Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts

While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.

Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.

In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.

It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".

The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.

The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.

Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.

Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".

https://news.sky.com/story/businesses-urged-not-to-give-in-to-ransomware-cyber-criminals-as-authorities-see-increase-in-payouts-12648253

• People Are the Primary Attack Vector Around the World

With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.

People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.

Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.

Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.

https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/

• Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams

Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.

Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.

Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.

The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."

Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.

https://www.techtarget.com/searchsecurity/news/252522493/Early-detection-crucial-in-stopping-BEC-scams

• 54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)

SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).

Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).

MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.

Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.

Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”

https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/

• New Cyber Threat Emerges from the Inside, Research Report Finds

In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”

Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.

“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”

So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.

Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.

The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.

Here are some key statistics from the report:

• Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.

• The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).

• Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.

https://www.msspalert.com/cybersecurity-research/new-cyberthreat-emerges-from-the-inside-research-report-finds/

• Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next

Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.

Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.

Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.

What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.

No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".

Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.

And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.

They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.

https://www.zdnet.com/article/ransomware-why-its-still-a-big-threat-and-where-the-gangs-are-going-next/

• NCSC: Prepare for Protracted Period of Heightened Cyber Risk

The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.

The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.

Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.

“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.

With this in mind, the guide highlighted several steps IT security managers should consider:

• Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities

• Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities

• Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks

• Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand

• Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour

https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/

• 69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment

Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.

One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.

Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.

https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/

• FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying

The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.

In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.

“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.

He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.

Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.

https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy

• As Cyber Criminals Recycle Ransomware, They're Getting Faster

Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.

Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.

These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.

https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster

• UK Military Investigates Hacks on Army Social Media Accounts

British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.

The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.

“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”

The Ministry of Defence said late Sunday that both breaches had been “resolved.”

While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.

Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.

“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.

https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts

Campaign Targeting SOHO Routers Highlights Risks to Remote Workers

A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.

"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.

https://www.csoonline.com/article/3665912/apt-campaign-targeting-soho-routers-highlights-risks-to-remote-workers.html#tk.rss_news

Threats

Ransomware

• Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine

• Ransomware in 2022: Evolving threats, slow progress (techtarget.com)

• AstraLocker ransomware closes doors to pursue cryptojacking • The Register

• Ransomware gangs are feeling the crypto winter's impact | TechSpot

• LockBit explained: How it has become the most popular ransomware | CSO Online

• Hive ransomware gang turns to Rust, more complex encryption • The Register

• New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)

• Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)

• North Korean ransomware dubbed Maui active since May 2021 • The Register

• Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)

• Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)

• New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com

• As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)

• Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)

• New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)

• Feds wave red flag over Maui ransomware | CSO Online

• Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs

• AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)

• QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)

• Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)

• How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)

• Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)

• EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center

Phishing & Email Based Attacks

• Fake copyright complaints push IcedID malware using Yandex Forms (bleepingcomputer.com)

• Spear Phishing Fake Job Offer Likely Behind Axie Infinity's Lazarus $600m Hack - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)

• Dangerous new malware dances past more than 50 antivirus services | TechRadar

• Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs

• Malware knocks IT services vendor SHI offline • The Register

• Near-undetectable malware linked to Russia's Cozy Bear • The Register

• New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)

• Hackers are using YouTube videos to trick people into installing malware | TechRadar

Mobile

• This WhatsApp scam promises big, but just sends you into a spiral | ZDNet

• Android malware subscribes you to premium services without you knowing - GSMArena.com news

• Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)

• Four more apps that infected thousands of Android devices with malware removed from Google Play store | ZDNet

• Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)

Internet of Things – IoT

• Vulnerability allows hackers to unlock and start Honda cars remotely | TechSpot

Data Breaches/Leaks

• Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)

• Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine

• Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg

• Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Ransomware gangs are feeling the crypto winter's impact | TechSpot

• AstraLocker ransomware closes doors to pursue cryptojacking • The Register

• Hackers are using YouTube videos to trick people into installing malware | TechRadar

• PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)

• US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)

• Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs

• ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)

• Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru

Insider Risk and Insider Threats

• Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost

• HackerOne incident raises concerns for insider threats (techtarget.com)

Fraud, Scams & Financial Crime

• Ukrainian police takes down phishing gang behind payments scam | ZDNet

Supply Chain and Third Parties

• Applying Shift Left principles to third party risk management - Help Net Security

