Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Phishing Emails Up a Whopping 569% in 2022

The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.

https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022

• The End User Password Mistakes Putting Your Organisation at Risk

Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.

https://www.bleepingcomputer.com/news/security/the-end-user-password-mistakes-putting-your-organization-at-risk/

• Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse

The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.

https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse

• 71% of Employees Keep Work Passwords on Personal Devices

71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.

https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/

• Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe

More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.

https://www.msspalert.com/cybersecurity-research/cybercrime-front-lines-in-russia-ukraine-war-move-to-eastern-and-northern-europe/

• Security Flaws Cost Fifth of Executives New Business

Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.

 https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/

• Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats

Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.

https://www.msspalert.com/cybersecurity-research/companies-struggle-to-build-and-run-effective-programs-to-protect-data-from-insider-threats/

• Only 10% of Workers Remember All Their Cyber Security Training

New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.

https://www.itsecurityguru.org/2023/03/30/only-10-of-workers-remember-all-their-cyber-security-training/

• Silence Gets You Nowhere in a Data Breach

In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.

 https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/

• Just 1% of Cloud Permissions are Actively Used

According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.

https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/

• Dangerous Misconceptions About Emerging Cyber Threats

Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.

https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/  

• ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.

https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/

Threats

Ransomware, Extortion and Destructive Attacks

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• 2023 Ransomware Insights | Barracuda Networks

• Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw (darkreading.com)

• New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)

• Publicly disclosed US ransomware attacks in 2023 | TechTarget

• Virgin Group added to Cl0p gang’s victim leak site | Cybernews

• New York law firm coughs up $200k after hospital data stolen • The Register

• Telecom giant Lumen suffered a ransomware attack-Security Affairs

• Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity | Ars Technica

• DarkBit puts data from Israel’s Technion university on sale | CSO Online

• Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News

• Children’s data feared stolen in Fortra ransomware attack | TechCrunch

• P&G confirms data breach - Global Cosmetics News

Phishing & Email Based Attacks

• Phishing Emails Up a Whopping 569% in 2022 (darkreading.com)

• Exchange Online will soon start blocking emails from old, vulnerable on-prem servers - Help Net Security

• Volume of HTTPS Phishing Sites Surges 56% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Identifying AI-Enabled Phishing (knowbe4.com)

• IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)

• These next-level phishing scams use PayPal or Google Docs to steal your data | TechRadar

• Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC scammers are after physical goods, the FBI warns - Help Net Security

• Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)

• New BEC Tactics Enable Fake Asset Purchases - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: Business email compromise tactics used to defraud US vendors (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• What is vishing (voice or VoIP phishing)? – TechTarget Definition

2FA/MFA

• What is Three-Factor Authentication? | Definition from TechTarget

Malware

• New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)

• MacStealer  macOS malware appears in cyber crime underground--Security Affairs

• Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert

• Microsoft confirms Defender has gone rogue as it's flagging legit links as malware - Neowin

• North Korean malware-spreading, crypto-stealing gang named • The Register

• Malware disguised as Tor browser steals $400k in cryptocash • The Register

• NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)

• Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)

• Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)

• AlienFox malware caught in the cloud hen house • The Register

• Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)

• IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android-based banking Trojan Nexus now available as malware-as-a-service | CSO Online

• Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)

• Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)

• Android app from China executed 0-day exploit on millions of devices | Ars Technica

• Google again accused of destroying evidence in Android case • The Register

• Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)

• Samsung keeps ignoring a huge security flaw in millions of Galaxy phones - SamMobile

• iOS Vs. Android – Which Is The More Secure Platform? (informationsecuritybuzz.com)

Botnets

• Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS DNS attacks are old-school, unsophisticated, and back • The Register

Internet of Things – IoT

• Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)

• This devious cyber attack can target all your smart speakers without you realizing | TechRadar

• Gone in 120 seconds: Tesla Model 3 child's play for hackers • The Register

Data Breaches/Leaks

• Fortra told breached companies their data was safe | TechCrunch

• Procter & Gamble confirms data theft via GoAnywhere zero-day (bleepingcomputer.com)

• Latitude Financial cyber-attack worse than first thought with 14m customer records stolen | Business | The Guardian

• New York law firm coughs up $200k after hospital data stolen • The Register

• Toyota scrambles to patch customer data leak-Security Affairs

• ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation - SecurityWeek

• 500k Impacted by Data Breach at Debt Buyer NCB - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | CyberScoop

• European Parliament Passes Historic Anti-Money Laundering Rules for Crypto Industry – More Regulation Incoming? (cryptonews.com)

