat, industrial cyber security pros ask: What else is new?  | CyberScoop

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• Chinese media exposes criminal smartphone farms • The Register

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

• A look inside the Chinese cyber threat at the biggest ports in US

• CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)

Russia

• Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard

• UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)

• The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Russia’s Hybrid Warfare with the United States | Geopolitical Monitor

• HUR and cyber activists hacked at least seven Russian companies between March 11 and 18 / The New Voice of Ukraine (nv.ua)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor

• Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (therecord.media)

• Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)

• Over 800 Russian cyber attacks on Ukraine's state institutions and services since February 2022 – Prosecutor General | Ukrainska Pravda

• I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

• Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.

• Putin Sees Disastrous Start to Presidential Election (newsweek.com)

• Russia targets hundreds of Americans with new sanctions, including cyber journalists (therecord.media)

• Putin’s party hit by cyber attack as armed Russian troops oversee voters in occupied Ukraine | The Independent

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Iran

• Hackers claim to have breached Israeli nuclear facility’s computer network (therecord.media)

North Korea

• North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says

• North Korea's Kimsuky gang now exploiting Windows Help files • The Register

• Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Vulnerability Management

• NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)

• No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)

• 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Vulnerabilities

• Exploitation activity increasing on Fortinet vulnerability | TechTarget

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)

• Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)

• Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)

• Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)

• Another Microsoft vulnerability is being used to spread malware | TechRadar

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Google Chrome 123 launches with security fixes and Google Update changes on Windows - gHacks Tech News

• The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• iOS 17.4.1 release includes bug fixes and security updates | Macworld

• Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week

Tools and Controls

• Using A Security Assessment As A Measuring Stick (forbes.com)

• Mastering Physical Security In Information Security (informationsecuritybuzz.com)

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• How to choose the best cyber security vendor for your business | ITPro

• Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls - Security Boulevard

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)

• How To Not Fly Blind With API Security (forbes.com)

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

• EDR vs. antivirus: What's the difference? | TechTarget

• SIEM vs XDR: Capabilities and Key Differences | MSSP Alert

• Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK (darkreading.com)

• 95% of companies face API security problems - Help Net Security

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Reports Published in the Last Week

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• The 2024 Sophos Threat Report: Cyber Crime on Main Street – Sophos News

• 2024 Thales Data Threat Report Reveals Rise in Ransomware Attacks, as Compliance Failings Leave Businesses Vulnerable to Breaches | Thales Group

• Equifax Releases 2023 Security Annual Report (prnewswire.com)

Other News

• At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

• The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)

• Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)

• Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security

• Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post

• Cyber Security for Trustees: How to Reduce Risk and Respond to an Incident | Woodruff Sawyer - JDSupra

• How Can We Reduce Threats From the IABs Market? (darkreading.com)

• UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)

• Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

• Cyber security is an urgent priority for the museums sector - Museums Association

• Meet America’s Most Cyber Secure Banks 2024 (forbes.com)

• Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)

• Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)

• The Consequences for Schools and Students After a Cyber Attack - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k

An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.

Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]

Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses

In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.

Source: [ITPro]

Employment Law Firm Sues IT Company Over Ransomware Attack

A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.

Source: [Law360]

Stolen Passwords are a Hacker Goldmine

Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.

Sources: [Bleeping Computer] [Axios] 

Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success

Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.

Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.

Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]

Business Leaders Don’t Even Know They’ve Been Hacked

A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.

Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.

Source: [Tech.Co]

Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms

According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.

Sources: [TechRadar] [Comms Business]

C-Suite Executives: An Attacker’s Dream?

Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.

Source: [SecurityBrief New Zealand]

Security Risks Plague SMEs in Shift to Remote Working

In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.

Source: [SecurityBrief New Zealand]

After Collecting $22 Million, Ransomware Group Stages FBI Takedown

The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.

Source: [Ars Technica]

Cyber Attacks Remain Chief Concern for Businesses

A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.

Source: [TheHRDirector]

Two New Ransomware Groups Join Forces to Launch Joint Attacks

Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.

Source: [The Hacker News]

Governance, Risk and Compliance

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• What Cyber Security Chiefs Need From Their CEOs (darkreading.com)

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)

• Are C-suite executives cyber security's weakest link? (securitybrief.co.nz

• 30 years of the CISO role – how things have changed since Steve Katz | CSO Online

• How to create an efficient governance control program - Help Net Security

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Cyber Insights 2024: A Dire Year for CISOs? - Security Week

• Cyber Pros’ Knowledge Gaps Lead to Errors | MSSP Alert

• Research finds that cyber security leaders are taking on multiple roles | Security Magazine

• How Security Leaders Can Break Down Barriers to Enable Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• FBI: US Ransomware Losses Surge 74% to $59.6 Million in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard

• What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)

• Banning ransomware payments back on the agenda | Computer Weekly

• BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)

• Inside an Alphv/BlackCat ransomware attack | TechTarget

• Healthcare facing record ransom as cyber criminals continue to target sector - Emerging Risks Media Ltd

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register

• Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (thehackernews.com)

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)

• Experts echo calls for ransomware ban as LockBit rallies • The Register

• Government urged to ban ransom payments to cyber criminals (computing.co.uk)

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Ransomware spikes against critical infrastructure, says FBI • The Register

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

• Government was third-largest ransomware target last year: FBI - Defense One

• JetBrains TeamCity under attack by ransomware thugs • The Register

Ransomware Victims

• A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica

• Change Healthcare hack cripples payment systems across health providers - The Washington Post

• Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED

• Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• Fidelity Investments Notifying 28,000 People of Data Breach - Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)

• Ransomware Attackers Leak Sensitive Swiss Government Documents, Login - Infosecurity Magazine (infosecurity-magazine.com)

• Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week

• Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)

• Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times

• Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• Action needed to avoid repeat of Southern Water cyber attack - Utility Week

Phishing & Email Based Attacks

• Phishing attacks up 40 percent in 2023 (betanews.com)

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• How attackers leverage social engineering for greater scamming success | CSO Online

• Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week

• Annual State of Email Security by the Numbers - Security Boulevard

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes - Help Net Security

• Kaspersky spam and phishing report for 2023 | Securelist

Other Social Engineering

• How attackers leverage social engineering for greater scamming success | CSO Online

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)

Artificial Intelligence

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• AI tools put companies at risk of data exfiltration - Help Net Security

• Don't Give Your Business Data to AI Companies (darkreading.com)

• Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Immediate AI risks and tomorrow's dangers - Help Net Security

• Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)

2FA/MFA

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

Malware

• No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)

• Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• New Linux malware found targeting mobile networks across the world | TechRadar

• ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)

• Malware is coming for your ChatGPT credentials • The Register

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

Mobile

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• Apple warns of increased iPhone security risks | Computerworld

• The Privacy Danger Lurking in Push Notifications | WIRED

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog

• The Importance of Cyber security for Your Smart Devices | HackerNoon

• Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)

Denial of Service/DoS/DDOS

• DDoS Attacks on Financial Services Industry Up 154%, According to New FS-ISAC/Akamai Report (prnewswire.com)