Software Supply Chain

• NPM supply-chain attack impacts hundreds of websites and apps (bleepingcomputer.com)

Cloud/SaaS

• Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru

• Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' (darkreading.com)

• What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)

Identity and Access Management

• 6 signs your IAM strategy is failing, and how to fix it | CSO Online

Asset Management

• How a cyber asset management strategy can help enterprises detect threats - Help Net Security

Encryption

• Encryption is high up on corporate priority lists - Help Net Security

• Quantum-resistant encryption recommended for standardization • The Register

• The threat of quantum computing to sensitive data - Help Net Security

• Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)

• End-to-end encryption’s central role in modern self-defence | Ars Technica

API

• Why your API gateway is not enough for API security? - Help Net Security

Open Source

• Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow (thehackernews.com)

Social Media

• British Army Cyber Attack Reminds Businesses That Social Media Accounts Are Prime Targets (informationsecuritybuzz.com)

• Limp Facebook Policies – Do They Ignore Suffering And Crime! (informationsecuritybuzz.com)

Digital Transformation

• Cyber security is driving digital transformation in alternative investment institutions - Help Net Security

Travel

• Marriott suffered a new data breach, attackers stole 20GB of data - Security Affairs

Cyber Bullying and Cyber Stalking

• Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)

Regulations, Fines and Legislation

• ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine

• ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)

• Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)

Models, Frameworks and Standards

• PCI DSS 4.0 released, addresses emerging threats and technologies - Help Net Security

Law Enforcement Action and Take Downs

• Ukrainian police takes down phishing gang behind payments scam | ZDNet

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)

• Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times

• TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)

• UK to combat Russia’s ‘hostile online warfare’ by forcing internet firms to remove disinformation | TechCrunch

• NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru

• FBI and MI5 bosses: China cheats and steals at massive scale • The Register

• Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop

• In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)

• Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)

Nation State Actors

Nation State Actors – Russia

• Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine

• Near-undetectable malware linked to Russia's Cozy Bear • The Register

Nation State Actors – China

• US and UK intelligence chiefs call for vigilance on China’s industrial spies | Financial Times (ft.com)

• China Censors What Could Be Biggest Data Hack in History (gizmodo.com)

• Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop

• China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg

• Security warning after sale of stolen Chinese data - BBC News

• Five accused of trying to silence China critics in US • The Register

• 50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian

• More UK calls for ban of CCTV makers Hikvision, Dahua • The Register

Nation State Actors – North Korea

• Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop

• North Korean ransomware dubbed Maui active since May 2021 • The Register

• Feds wave red flag over Maui ransomware | CSO Online

• Spear Phishing Fake Job Offer Likely Behind Axie Infinity's Lazarus $600m Hack - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors – Iran

• Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' - CyberScoop

• Latest Cyber Attack Against Iran Part of Ongoing Campaign | Threatpost

Vulnerability Management

• Google: Half of zero-day exploits linked to poor software fixes | ZDNet

• Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)

Vulnerabilities

• Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)

• Google Patches Actively Exploited Chrome Bug | Threatpost

• OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs

• Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know – Naked Security (sophos.com)

• Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions - Security Affairs

• Cisco Releases 10 Security Patches For Expressway Series and TelePresence VCS Products - Infosecurity Magazine

• Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)

• Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs

• Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs

• OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)

• Fortinet addressed multiple vulnerabilities in several products - Security Affairs

• There’s a Nasty Security Hole in the Apache Webserver – The New Stack

Sector Specific

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:

• Automotive

• Construction

• Critical National Infrastructure (CNI)

• Defence & Space

• Education & Academia

• Energy & Utilities

• Estate Agencies

• Financial Services

• FinTech

• Food & Agriculture

• Gaming & Gambling

• Government & Public Sector (including Law Enforcement)

• Health/Medical/Pharma

• Hotels & Hospitality

• Insurance

• Legal

• Manufacturing

• Maritime

• Oil, Gas & Mining

• OT, ICS, IIoT, SCADA & Cyber-Physical Systems

• Retail & eCommerce

• Small and Medium Sized Businesses (SMBs)

• Startups

• Telecoms

• Third Sector & Charities

• Transport & Aviation

• Web3

Other News

• These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet

• Rising threats spark scramble for cyber workers | The Hill

• Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)