• Malware disguised as Tor browser steals $400k in cryptocash • The Register

• NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)

Insider Risk and Insider Threats

• Companies Struggle to Build and Run Effective Programs to Protect Data From Insider Threats - MSSP Alert

• Over 70% of Employees Keep Work Passwords on Personal Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Only 10% of workers remember all their cyber security training - IT Security Guru

• Data loss from insider events increase despite IRM programs, says study | CSO Online

• Stop Blaming the End User for Security Risk (darkreading.com)

Fraud, Scams & Financial Crime

• Visa fraud expert outlines the many faces of payment ecosystem fraud - Help Net Security

• SMS pumping attacks and how to mitigate them | TechTarget

• Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert

• NCA Celebrates Multimillion-Pound Fraud Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

• How I fell for an internet scam (thetimes.co.uk)

Deepfakes

• AI has figured out how to draw deepfake hands | The Independent

AML/CFT/Sanctions

• European Parliament Passes Historic Anti-Money Laundering Rules for Crypto Industry – More Regulation Incoming? (cryptonews.com)

Insurance

• Beazley working on standalone cyber war product in market first (insuranceinsider.com)

• Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)

Supply Chain and Third Parties

• Hackers compromise 3CX desktop app in a supply chain attack (bleepingcomputer.com)

• Supply chain cyber attack with possible links to North Korea could have thousands of victims globally | CyberScoop

• Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)

• 'They outsmarted us.' 3CX CEO acknowledges mistakes handling potential supply chain cyberattack | CyberScoop

Cloud/SaaS

• Just 1% of Cloud Permissions Are Actively Used - Infosecurity Magazine (infosecurity-magazine.com)

• Where SSO Falls Short in Protecting SaaS (thehackernews.com)

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | CyberScoop

• CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)

• Balancing security risks and innovation potential of shadow IT teams - Help Net Security

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data - SecurityWeek

• AlienFox malware caught in the cloud hen house • The Register

Hybrid/Remote Working

• Cyber security focus in second Digital Europe work programme – EURACTIV.com

• More companies are watching their remote workers WFH on camera | Fortune

Shadow IT

• Balancing security risks and innovation potential of shadow IT teams - Help Net Security

Identity and Access Management

• Legacy, password-based authentication systems are failing enterprise security, says study | CSO Online

Encryption

• OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023 - SecurityWeek

API

• Attacks Targeting APIs Increased By 400% in Last Six Months - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• The End-User Password Mistakes Putting Your Organisation at Risk (bleepingcomputer.com)

• New Research Examines Traffers and the Business of Stolen Credentials - IT Security Guru

• Over 70% of Employees Keep Work Passwords on Personal Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Legacy, password-based authentication systems are failing enterprise security, says study | CSO Online

Social Media

• France bans TikTok, all social media apps from government devices | CSO Online

Training, Education and Awareness

• The era of passive cyber security awareness training is over - Help Net Security

• Only 10% of workers remember all their cyber security training - IT Security Guru

• Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries - IT Security Guru

Parental Controls and Child Safety

• Children’s data feared stolen in Fortra ransomware attack | TechCrunch

Regulations, Fines and Legislation

• UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek

• Call for Submissions to UK's New Computer Misuse Act - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Beazley working on standalone cyber war product in market first (insuranceinsider.com)

• 3 Shifts in the Cyber Threat Landscape (trendmicro.com)

• Cyber security vs. Everyone: From Conflict to Collaboration (darkreading.com)

• Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)

• It's Time to Rethink Security Culture, Match Confidence to Capabilities, Immersive Labs Reports - MSSP Alert

• How cyber security decision-makers perceive cyber resilience - Help Net Security

• NCSC issues revised security Board Toolkit for business leaders | Computer Weekly

• The CISO Mantra: Get Ready to Do More With Less (darkreading.com)

Models, Frameworks and Standards

• The best defence against cyber threats for lean security teams - Help Net Security

Backup and Recovery

• World Backup Day is here again – 5 tips to keep your precious data safe – Naked Security (sophos.com)

Law Enforcement Action and Take Downs

• FBI confirms access to Breached cyber crime forum database (bleepingcomputer.com)

• UK creates fake DDoS-for-hire sites to identify cyber criminals (bleepingcomputer.com)

• Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)

• 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (thehackernews.com)

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | Cyber scoop

• NCA Celebrates Multimillion-Pound Fraud Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age - IT Security Guru

• UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek

• FBI Spent Tens of Thousands of Dollars on Bulk Data Collection (gizmodo.com)

• Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News

• More companies are watching their remote workers WFH on camera | Fortune

Artificial Intelligence

• 'Grim' Criminal Abuse of ChatGPT is Coming, Europol Warns     - SecurityWeek

• Europol warns of criminal use of ChatGPT-Security Affairs

• In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT | WIRED

• Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT - SecurityWeek

• AI-fuelled search gives more power to the bad guys | CSO Online

• Identifying AI-Enabled Phishing (knowbe4.com)

• Hacker demonstrates security flaws in GPT-4 just one day after launch | VentureBeat

• AI image of Pope Francis in a puffer jacket fooled the internet and experts fear there’s worse to come (inews.co.uk)

• Godfather of AI Says There's a Minor Risk It'll Eliminate Humanity (futurism.com)

• Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News

• ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation - SecurityWeek

• AI has figured out how to draw deepfake hands | The Independent

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Putin and Xi’s plot to control the internet will leave the West in the dust (telegraph.co.uk)

• In A Surprise, China-Linked TikTok Grabs Power Norway Needs To Make Ammo (forbes.com)

• ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics | Cyberwar | The Guardian

• Cyber crime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe - MSSP Alert

• Beazley working on standalone cyber war product in market first (insuranceinsider.com)

• 'Bitter' espionage hackers target Chinese nuclear energy orgs (bleepingcomputer.com)

• Earth Preta’s Cyber Espionage Campaign Hits Over 200 (trendmicro.com)

• China crisis is a TikToking time bomb • The Register

• Biden White House Issues Executive Order on Commercial Spyware (gizmodo.com)

• North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations (thehackernews.com)

• Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)

• Over 200 Organisations Targeted in Chinese Cyber Espionage Campaign - SecurityWeek

• Chinese tech firms banned over spy fears granted access to UK officials at security conference (inews.co.uk)

• Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (darkreading.com)

• Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)

• Pro-Russian hackers target elected US officials supporting Ukraine | Ars Technica

• Russian spies more effective than army, say experts - BBC News

• Cyber warfare leaks show Russian army is adopting mindset of secret police | Cyberwar | The Guardian

Nation State Actors

• Uncle Sam sent cyber-soldiers to Albania to combat Iran • The Register

• Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)

• Android app from China executed 0-day exploit on millions of devices | Ars Technica

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | CyberScoop

• China urges Apple to improve security and privacy • The Register

• Supply chain cyber attack with possible links to North Korea could have thousands of victims globally | CyberScoop

• North Korean malware-spreading, crypto-stealing gang named • The Register

• Chinese tech firms banned over spy fears granted access to UK officials at security conference (inews.co.uk)

• Smugglers busted sneaking tech into China • The Register

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)

Vulnerability Management

• What you need before the next vulnerability hits - Help Net Security

• Vulnerability management vs. risk management, compared | TechTarget

• Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report - SecurityWeek

• Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)

• Ignoring network automation is a ticking time bomb for security - Help Net Security

Vulnerabilities

• Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April - SecurityWeek

• Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)

• Apple patches everything, including a zero-day fix for iOS 15 users – Naked Security (sophos.com)

• QNAP fixed Sudo privilege escalation bug in NAS devices-Security Affairs

• Patch Now: Cyber criminals Set Sights on Critical IBM File Transfer Bug (darkreading.com)

• ChatGPT Vulnerability May Have Exposed Users’ Payment Information - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data - SecurityWeek

• Super FabriXss flaw in Microsoft Azure SFX could lead to RCE-Security Affairs

• OpenAI quickly fixed account takeover bugs in ChatGPT-Security Affairs

Tools and Controls

• Even with defence tools, CISOs say cyber attacks are ‘inevitable’ (techrepublic.com)

• The era of passive cyber security awareness training is over - Help Net Security

• Silence gets you nowhere in a data breach | TechCrunch

• Only 10% of workers remember all their cyber security training - IT Security Guru

• Prioritizing data security amid workforce disruptions - Help Net Security

• Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)

• For database security it's down to people, not tech fixes • The Register

• Known unknowns: Refining your approach to uncategorized web traffic - Help Net Security

• Understanding adversaries through dark web intelligence - Help Net Security

• Where SSO Falls Short in Protecting SaaS (thehackernews.com)

• How Does Data Literacy Enhance Data Security? (darkreading.com)

• CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)

• With Security Copilot, Microsoft brings the power of AI to cyber defence - Stories