Internet of Things – IoT

• Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)

• Popular doorbell camera brands contain security flaws, making them easy to hack: Report  | The Hill

• NCSC flags up cyber security for connected places | UKAuthority

• The Importance of Cyber Security for Your Smart Devices | HackerNoon

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

• Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)

Data Breaches/Leaks

• The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)

• A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• AI tools put companies at risk of data exfiltration - Help Net Security

• 4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)

Organised Crime & Criminal Actors

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 2023 FBI Internet Crime Report reported cyber crime losses reached $12.5 billion in 2023 (securityaffairs.com)

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Crypto fraud in 2023: How can security teams fight (securityintelligence.com)

Insider Risk and Insider Threats

• Comms Business - Insider threat main concern among mid-market firms

• Current workforce trends feed into rising cyber security risks | TechRadar

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)

• Chinese engineer accused of stealing Google's GPU and TPU secrets, transferring them to China-based startups | Tom's Hardware (tomshardware.com)

Supply Chain and Third Parties

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

Cloud/SaaS

• 10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

Identity and Access Management

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

Encryption

• Preparing for the post-quantum cryptography environment today | CSO Online

Linux and Open Source

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• Malware is coming for your ChatGPT credentials • The Register

• Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)

• Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)

• Poor Credential Hygiene - Security Boulevard

• US State AGs tell Meta to fix rampant account takeovers • The Register

Social Media

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

• IP address X-posure now a feature on Twitter • The Register

• “Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert

• Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED

• US State AGs tell Meta to fix rampant account takeovers • The Register

Training, Education and Awareness

• In the News | Equip and Educate Students to Combat Cyberthreats - Security Boulevard

Regulations, Fines and Legislation

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• EU council welcomes cyber solidarity act agreement (verdict.co.uk)

• The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)

• Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard

• Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security

Models, Frameworks and Standards

• NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CIS RAM (Risk Assessment Method) (cisecurity.org)

Data Protection

• Charity has 30 days to stop spamming thousands for donations • The Register

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

Careers, Working in Cyber and Information Security

• 11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)

• Cyber and gender | Professional Security

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Law Enforcement Action and Take Downs

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• A cyber criminal is sentenced, will it make a difference? - Help Net Security

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)

Misinformation, Disinformation and Propaganda

• Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC (bleepingcomputer.com)

• The man who tricked Nazi Germany: lessons from the past on how to beat disinformation | Books | The Guardian

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Cyber threats impacting the safety and dignity of civilians in conflict | International Committee of the Red Cross (icrc.org)

Nation State Actors

• Complete Guide to Advanced Persistent Threat (APT) Security - Security Boulevard

China

• Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru

• We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters

• Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

• Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex | AP News

Russia

• The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)

• A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)

• Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg

• Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian

• Ukraine intel says its hackers obtained Russian Defence Ministry's classified documents - Euromaidan Press

• Valuable Russian Military Documents Exposed: Report (newsweek.com)

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

North Korea

• Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• Hacktivist Collective NoName057(16) Strikes European Targets - Infosecurity Magazine (infosecurity-magazine.com)

• 'The Weirdest Trend in Cyber Security': Nation-States Returning to USBs (darkreading.com)

• Four internet cables cut in Red Sea in 'exceptionally rare' incident | Fortune

• Predator spyware endures even after widespread exposure, analysis shows | CyberScoop

Vulnerability Management

• Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Organisations are knowingly releasing vulnerable applications - Help Net Security

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

• Enhancing security through proactive patch management - Help Net Security

Vulnerabilities

• Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica

• CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog (securityaffairs.com)

• Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)

• VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica

• VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)

• VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard

• Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week

• Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)

• Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week

Tools and Controls

• Why cyber maturity assessment should become standard practice - Help Net Security

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• What Is A Cyber Incident Response Policy? - Security Boulevard

• Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The critical role of DNS in cyber security and digital thriving | TechRadar

• 5 ways to keep API integrations secure - Help Net Security

• Reduce the Attack Surface | Dell USA

• What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)

Reports Published in the Last Week

• Kaspersky spam and phishing report for 2023 | Securelist

Other News

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• White Hats on Offensive Against Black Hat Hackers: Report (technewsworld.com)

• UK altnets call for action after attacks on fibre infrastructure | Computer Weekly

• Securing the future: Addressing cyber security challenges in the education sector - Help Net Security

• The 3 most common post-compromise tactics on network infrastructure (talosintelligence.com)

• What is Micro Breaching? - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public

A new Qualys report reveals that less than 1% of vulnerabilities are responsible for the greatest damage, and a quarter of high-risk vulnerabilities are now being exploited within a day of disclosure. In 2023, a record-breaking 26,000 vulnerabilities have been identified so far, emphasising the need for organisations to accelerate their response times. High-risk vulnerabilities, particularly in network devices and web applications, are the main targets for attackers seeking unauthorised access or privilege escalation. This situation underscores the critical need for organisations to implement a multi-layered defence strategy, automate patching where appropriate especially in areas of critical infrastructure, and adopt zero-trust principles to safeguard against such swift and potent cyber threats.

Sources: [SiliconANGLE] [SC Media]

Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 million Times Per Day

Nearly three quarters of cyber-attacks across the UK in 2023 targeted technology frequently used for remote working, new data from Coalition has revealed.

Attackers frequently target Remote Desktop Protocol (RDP), a tool that lets users access office computers from home, as it grants the attacker quick access to devices and allows them to execute further attacks.

Honeypot sensors maintained by Coalition have recorded 5.8 billion attacks so far in 2023, averaging around 17 million attacks per day. Of these it was found that 76% of attacks targeted RDP.

Attackers exploit RDP vulnerabilities that often stem from simple configuration mistakes. By taking steps like disabling unnecessary remote access or tightening controls, companies can help shield themselves from these pervasive threats.

Sources: [Insurance Times] [TechRadar] [Infosecurity Magazine]

Why Employees Are a Bigger Security Risk than Hackers

In today's interconnected world, the spotlight is often on cyber criminals attacking from outside, but a worrying trend points inward. A recent study by Imperva reveals that insiders pose a significant threat, being behind 58% of security incidents. The incidents are a mixture of deliberate misuse and accidents, however the majority of organisations lack a strategy to combat these risks. Even when strategies exist, they may be undermined by employees bypassing IT protocols or due to the pressures of adapting to new technologies. With insider incidents on the rise by 47% in two years, the costs are too great to ignore.

Source: [Raconteur]

77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks

Cyber attacks are more prevalent in the financial services sector than in any other industry. Last year, 77% of financial institutions were targeted, primarily through phishing and ransomware attacks. After financial services the second most targeted sector is healthcare. Both types of institutions are attractive targets not only because of their wealth of sensitive data but also because disruptions to their operations can lead to substantial ransom payments. They face increasingly sophisticated threats and the financial impact is significant, with approximately a quarter of these institutions estimating damages of at least $50,000. To mitigate these risks organisations are turning to cyber insurance, which necessitates further tightening of security practices, including identity and access management, to meet insurers’ stringent standards.