• Microsoft rolls back plan to block macros by default • Graham Cluley

• Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online

• Security tester says he broke into datacenter via toilets • The Register

• SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online

• Endless cyber-threat pressure could leave security staff burnt out. Here's what you need to change | ZDNet

• Top 7 types of data security technology (techtarget.com)

• Imagination is key to effective data loss prevention - Help Net Security

• The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)

• Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK

• Hacking the Crypto-Monetized Web (trendmicro.com)

• Reflections Of A Former Hacker: How Leaders Can Protect Their Business From Cyber Threats (forbes.com)

• Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)

• Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Why Ransomware Attacks Prefer Small Business Targets Rather Than Rich Enterprises

Enterprise businesses with 25,000 employees+ are less likely to get hit by a ransomware attack than smaller businesses — even though big companies typically can afford to pay higher ransoms, the 2022 CyberEdge Cyberthreat Defense Report concluded.

What explains hackers taking aim at small businesses more frequently than enterprise giants?  The answer: Damaging a critical infrastructure facility or similar disruptions are certain to catch the eye of federal law enforcement, or national governments — something that no hacker wants, CyberEdge said. Smaller to medium-sized firms, as it turns out, get hit more frequently by ransomware attacks, on average at roughly 70 percent, the report said.

Overall, some 71 percent of organisations have been bitten by ransomware in 2022, up a point and a half from last year and by 8.5 points in 2020. It’s companies of 10,000 to 24,999 employees that are the sweet spot for ransomware hackers, nearly 75 percent of which are victimised by cyber extortionists.

The extensive study, which surveyed 1,200 security decision makers and practitioners employed by companies of greater than 500 people in 17 countries across 19 industries, is geared to helping gauge their internal practices and investments against those of their counterparts in other parts of the world.

https://www.msspalert.com/cybersecurity-research/why-ransomware-attacks-prefer-small-business-targets-rather-than-rich-enterprises/

• Ransomware Plagues Finance Sector as Cyber Attacks Get More Complex

Cyber criminals have evolved from hacking wire transfers to targeting market data, as ransomware continues to hit financial firms, says a new VMware report. Here's what to do about it.

Ransomware plagues financial institutions as they face increasingly complex threats over previous years owing to the changing behaviour of cyber criminal cartels, according to VMware's latest Modern Bank Heists report.

This has happened as the cyber crime cartels have evolved beyond wire transfer frauds to target market strategies, take over brokerage accounts, and island-hop into banks, according to the report.

For the report, VMware surveyed 130 financial sector CISOs and security leaders from across different regions including North America, Europe, Asia Pacific, Central and South America, and Africa.

Report findings were consistent with observations by other security experts. "The Secret Service, in its investigative capacity to protect the nation's financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud," says Jeremy Sheridan, former assistant director at the US Secret Service. "The persistent, inadequate security of systems connected to the internet provides opportunity and methodology."

https://www.csoonline.com/article/3657875/ransomware-plagues-finance-sector-as-cyberattacks-get-more-complex.html

• 76% of Organisations Worldwide Expect to Suffer a Cyber Attack This Year

Ransomware, phishing/social engineering, denial of service (DoS) attacks, and the business fallout of a data breach rank as the top concerns of global organisations, a new study shows.

The newly published Cyber Risk Index, a study by Trend Micro and the Ponemon Institute, shows that more than three-quarters of global organisations expect to suffer a cyber attack in the next 12 months — 25% of which say an attack is "very likely."

More than 80% of the 3,400 CISO and IT professionals and managers surveyed say their organisations were hit with one or more successful cyber attacks in the past 12 months, and 35% suffered seven or more attacks, according to the report, which covers the second half of 2021.

https://www.darkreading.com/attacks-breaches/76-of-organizations-worldwide-expect-to-suffer-a-cyberattack-this-year

• Most Email Security Approaches Fail to Block Common Threats

A full 89 percent of organisations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.

On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware.

That’s according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research, which examined concerns with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and preparedness to deal with attacks and incidents.

“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before dangerous threats are triggered by users,” according to the report, released Wednesday.

Less than half of those surveyed said that their organisations can block delivery of email threats. And, correspondingly, less than half of organisations rank their currently deployed email security solutions as effective.

https://threatpost.com/email-security-fail-block-threats/179370/

• Financial Leaders Grappling with More Aggressive and Sophisticated Attack Methods

VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behaviour of cyber criminal cartels and the defensive shift of the financial sector.