• Compare breach and attack simulation vs. penetration testing | TechTarget

• Ignoring network automation is a ticking time bomb for security - Help Net Security

• Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches | WIRED

• Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo (thehackernews.com)

• Diagnose your SME’s Cyber security and Scan for Recommendations — ENISA (europa.eu)

• Protect your entire business with the right authentication method - Help Net Security

• What Makes an Effective Anti-Bot Solution? - SecurityWeek

• Microsoft Defender is flagging legit URLs as malicious • The Register

• Managing security in the cloud through Microsoft Intune | CSO Online

• Top 5 SD-WAN Challenges and How to Prepare for Them | TechTarget

• Why Endpoint Resilience Matters - SecurityWeek

• The rise of biometrics and decentralized identity is a game-changer for identity verification - Help Net Security

• Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)

• The best defence against cyber threats for lean security teams - Help Net Security

• World Backup Day is here again – 5 tips to keep your precious data safe – Naked Security (sophos.com)

• Overcoming obstacles to introduce zero-trust security in established systems - Help Net Security

• The foundation of a holistic identity security strategy - Help Net Security

• The CISO Mantra: Get Ready to Do More With Less (darkreading.com)

Reports Published in the Last Week

• Cyber security focus in second Digital Europe work programme – EURACTIV.com

• 2023 Ransomware Insights | Barracuda Networks

• 2023 State of Cloud Permissions Risks report now published - Microsoft Community Hub

Other News

• GoAnywhere Zero-Day Attack Hits Major Orgs - SecurityWeek

• Hackers changed tactics, went cross-platform in 2022, says Trend Micro | CSO Online

• WiFi protocol flaw allows attackers to hijack network traffic (bleepingcomputer.com)

• Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)

• How CISOs Can Reduce the Danger of Using Data Brokers (darkreading.com)

• Tech Industry Bids to Tackle Cyber-Mercenary Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• How Does Data Literacy Enhance Data Security? (darkreading.com)

• Microsoft uses carrot and stick with Exchange Online admins • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

• The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

• Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

• Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

• Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

• Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

• Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

• EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

• Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

• How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

• Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

• 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

• Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

• US, UK slap sanctions on Russians linked to Conti and more • The Register

• Threat Analysis: VMware ESXi Attacks Soared in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• December ransomware attack leads to massive data breach from California health network - The Record from Recorded Future News

• Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs

• New ESXi ransomware strain spreads, foils decryption tools | TechTarget

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure-Security Affairs

• US Warns Critical Sectors Against North Korean Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cisco Talos spots new MortalKombat ransomware attacks | TechTarget

• Ion: after the hack, the clean-up - Risk.net

• Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS

• City of Oakland systems offline after ransomware attack (bleepingcomputer.com)

• MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)

• MTU data appears on dark web after cyber attack – The Irish Times

• Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)

• LockBit spree hits three large companies (techmonitor.ai)

• Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch

• City of Oakland issued state of emergency after ransomware attack-Security Affairs

• Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland

• LockBit and Royal Mail Ransomware Negotiation Leaked - Infosecurity Magazine (infosecurity-magazine.com)

• No relief in sight for ransomware attacks on hospitals | TechTarget

• Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)

• Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)

Phishing & Email Based Attacks

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security GuruCyber

• Venmo Phishing Abusing LinkedIn "slink"

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC Groups Target Firms With Multilingual Impersonation Attacks - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Malware

• Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Npm Package Uses Typosquatting, Downloads Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft OneNote Abuse for Malware Delivery Surges - Security Week

• New TA886 group targets companies with Screenshotter malware-Security Affairs

• Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security Guru

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Pepsi distributor blames info-stealing malware for breach • The Register

• Malware that can do anything and everything is on the rise - Help Net Security

• Lokibot, AgentTesla Grow in January 2023's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)

• Thousands of WordPress sites have been infected by a mystery malware | TechRadar

• Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)

• Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)

• Hackers Targeting US and German Firms Monitor Victims' Desktops with Screenshotter (thehackernews.com)

• Malware authors leverage more attack techniques that enable lateral movement | CSO Online

Mobile

• RedEyes hackers use new malware to steal data from Windows, phones (bleepingcomputer.com)

Botnets

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)

• 87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)

• The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs

Internet of Things – IoT

• Digital burglaries: The threat from your smart home devices | Fox News

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Data Breaches

• MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

• 4 misconceptions about data exfiltration | VentureBeat

• Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI

• Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)

• Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

• After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop

• Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

• Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk

• A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

• Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• 451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)