The healthcare sector reported over 179,000 cyber attacks in a single quarter, affecting entities globally. The primary threats were infostealers and ransomware. There have been scores of notable incidents where hospitals have been shut down or otherwise unable to operate. In many cases, this resulted in closing emergency departments, interfering with planned or emergency surgeries and forcing ambulances to divert to other hospitals, potentially causing life threatening delays. Further, a recent report analysing the enterprise risk management for the financial sector found that the two biggest concerns were rising interest rates at 74% and ransomware attacks at 65%.

Sources: [Security Magazine] [MSSP Alert] [PR NewsWire] [Security Magazine]

New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes

A new report has unveiled the escalating threat posed by phishing emails, as detected by DMARC software. In the past year, there's been a 70% rise in emails flagged as fraudulent, with almost 18% of total email traffic in the first half of 2023 being intercepted as potential phishing attempts. This surge underscores a pressing need for robust email security measures. Simple yet effective tools like DMARC, which automatically weeds out emails impersonating legitimate domains, are becoming critical in the fight against these sophisticated scams. With the average cost of a cyber attack now well into the millions, and given the high click rates on phishing emails, it is clear that taking proactive steps to strengthen an organisations digital defence is not just sensible, it is essential for safeguarding the businesses in the digital age.

Source: [Dark Reading]

Threat Actors Still Exploiting Old Unpatched Vulnerabilities

A report by Cisco has found that the most targeted vulnerabilities this year, same as previous years, were old unpatched vulnerabilities which should have been fixed a long time ago. Some of these security gaps in widely-used applications like Microsoft Office and or within versions of Windows itself are over a decade old. Unpatched vulnerabilities can leave systems open to exploitation, potentially leading to unauthorised access, data breaches, and widespread security incidents, including being a key enabler of ransomware attacks. This highlights an urgent call to action for organisations to patch known vulnerabilities and secure user accounts to fortify their defences against cyber threats.

Source: [IT Business]

Many Organisations Still Lack Formal Cyber Security Training

As we navigate into 2024, a new report by the SANS Institute found that more than 30% of organisations do not regularly perform cyber readiness exercises, while 40% have yet to establish formal training for cyber security. These findings underline a gap between the need for robust security measures and actual preparedness. On a positive note, most organisations are adopting frameworks like the NIST CSF to shape their security posture, and two-thirds are actively using metrics to gauge the effectiveness of their security operations. Yet, there’s a call to action here: for real progress, intentional investment and commitment to comprehensive training and stringent security operations are non-negotiable. This is the path to mature security operations that can withstand the complexities of today’s cyber threats.

Source: [Security Brief]

Addressing the Growing Threat of Supply Chain Cyber Attacks

As businesses become more interconnected through digital supply chains, supply chain cyber attacks are becoming more of a pressing issue for organisations. The attackers tend to exploit weaknesses in third-party suppliers, often with less guarded entry points, to access larger networks. With companies increasingly outsourcing and using cloud adoption, the need for stringent third-party cyber risk assessments is vital. However, complexities arise with the shared responsibility model for cloud security, where setting out the division of security duties between cloud service providers and clients can blur lines of defence. To tackle these challenges, integration of cyber security into procurement and supply chain processes is essential. This means enforcing collaboration between procurement and cyber security teams, mandating security standards in vendor contracts, and utilising automated tools for continuous risk assessments. Safeguarding modern supply chains is no longer a siloed task but a strategic, organisation wide imperative.

Source: [HackerNoon]

Cyber Incident Costs Surge 11% as Budgets Remain Muted

A new report found an 11% jump in the direct costs of a significant cyber incident, now averaging $1.7 million. The burden is even heavier for those without cyber insurance, with costs escalating to $2.7 million per incident. Cyber risks like fraud, third-party breaches, and data theft remain prevalent. Despite these increasing threats, cyber security budgets have grown modestly and are not keeping pace with the increased level of threat. The report also highlights a concerning gap in understanding cyber threats and a lack of internal training, emphasising the critical need for not just financial investment, but also a deeper engagement with cyber security training and awareness within organisations.

Source: [Infosecurity Magazine]

Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?

The escalating cyber threats against critical infrastructure, like recent attacks on water authorities, highlight an urgent security concern. These attacks, which are often state-sponsored, are not just targeting financial or data assets but are striking at essential services vital to human survival. The tactics used in these attacks, known as Intelligence Preparation of the Battlefield (IPB), are aimed at weakening a nation by disrupting services like power and water, key to both civil stability and military operations. Nations like Russia, China, and Iran employ these strategies for different purposes, ranging from strategic military advantages to ideological victories. The use of ransomware, as seen in the increasing incidents reported by the FBI, is a tool for both financial gain and geopolitical disruption. As we face these multifaceted threats, the need for robust cyber security measures to protect our critical infrastructure has never been more pressing. It is a call to action for nations and organisations alike to fortify their defences against these evolving and serious cyber threats.

Source: [SC Media]

UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals

The UK government is considering new regulations aimed at enhancing the security and resilience of data centres. The Department for Science, Innovation and Technology (DSIT) recognises the vital role of these data hubs and is examining the adequacy of current safety practices. With the identification of varying levels of security across the sector, the prospect of legislating minimum security standards is on the table. This may include establishing a regulatory body to oversee incident reporting and risk mitigation strategies, particularly for third-party service providers. These measures underscore the government's commitment to safeguarding data centres, which are increasingly integral to the UK's economic vitality and national security. As part of a broader initiative, the sector could be designated as critical national infrastructure, aligning it with international best practices and ensuring comprehensive protection from cyber threats and other risks.

Source: [ITPro]

Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management

Cyber criminals are escalating their tactics and becoming more aggressive in their effort to maximise disruption and compel the payment of ransom demands. Earlier this year, the ransomware group ALPHV exploited the new US data breach disclosure rules by filing a complaint with the US Securities and Exchange Commission (SEC) against a victim company for not reporting an alleged significant data breach. This marks a strategic evolution from traditional ransomware attacks, where data is encrypted and held hostage, to more nuanced extortion schemes. Such tactics are becoming more sophisticated, with triple extortion attacks threatening not just the target company but also their partners and clients. This shift from encryption to pure extortion requires a fresh understanding of cyber threats and a re-evaluation of defence strategies. It highlights the urgent need for businesses to protect not just their own data but also to consider the security of their entire data supply chain.

Source: [TechCrunch]

Governance, Risk and Compliance

• Cyber Incident Costs Surge 11% as Budgets Remain Muted - Infosecurity Magazine (infosecurity-magazine.com)

• Three Tech Budget Implementations To Help Optimize Your Resources (forbes.com)

• New Report: 85% Firms Face Cyber Incidents, 11% From Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• Healthcare and Finance Suffer Most Cyber Attacks | MSSP Alert

• CFOs are under the gun as the SEC's new 4-day data breach disclosure window goes into effect | Fortune

• SEC vs SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)

• 77% of financial organisations detected a cyber attack in the last year | Security Magazine

• Level of cyber security: the new key indicator of a company's performance | TechRadar

• Managing cyber security risk during challenging economic times (techinformed.com)

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

• The year in cyber security: 6 stories to read from 2023 | World Economic Forum (weforum.org)

• After-Incident Reports Turn Breaches Into Security Blueprints (pymnts.com)

• What's the Best Way to Communicate After a Data Breach? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Why extortion is the new ransomware threat | TechCrunch

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• FBI: ALPHV ransomware raked in $300 million from over 1,000 victims (bleepingcomputer.com)

• Ransomware attacks hit new record in November :: Insurance Day

• Ransomware attacks on the rise in the UK (itsecuritywire.com)

• UK at High Risk of ‘Catastrophic’ Cyber Attack Affecting Critical Infrastructure: Report (insurancejournal.com)

• Ransomware surges, despite aggressive defences | SC Media (scmagazine.com)

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week

• A Major Ransomware Takedown Suffers a Strange Setback | WIRED

• Double-Extortion Play Ransomware Strikes 300 Organisations Worldwide (thehackernews.com)

• Ransomware trends and recovery strategies companies should know - Help Net Security

• Ransomware Attacks in November Rise 67% From 2022 (darkreading.com)

• 10 of the biggest ransomware attacks in 2023 | TechTarget

• BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign (securityaffairs.com)

• ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime - Infosecurity Magazine (infosecurity-magazine.com)

• CISA releases Play ransomware guidelines | Security Magazine

• US and Australia Warn of Play Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Devices (and ransomware) are everywhere: How endpoint security must adapt | SC Media (scmagazine.com)

• Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team (thehackernews.com)

• Ransomware gangs are increasingly turning to remote encryption, and that's a huge problem | TechRadar

• FBI Develops Decryption Tool That Could Tackle Casino Attacks (sbcamericas.com)

Ransomware Victims

• Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye

• Ransomware gang behind threats to Fred Hutch cancer patients (bleepingcomputer.com)

• Delta Dental of California data breach exposed info of 7 million people (bleepingcomputer.com)

• Seattle cancer centre confirms cyber attack after ransomware gang threats (therecord.media)

• France International Schools Agency Impacted by Ransomware Hack - Bloomberg

• MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Attack Slams The North Face and Vans Owner, Shares Plunge - The Messenger

• Mr Cooper now says 15M people's data exposed in cyber attack • The Register

• MongoDB shares fall on cyber security incident By Investing.com

• 2.7M medical records exposed in double-extortion ransomware attack | SC Media (scmagazine.com)

• Nearly 3 million affected by ransomware attack on medical software firm (therecord.media)

• Title insurance giant First American offline after cyber attack (bleepingcomputer.com)

• St Vincent’s Health Australia says data stolen in cyber attack (yahoo.com)

• Kansas City-area hospital transfers patients, reschedules appointments after cyber attack (therecord.media)

• Ransomware cyber attack hits Milton Town School District (databreaches.net)

• The ransomware attack on Westpole is disrupting digital services for Italian public administration (securityaffairs.com)

Phishing & Email Based Attacks

• Generative AI is making phishing attacks more dangerous | TechTarget

• New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes (darkreading.com)

• Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia

• Qakbot is back and targets the Hospitality industry (securityaffairs.com)

• SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - Security Week

• Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

• Cyber espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (therecord.media)

Artificial Intelligence

• Generative AI is making phishing attacks more dangerous | TechTarget

• AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security

• 'Unintended harms' of generative AI are national security risk to UK (techmonitor.ai)

• Unequal Risk, Unequal Reward: How Gen AI disproportionately harms countries (ox.ac.uk)

• Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)

• Security Researchers: ChatGPT Vulnerability Allows Training Data to be Accessed by Telling Chatbot to Endlessly Repeat a Word - CPO Magazine

• AI in Cyber Security: It's All About Being Aware (inforisktoday.com)

• How AI is weaponized for cyber attacks (betanews.com)

• Why 'dark AI' is a top cyber security concern for 2024 | Pension Times

• The cyber security arms race: AI vs. AI | TechRadar

• How AI Is Shaping the Future of Cyber Crime (darkreading.com)

• 4 ways CISOs can manage AI use in the enterprise | CIO

2FA/MFA

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

Malware

• New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks (thehackernews.com)

• Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges (thehackernews.com)

• Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)

• Windows and macOS targeted by new Go-based malware | TechRadar

• QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)

• Over 10K downloads amassed by malicious PyPi packages | SC Media (scmagazine.com)

• Info stealers and how to protect against them (securityaffairs.com)

• 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)

• Qakbot is back and targets the Hospitality industry (securityaffairs.com)

• Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)

• Hospitality Industry Faces New Password-Stealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals target hotel staff for management credentials • The Register

• BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Scam 'missed parcel' SMS messages: advice on avoiding malware - NCSC.GOV.UK

• 3 Ways to Use Real-Time Intelligence to Defeat Bots (darkreading.com)

• Microsoft: Hackers target defence firms with new FalseFont malware (bleepingcomputer.com)

• Hospitality sector subjected to new malware attacks | SC Media (scmagazine.com)

Mobile

• iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans | ZDNET

• The 5G risk: How to protect your smartphone from emerging security threats - PhoneArena

• Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin

• What is spyware and what can you do to stay protected? - Amnesty International

• NSO Group May Be On Its Way Out But There’s No Shortage Of Competitors To Take Its Place | Techdirt

• Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica

Internet of Things – IoT

• IoT security strategy: an arms race for businesses | ITPro

• Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops

• Cyber security and car thefts: how are car makers responding? | CAR Magazine

• Marketer sparks panic with claims it uses smart devices to eavesdrop on people | Ars Technica

• Marketing firm admits it listens to conversations to sell targeted ads (searchengineland.com)

Data Breaches/Leaks

• Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)

• MongoDB says customer data was exposed in a cyber attack (bleepingcomputer.com)

• Mr Cooper now says 15M people's data exposed in cyber attack • The Register

• Wolverine-developer Insomniac Games sees 1.67TB of secrets leaked in data breach | Ars Technica

• Everything Hackers Just Revealed in Sony Insomniac Games Leak (tech.co)

• Comcast says hackers stole data of close to 36 million Xfinity customers | TechCrunch

• BMW dealer at risk of takeover by cyber criminals - Security Affairs

• Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records - Security Week

• Data leak exposes users of car-sharing service Blink Mobility (securityaffairs.com)

• Hacked security cam footage from bedrooms, dressing rooms, spas found to be on sale on Telegram group - NotebookCheck.net News

Organised Crime & Criminal Actors

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED

• German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)

• INTERPOL celebrates huge cyber crime Christmas present (emergingrisks.co.uk)

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)

• Two arrested as police investigate Birmingham dark web drugs trade - Birmingham Live (birminghammail.co.uk)

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week

• BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ

• Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)