• DeFi exploits and access control hacks cost crypto investors billions in 2022: Report (cointelegraph.com)

• Using the blockchain to prevent data breaches | VentureBeat

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump - Infosecurity Magazine (infosecurity-magazine.com)

Insider Risk and Insider Threats

• A former Credit Suisse employee leaked employees' historic bonus data (efinancialcareers.com)

Fraud, Scams & Financial Crime

• Russian IT biz owner made $90M from stolen financial info • The Register

• Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)

• MoneyGram Fraud Victims Get $115m in Compensation - Infosecurity Magazine (infosecurity-magazine.com)

• 'Pig butchering' scams on the rise, luring victims with promises of relationships and riches | CyberScoop

• Cyber security Experts Warn Against Valentine's Day Romance Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Romance scam targets security researcher, hilarity ensues • The Register

• 10 signs that scammers have you in their sights | WeLiveSecurity

• Hackers Leverage PayPal to Send Malicious Invoices - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US, UK slap sanctions on Russians linked to Conti and more • The Register

Insurance

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

Dark Web

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

Supply Chain and Third Parties

• How to manage third-party cyber security risks that are too costly to ignore | TechCrunch

• 5 biggest risks of using third-party services providers | CSO Online

Cloud/SaaS

• Reimagining zero trust for modern SaaS - Help Net Security

• Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat

• Application and cloud security is a shared responsibility - Help Net Security

Attack Surface Management

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLine

Open Source

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)

• Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag

• Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

Social Media

• Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic

• Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies • Graham Cluley

• Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)

• Venmo Phishing Abusing LinkedIn "slink"

Malvertising

• AdSense fraud campaign relies on 10,890 sites that were infected since September 2022-Security Affairs

Training, Education and Awareness

• High-risk users may be few, but the threat they pose is huge - Help Net Security

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Regulations, Fines and Legislation

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• The Online Safety Bill: An attack on encryption (element.io)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

Governance, Risk and Compliance

• Security buyers lack insight into threats, attackers, report finds | Computer Weekly

• Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

• Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think - MSSP Alert

• Actionable intelligence is the key to better security outcomes - Help Net Security

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLineT

• Majority of Firms Make Cyber security Decisions Without Attacker Insight - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations - MSSP Alert

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online

• Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

• Storage security for compliance and cyberwar in 2023 • The Register

Backup and Recovery

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

Careers, Working in Cyber and Information Security

• Get hired in cyber security: Expert tips for job seekers - Help Net Security

• 3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)

• Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)

Law Enforcement Action and Take Downs

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The FBI’s most controversial surveillance tool is under threat | Ars Technica

Artificial Intelligence

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters

Misinformation, Disinformation and Propaganda

• Revealed: the hacking and disinformation team meddling in elections | Technology | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week

• SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi

• US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian

• Six companies join US entity list after Chinese spy balloon • The Register

• How Alan Turing still casts his genius in the age of cyberwar | Metro News

• US warns its citizens in Russia to get out immediately over security fears | Euronews

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• ‘Significant’ debris from China spy balloon retrieved, says US military | US national security | The Guardian

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)

• A.I. in the military could be a game changer in warfare | Fortune

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• The Lessons From Cyberwar, Cyber-in-War and Ukraine  - security Week

• Storage security for compliance and cyberwar in 2023 • The Register

Nation State Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week

• MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• North Korean Hackers Are Attacking US Hospitals | WIRED

• Six companies join US entity list after Chinese spy balloon • The Register

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Group-IB Blocks Attack By Chinese Tonto Team Hackers - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese ship accused of using ‘military-grade laser’ against Philippine vessel | Philippines | The Guardian

• Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)

• A new operating system has been released in Russia! (gizchina.com)

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries (thehackernews.com)

• SideWinder APT Attacks Regional Targets in New Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

Vulnerabilities

• Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)

• Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week

• Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week

• Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch

• Intel issues patches for SGX vulnerabilities • The Register

• Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week

• Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (thehackernews.com)

• Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)

• Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)

• Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week

• Dozens of Vulnerabilities Patched in Intel Products - Security Week

• High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)

• Critical Vulnerability Patched in Cisco Security Products - Security Week

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Tools and Controls

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

• SOAR vs. SIEM: What's the difference? | TechTarget

• PAM is failing - IT Security Guru

• Combining identity and security strategies to mitigate risks - Help Net Security

• Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online

• Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)

• Attack surface management (ASM) is not limited to the surface - Help Net Security

• How to filter Security log events for signs of trouble | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.