• Lapsus$ teen sentenced to indefinite detention in hospital • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine

• Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)

• Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider threats: why employees are a bigger risk than hackers (raconteur.net)

• Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)

• DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine

Insurance

• Mandatory protections, higher premiums and continued growth -- cyber insurance predictions for 2024 (betanews.com)

• Uninsured firms incur 69% higher cyber incident costs - CIR Magazine

Supply Chain and Third Parties

• What is supply chain risk management (SCRM)? | Definition by TechTarget

• Addressing the Growing Threat of Supply Chain Cyber Attacks | HackerNoon

• Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye

• Supply chain emerges as major vector in escalating automotive cyber attacks - Help Net Security

• Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 (darkreading.com)

Cloud/SaaS

• Most cloud transformations are stuck in the middle - Help Net Security

• IoT security strategy: an arms race for businesses | ITPro

• Millions of Microsoft Accounts Power Lattice of Automated Cyber Attacks (darkreading.com)

• Box cloud storage down amid 'critical' outage (bleepingcomputer.com)

Encryption

• Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)

• 86% of cyber attacks are delivered over encrypted channels - Help Net Security

• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• The password attacks of 2023: Lessons learned and next steps (bleepingcomputer.com)

• CISA urges vendors to get rid of default passwords | CyberScoop

• BMW dealer at risk of takeover by cyber criminals - Security Affairs

• Hospitality Industry Faces New Password-Stealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals target hotel staff for management credentials • The Register

Social Media

• Social media platform X back up after global outage | Reuters

• Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)

• Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

Malvertising

• Malvertising has been out of control in 2023, and Google needs to do more to stop it | ITPro

Training, Education and Awareness

• Are We Ready to Give Up on Security Awareness Training? (thehackernews.com)

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

Regulations, Fines and Legislation

• CFOs are under the gun as the SEC's new 4-day data breach disclosure window goes into effect | Fortune

• SEC vs. SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)

• Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops

• UK data centres to be classed as critical infrastructure under new gov proposals | ITPro

• Clock Starts on SEC Cyber Attack Rules: What CISOs Should Know (informationweek.com)

• SEC disclosure rule for ‘material’ cyber security incidents goes into effect | CyberScoop

• What Do CISOs Have to Do to Meet New SEC Regulations? (darkreading.com)

• EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member states | ITPro

• Rules targeting financial criminals will require new filings for startups and small businesses – GeekWire

• A quiet cyber security revolution is touching every corner of the economy as US, allies ‘pull all the levers’ to face new threats | Fortune

Models, Frameworks and Standards

• Cyber Security Frameworks: A Guide for MSSPs | MSSP Alert

• SANS Institute Research Shows the Frameworks Organisations Use (darkreading.com)

Careers, Working in Cyber and Information Security

• How cyber security roles are changing and what to look for when hiring | CSO Online

Law Enforcement Action and Take Downs

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week

• A Major Ransomware Takedown Suffers a Strange Setback | WIRED

• US law enforcement seizes BlackCat ransomware site, distributes decryption key (axios.com)

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)

• Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED

• German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)

• Two arrested as police investigate Birmingham dark web drugs trade - Birmingham Live (birminghammail.co.uk)

• Interpol op cuffs 3,500 cyber suspects, seizes $300M • The Register

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week

• Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)

• Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica

• Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)

• Lapsus$ teen sentenced to indefinite detention in hospital • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Attacks on critical infrastructure are harbingers of war: Are we prepared? | SC Media (scmagazine.com)

Nation State Actors

China

• China's Cyber Warfare Surges With Hacking Of US Infrastructure (thefederalist.com)

• Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL

• US cyber warriors issue a call to arms - Asia Times

• China's Secret War Preps Inside US Utilities (spytalk.co)

• National Grid drops Beijing-backed supplier over UK power network fears (ft.com)

• Chinese Spacecraft Emitting Strong Signal Over North America (futurism.com)

• A top-secret Chinese spy satellite just launched on a supersized rocket | Ars Technica

• China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents (thehackernews.com)

Russia

• Cyber attack on Kyivstar is likely one of highest-impact disruptive in Ukraine since Feb 2022 - British intelligence (interfax.com.ua)

• The UK Defence Intelligence Analyses Massive Cyber Attack Ukraine Suffered | Defence Express (defence-ua.com)

• Ukraine updates: UK says Ukraine suffered severe cyber attack – DW – 12/16/2023

• Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL

• US cyber warriors issue a call to arms - Asia Times

• Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)

• UK and partners form The Tallinn Mechanism for cyber security - GOV.UK (www.gov.uk)

• Ukraine mobile cyber attack high impact says UK - Emerging Risks Media Ltd

• Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach (hackread.com)

• Cyber espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (therecord.media)

Iran

• Israel-linked hacking group claims it ‘disabled’ gas stations across Iran | World News - Hindustan Times

• Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware (talosintelligence.com)

Vulnerability Management

• 2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of 2023's critical cyber attacks stemmed from fewer than 1% of vulnerabilities - SiliconANGLE

• 1 in 4 high-risk CVEs are exploited within 24 hours of going public | SC Media (scmagazine.com)

• Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them? (darkreading.com)

• Creating a formula for effective vulnerability prioritization - Help Net Security

• Zoom Unveils Open Source Vulnerability Impact Scoring System - Security Week

• Threat actors still exploiting old unpatched vulnerabilities, says Cisco | IT Business

Vulnerabilities

• 80 percent of Struts 2 downloads include critical flaw • The Register

• ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products (securityaffairs.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• Flaws in pfSense firewall can lead to arbitrary code execution (securityaffairs.com)

• QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)

• MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft discovers critical RCE flaw in Perforce Helix Core Server (bleepingcomputer.com)

• Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE (darkreading.com)

• 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)

• 3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Security Week

• Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape - Security Week

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File (darkreading.com)

• 3CX warns customers to disable SQL database integrations (bleepingcomputer.com)

• Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Security Week

• Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security Week

• Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims (darkreading.com)

• Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (thehackernews.com)

• Ivanti releases patches for 13 critical Avalanche RCE flaws (bleepingcomputer.com)

• Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin

• Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)

• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

• Impact of Log4Shell Bug Was Overblown, Say Researchers - Infosecurity Magazine (infosecurity-magazine.com)

• Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)

• New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now (thehackernews.com)

Tools and Controls

• AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security

• More cyber criminals turning to remote desktop protocol attacks | Insurance Times

• Insurer’s UK Honeypots Attacked 17 Million Times Per Day - Infosecurity Magazine (infosecurity-magazine.com)

• The cyber security arms race: AI vs. AI | TechRadar

• Microsoft unveils new, more secure Windows Protected Print Mode (bleepingcomputer.com)

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• AI in Cyber Security: It's All About Being Aware (inforisktoday.com)

• Demystifying Open XDR: What It Is, How to Do It, and ROI | Binary Defence

• 5 things you need to know about your EDR | CSO Online

• Can you trust Windows Hello biometric authentication | Kaspersky official blog

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

• How CISOs can manage multiprovider cyber security portfolios | TechTarget

• Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ

• CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool | CISA

• Are Workstation Security Logs Actually Important? | MSSP Alert

• What's the Best Way to Communicate After a Data Breach? (darkreading.com)

• How Segmentation Can Slow a Cyber Attack - ClearanceJobs

Reports Published in the Last Week

• Annual Payment Fraud Intelligence Report: 2023 | Recorded Future

Other News

• The Financial Sector Experiences More Cyber Attacks than Other Verticals, and those Incidents Result in Costlier Outcomes (prnewswire.com)

• 77% of financial organisations detected a cyber attack in the last year | Security Magazine

• Small businesses targeted by cyber criminals for data (securitybrief.co.nz)

• Retailers Are Being Barraged By Cyber Attacks This Holiday Season (forbes.com)

• Complexity leaves energy companies vulnerable to cyber attacks - Verdict

• The MOVEit breach may well have been the biggest cyber attack of the year | TechRadar

• How to bolster security against intellectual property theft (c4isrnet.com)

• In Cyber Security, Some Conventional Wisdom, While Well-Intentioned, Is Off-Base (newsweek.com)

• Navigating The Cyber Security Landscape In 2024 (forbes.com)

• 3 Strategic Insights from Cyber Security Leader Study (trendmicro.com)

• Healthcare sector warned of poor cyber hygiene; CISA doles out remedy advice | SC Media (scmagazine.com)

• The truth behind four small business cyber security myths (themanufacturer.com)

• Conclusion of Crossed Swords: the most exciting offensive cyber operations exercise

• Australia announces cyber security plan after major breaches | World Economic Forum (weforum.org)

• National Grid drops Beijing-backed supplier over UK power network fears (ft.com)

• As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats? (theartnewspaper.com)

• NIST Report Spotlights Cyber, Privacy Risks in Genomic Data (inforisktoday.com)

• Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)

• 86% of cyber attacks are delivered over encrypted channels - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment

According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.

Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.

Sources: [ITPro] [Emerging Risks Media Ltd]

Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions

Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.

The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.

Sources: [CIR Magazine] [Gartner]

Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies

Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.

So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.

Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.

Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]

81% of Companies had Malware, Phishing and Password Attacks in 2023

According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.

Source: [Security Magazine]

Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors

According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.

Sources: [Washington Times] [SiliconANGLE]

Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.

The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.

Sources: [NSA] [Dark Reading] [The Register]

Why Cyber Security Is a Competitive Advantage: Reaching Digital Success

In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.

However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.

Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.

Source: [Forbes]

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.

Source: [Hacker News]

66% of Employees Prioritise Daily Tasks Over Cyber Security

According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.

The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.

Source: [Security Magazine]

Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days

Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.

Source: [Security Week]

Who Is Responsible for Cyber Security? You.

Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.

Source: [Forbes]

Many Popular Websites Still Cling to Password Creation Policies From 1985

Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.

The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.

Source: [Help Net Security]

Governance, Risk and Compliance

• Who Is Responsible For Cyber Security? You. (forbes.com)

• How C-Level Executives Can Increase Cyber Resilience (forbes.com)

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast

• 7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert

• Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal

• Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)

Threats

Ransomware, Extortion and Destructive Attacks

• UK ransomware attack could bring country to a "standstill" as scathing report calls for greater security investment | ITPro

• UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)

• Ransomware Surge is Driving UK Inflation, Says Veeam - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)

• CNI 'vulnerable to ransomware' | Professional Security

• Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• The end of ransomware payments: how businesses fit into the fight | ITPro

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

• US reveals email addresses used to send ransomware demands • The Register

• Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)

Ransomware Victims

• Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE

• Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)

• US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack | TechCrunch

• Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)

• BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)

• Nissan dealerships in ANZ crippled by cyber attack - Drive

Phishing & Email Based Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• 39% of security leaders cite phishing as most feared cyber attack | Security Magazine

• Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET

• Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)

• Google Forms Used in Call-Back Phishing Scam | Tripwire

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US reveals email addresses used to send ransomware demands • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Artificial Intelligence

• SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• AI in 2024: More business use, more fraud risks | Premium | Compliance Week

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)

• Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra

• Responsibly Implementing AI, the Unstoppable Force (darkreading.com)

• How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)

• Israel's AI can produce 100 bombing targets a day in Gaza. Is this the future of war? (theconversation.com)

Malware

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)

• Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

• Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)

• Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security

• How criminals disguise URLs | Kaspersky official blog

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

• Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)

Mobile

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• Apple Testing New Stolen Device Protection Feature for iPhones - Security Week

• Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - Help Net Security

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Websites down as Newsquest hit by cyber attack - Journalism News from HoldtheFrontPage

Internet of Things – IoT

• How Cyber Security Can Build Consumer Trust In Self-Driving Vehicles (forbes.com)

Data Breaches/Leaks

• Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)

• UK Ministry of Defence Fined For Afghan Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• DNA companies should receive severe penalties for losing our data | TechCrunch

• Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)

• US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)

• Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)

• 2.5m people's data lost in Norton hospital ransomware hit • The Register

• Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)

• Toyota Financial Services discloses data breach (securityaffairs.com)

• US Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak - Security Week

• DonorView exposes 1M records for unknown time frame • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Organised Crime & Criminal Actors

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)

• Interpol strikes slavers who force people to scam you online • The Register

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE

• Dark web forums reveal next year’s cyber security threats - Digital Journal

• Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)

• How cyber criminals are using Wyoming shell companies for global hacks | Reuters

• Exploitation of the internet and the mind: How cyber criminals operate | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg

• Ledger says attacker conducted phishing attack on former employee - Blockworks

Insider Risk and Insider Threats

• 66% of employees prioritize daily tasks over cyber security | Security Magazine

• Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)

• Prison for man who wiped bank's data after being fired for accessing porn in the office (bitdefender.com)

• Employees are weaponizing private emails with colleagues | Fortune

Insurance

• Making Cyber Insurance Available for Small Biz, Contractors (darkreading.com)

Supply Chain and Third Parties

• Gartner Survey Finds 45% of Organisations Experienced Third Party-Related Business Interruptions During the Past Two Years

• UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)

• Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)

Cloud/SaaS

• Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)

• SAP's attempt to migrate security tools to cloud failed • The Register

• Cloud engineer wreaks havoc on bank's network after firing • The Register

Linux and Open Source

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Almost 90 percent say they're prepared for password-based attacks -- but half still fall for them (betanews.com)

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• Many popular websites still cling to password creation policies from 1985 - Help Net Security

Social Media

• How a social engineering hack turned these Facebook pages into a dumping ground for spam (engadget.com)

Regulations, Fines and Legislation

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• How European countries are implementing new cyber security framework – EURACTIV.com

• Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure  - Security Week

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert

• Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch

• Government plans to regulate to tackle datacentre threats | Computer Weekly

• eIDAS: EU’s internet reforms will undermine a decade of advances in online security - Help Net Security

Models, Frameworks and Standards

• MITRE Launches Critical Infrastructure Threat Model Framework - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• UK IT staff working nearly as much overtime as law enforcement | ITPro

• Getting Into Cyber Security: A Guide for IT Security Careers | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Law Enforcement Action and Take Downs

• Cloud engineer wreaks havoc on bank's network after firing • The Register

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• International justice – France offers support to the International Criminal Court to step up cyber security (12 Dec. 2023) - Ministry for Europe and Foreign Affairs (diplomatie.gouv.fr)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Nation State Actors

• What CISOs Need to Know About Nation State Actors (informationweek.com)

China

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• China's Cyber Attacks Target US Infrastructure In Preparation For Potential Conflict: Report - Benzinga

• Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)

• China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post

• CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop

• Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet  - Security Week

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• China warns its geographic data breach puts industry at risk (techinformed.com)

Russia

• Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)

• Ukraine’s Largest Phone Operator Hacked in “Act of War” - Infosecurity Magazine (infosecurity-magazine.com)

• 24 million Kyivstar users urged to change all passwords due to cyber attack / The New Voice of Ukraine (nv.ua)

• Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter - Infosecurity Magazine (infosecurity-magazine.com)

• UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)

• NCSC warning on Russian targeting | Professional Security

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation

• MI6 chief thanks Russian state television for its 'help' in encouraging Russians to spy for the UK | AP News

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• User activity showed greater increase in traffic on 3G network compared to 4G (LTE) network / The New Voice of Ukraine (nv.ua)

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Iran

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

North Korea

• Stronger action against North Korean cyber threats pushed by US, South Korea, Japan | SC Media (scmagazine.com)

• Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)

• Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)

• Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Cyber Attack Disrupts TV Services Across UAE, AI Anchor Broadcasts Graphic Content from Gaza | Metaverse Post (mpost.io)

Vulnerability Management

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Over 30% of Log4J apps use a vulnerable version of the library (bleepingcomputer.com)

• One in four apps remain exposed to Log4Shell • The Register

Vulnerabilities

• Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)

• New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• SAP Security Patch Day December 2023 | SAP Blogs

• Adobe Releases Security Updates for Multiple Products | CISA

• Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week

• 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)

• Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)

• One in four apps remain exposed to Log4Shell • The Register

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• This is how to protect your computers from LogoFAIL attacks | ZDNET

• Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)

Tools and Controls

• Attacks abuse Microsoft DHCP to spoof DNS records • The Register

• Balancing AI advantages and risks in cyber security strategies - Help Net Security

• What is Cyber security threat intelligence sharing (att.com)

• The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)

• Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)

• Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Are business cyber security measures really fit for purpose? - Digital Journal

• New Microsoft Incident Response team guide shares best practices for security teams and leaders | Microsoft Security Blog

• Which cyber security controls are organisations struggling with? - Help Net Security

Other News

• UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd

• Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)

• Sellafield nuclear plant: I pray fears of a leak at the site are being taken seriously | The Independent

• Is macOS as secure as its users think? | Kaspersky official blog

• The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)

• Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)

• My home, my castle: Only 1 in 6 Brits are concerned about cyberthreats at home – PCR (pcr-online.biz)

• NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly

• Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)

• Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)

• This is how to protect your computers from LogoFAIL attacks | ZDNET

• Polish train maker denies claims it geofenced trains • The Register

• Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)

• Cyber criminals continue targeting open remote access products - Help Net Security

• Threat actors misuse OAuth applications to automate financially driven attacks | Microsoft Security Blog

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Cyber Attacks Begin by Breaking Human Trust

One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.

One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.

Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.

Sources: [GovTech] [Bloomberg] [Security Week]

BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.

Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.

Source: [The Register]

SME Cyber Security Knowledge Gap Widens

Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.

Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.

Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.

Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]

UK Security Budgets Under Strain as Cyber Incidents Soar

A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.

The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).

Sources: [Silicon] [Verdict] [CSO Online]

Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount

A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to  effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.

Source: [EY]

FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours

The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.

Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]

Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business

A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.

The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.

Sources: [Techradar] [Beta News] [HelpNet Security]

Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported

Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.

Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.

Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]

Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums

According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.

Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Global Reinsurance]

Evolving Conversations: Cyber Security as a Business Risk

According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.

By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.

Source: [HelpNet Security]

Threats in Cloud Top the List of Executive Cyber Concerns

A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.

The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CIO Dive]

Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection

Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.

The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.

Source: [Silicon Angle]

Governance, Risk and Compliance

• Small Businesses Underestimate Cyber Risks Despite Increased Threats: IBC Survey (insurancejournal.com)

• Half of Cyber security Professionals Report Increase in Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)

• SME cyber security knowledge gap widens | Dealer Support

• UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached - IT Security Guru

• Poor cyber security habits are common among younger employees - Help Net Security

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• After MGM and Caesars hacks, cyber security experts warn ‘anybody is vulnerable’  - The Nevada Independent

• People Still Matter in Cyber security Management (darkreading.com)

• UK businesses face tightening cyber security budgets as incidents spike | CSO Online

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)

• Evolving conversations: Cyber security as a business risk - Help Net Security

• Cyber security preparedness pays big dividends for businesses - Help Net Security

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN

• Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global

• CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security

• Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyber attacks

• Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)

• A Tool to Help Boards Measure Cyber Resilience (hbr.org)

• High-business-impact outages are incredibly expensive - Help Net Security

• 78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)

• Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News

• How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News

Threats

Ransomware, Extortion and Destructive Attacks

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)

• Ransomware Dwell Time Hits Low of 24 Hours (prnewswire.com)

• Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)

• Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)

• Why the public sector is an easy target for ransomware | TechCrunch

• Banks beware: Why one ransomware victim decided to pay up | American Banker

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• Feds hopelessly behind the times on ransomware trends • The Register

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Ransomware reinfections on the rise from improper remediation (malwarebytes.com)

• Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)

• Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)

• Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)

• Ransomware disrupts hospitality, healthcare in September | TechTarget

• Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs

• Lorenz ransomware embroiled in its own two-year data leak • The Register

Ransomware Victims

• LockBit crime spree includes FDF and UK law firm (techmonitor.ai)

• Motel One discloses data breach following ransomware attack (bleepingcomputer.com)

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Record Numbers of Ransomware Victims Named on Leak Sites - Infosecurity Magazine (infosecurity-magazine.com)

• MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ

• BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care (securityaffairs.com)

• Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)

• South African insurance clients hit in massive global cyber attack (mybroadband.co.za)

• Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)

• Clorox Warns of a Sales Mess After Cyber attack - WSJ

Phishing & Email Based Attacks

• EvilProxy Phishing Attack Strikes Indeed, Targets Executives - Infosecurity Magazine (infosecurity-magazine.com)

• Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

• Will generative AI really supercharge phishing attacks? - Tech Monitor

Other Social Engineering; Smishing, Vishing, etc

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg

• Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• USPS Anchors Snowballing Smishing Campaigns (darkreading.com)

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security

• GenAI in software surges despite risks - Help Net Security

• Boardroom Blueprint: AI's Cyber security Risks (forbes.com)

• The top AI cyber crime threats and solutions | Inquirer Technology

• Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Survey Finds Most Cyber security Experts Believe Offensive AI Will Outpace Defensive AI (thefastmode.com)

• LLMs lower the barrier for entry into cyber crime - Help Net Security

• Will generative AI really supercharge phishing attacks? - Tech Monitor

• Are we doomed to make the same security mistakes with AI? (securityintelligence.com)

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• From Cyber crime to Cyber security: Fighting AI With AI | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Malware

• Hackers are spreading malware through Indeed job messages | Digital Trends

• Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• North Korea's Lazarus Group upgrades its main malware • The Register

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)

Mobile

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Are executives adequately guarding their gadgets? - Help Net Security

Botnets

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

Denial of Service/DoS/DDOS

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)

• Royal Family's official website targeted in cyber attack | UK News | Sky News

• Global events fuel DDoS attack campaigns - Help Net Security

BYOD

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Are executives adequately guarding their gadgets? - Help Net Security

Internet of Things – IoT

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• IoT and the law | Professional Security

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security

• FDA cyber mandates for medical devices goes into effect | CyberScoop

Data Breaches/Leaks

• European Telecommunications Standards Institute Discloses Data Breach - Security Week

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• NATO says it is addressing an apparent cyber attack after strategy documents posted online | CNN Politics

• SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

• PSNI: Concerns over computer security as new figures reveal 161 data incidents | BelfastTelegraph.co.uk

• Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)

• DNA testing service 23andMe investigating theft of user data | CyberScoop

Organised Crime & Criminal Actors

• Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)

• People Still Matter in Cyber security Management (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• The crypto market bears the scars of FTX's collapse | Reuters

Insider Risk and Insider Threats

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar

• Younger employees more likely to have unsafe cyber security habits (betanews.com)

• Addressing the People Problem in Cyber security - Security Week

Fraud, Scams & Financial Crime

• FBI warns phantom hacker scams are emptying financial accounts — how to stay safe | Tom's Guide (tomsguide.com)

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• Online fraud can cost you more than money - Help Net Security

• The crypto market bears the scars of FTX's collapse | Reuters

• How to deal with your brand's doppelgangers | Kaspersky official blog

• Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)

Impersonation Attacks

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

Insurance

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)

• 5 Cyber Insurance Trends To Watch Right Now | CRN

Supply Chain and Third Parties

• Tackling cyber risks head-on using security questionnaires - Help Net Security

Software Supply Chain

• Software firms under cyber attack | Microscope (computerweekly.com)

• Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

Cloud/SaaS

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance (thehackernews.com)

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

• EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)

Hybrid/Remote Working

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

Encryption

• New Marvin attack revives 25-year-old decryption flaw in RSA (bleepingcomputer.com)

• Quantum Computers Could Crack Encryption Sooner Than Expected With New Algorithm (singularityhub.com)

API

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

Open Source

• New 'Looney Tunables' Linux bug gives root on major distros (bleepingcomputer.com)

• The root cause of open-source risk - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Your Long Password Is Still Easy to Crack (pcmag.com)

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

Biometrics

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE

• The inadequacy of voice biometrics | TechRadar

Social Media

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Malvertising

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

Training, Education and Awareness

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Addressing the People Problem in Cyber security - Security Week

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Parental Controls and Child Safety

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

Regulations, Fines and Legislation

• Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• Many Companies Far From Ready for Fast-Approaching SEC Cybersecurity Deadline | Corporate Counsel (law.com)

• Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

Models, Frameworks and Standards

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)

Careers, Working in Cyber and Information Security

• UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online

• Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post

• The State of Cyber security: Cyber Skills Gap Leaves Business Vulnerable to Attacks, New Research Reveals | Business Wire

• Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews

• Soft skills continue to challenge the cyber security sector - Help Net Security

Law Enforcement Action and Take Downs

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• UK student found guilty of 3D printing 'kamikaze' drone • The Register

Privacy, Surveillance and Mass Monitoring

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

Misinformation, Disinformation and Propaganda

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State, Cyber Warfare and Cyber Espionage

• Espionage fuels global cyber attacks - Microsoft On the Issues

• Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly

• ‘Cyberwar Is Going on All Day, Every Day’: CEO | NTD

• CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cyber security of Civil Society Under Threat of Transnational Repression | CISA

• US and UK Lead Fight Against Civil Society Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• The sixth domain: The role of the private sector in warfare - Atlantic Council

• How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

Russia

• Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities

• Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)

• Russia-Ukraine war: Cyber space is the latest frontline | Semafor

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

• Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)

China

• China Poised to Disrupt US Critical Infrastructure with Cyber Attacks, - Infosecurity Magazine (infosecurity-magazine.com)

• How digital threats from East Asia are increasing in breadth and effectiveness | CSO Online

• Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege (securityaffairs.com)

Iran

• Iran-Linked APT34 Spy Campaign Targets Saudis (darkreading.com)

North Korea

• North Korea's Lazarus Group upgrades its main malware • The Register

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves | TechRadar

• North Korea goes phishing in South’s shipyards • The Register

Vulnerability Management

• How to Measure Patching and Remediation Performance (darkreading.com)

Vulnerabilities

• CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA

• October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty - Help Net Security

• Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)

• Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)

• A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica

• Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)

• Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week

• Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)

• Mass exploitation attempts against WS_FTP have begun • The Register

• Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)

• Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security

• Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)

• Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch

• Companies Address Impact of Exploited Libwebp Vulnerability  - Security Week

• Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security

• Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)

• Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)

• Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)

• Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica

Tools and Controls

• Does your security program suffer from piecemeal detection and response? (securityintelligence.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

• 5 common browser attacks and how to prevent them | TechTarget

• Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)

• Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Is your threat protection giving you a false sense of cyber security? | The Independent

• 5 Cyber Insurance Trends To Watch Right Now | CRN

• Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Reports Published in the Last Week

• Microsoft Digital Defence Report 2023 (MDDR) | Microsoft Security Insider

• STUDY: 37% Intimidated, 39% Frustrated with Online Security (globenewswire.com)

• Oh Behave! The Annual Cyber security Attitudes and Behaviours Report 2023 - National Cyber security Alliance (staysafeonline.org)

Other News

• Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)

• Are we smart enough for smart cities? | TechRadar

• The trust deficit in CNI: How to address a growing concern | Computer Weekly

• Third sector highly exposed to cyber risk - CIR Magazine

• 10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN

• Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Cyber security in the Age of Industry 4.0 (automation.com)

• How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)

• 10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)

• NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)

• The changing face of cyber security threats in 2023 | CIO

• Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live

• Making Sense of Today's Payment Cyber security Landscape (darkreading.com)

• GAO tears into State Department's cyber security management • The Register

• First pan-European cyber analysis centre opens (airportsinternational.com)

• Nearly 100,000 Industrial Control Systems Exposed to the Internet - Infosecurity Magazine (infosecurity-magazine.com)

• Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online

• Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.