The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years past, as sophisticated cyber crime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

In the Modern Bank Heists report, 63% of financial institutions admitted experiencing an increase in destructive attacks, with cyber criminals leveraging this method as a means to burn evidence as part of a counter incident response.

Additionally, 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom. When asked about the nation-state actors behind these attacks, the majority of financial instructions stated that Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace.

https://www.helpnetsecurity.com/2022/04/21/cybercriminal-cartels-financial-sector/

• Hackers Sneak Malware into Resumes Sent to Corporate Hiring Managers

A new set of phishing attacks delivering the ‘more_eggs’ malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponised job offers.

"This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting jobseekers with fake job offers," eSentire's research and reporting lead, Keegan Keplinger, said in a statement.

The Canadian cyber security company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a US-based aerospace company, an accounting business located in the UK, a law firm, and a staffing agency, both based out of Canada.

The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing valuable information and conducting lateral movement across the compromised network.

"More_eggs achieves execution by passing malicious code to legitimate windows processes and letting those windows processes do the work for them," Keplinger said. The goal is to leverage the resumes as a decoy to launch the malware and sidestep detection.

https://thehackernews.com/2022/04/hackers-sneak-moreeggs-malware-into.html

• West Warns of Russian Cyber Attacks as Concerns Rise Over Putin’s Nuclear Rhetoric

Cyber crime groups have publicly pledged support for Russia, western officials worry about Putin’s reliance on nuclear threats and the battle for Mariupol in Ukraine grinds on.

The US and four of its closest allies have warned that “evolving intelligence” shows that Russia is contemplating cyber attacks on countries backing Ukraine, as the Kremlin’s frustration grows at its failure to make military gains.

Vladimir Putin used the launch on Wednesday of a powerful new Sarmat intercontinental ballistic missile (ICBM), capable of carrying ten or more warheads, to make nuclear threats against western countries.

The Sarmat has long been in development and test flights were initially due to start in 2017. The Pentagon confirmed that the US had been given notice of the test and was not alarmed. Western officials are more concerned by the increasing emphasis Moscow puts on its nuclear arsenal as its conventional forces have faltered in Ukraine.

The Ukrainian army continued to put up resistance in the besieged and devastated city of Mariupol, but Putin’s Chechen ally, Ramzan Kadyrov, predicted that the last stand of the port’s defenders at the Azovstal steel works would fall on Thursday.

The Kremlin has made repeated threats against the many countries that have been supplying Ukraine’s army with modern weapons, and members of the “Five Eyes” intelligence sharing network – the US, Britain, Canada, Australia and New Zealand – predicted Moscow could also work with cyber crime groups to launch attacks on governments, institutions and businesses.

https://www.theguardian.com/world/2022/apr/21/west-warns-of-russian-cyber-attacks-as-concerns-rise-over-putins-nuclear-rhetoric

• Criminals Adopting New Methods To Bypass Improved Defences, Says Zscaler

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defences with newer methods, according to researchers with Zscaler's ThreatLabz research team.

Cyber criminals have adapted to multi-factor authentication (MFA), employee security awareness training, and security controls by broadening who and where they will attack.

While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents – exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.

"Phishing attacks continue to remain one of the most prevalent attack vectors, often serving as a starting point for more advanced next stage attacks that may result in a large-scale breach," Deepen Desai, CISO and vice president of security research and operations at Zscaler, told The Register.

https://www.theregister.com/2022/04/20/phishing-attempts-on-rise-zscaler/

• Cyber Criminals Are ‘Drinking the Tears’ of Ukrainians

In biology, when an insect drinks the tears of a large creature, it is called lachryphagy. And in cyberspace, malicious actors are likewise “drinking tears” by exploiting humanitarian concerns about the war in Ukraine for profit. Different forms of deception include tricking people into donating to bogus charities, clicking on Ukraine-themed malicious links and attachments, and even impersonating officials to extort payment for rescuing loved ones.

It is an unfortunate reality that cyber opportunists are engaging in lachryphagy to exploit humanitarian concerns about the war for profit or data collection. To date, one of the largest cryptocurrency scams involving fraudulent Ukrainian relief payments totalled $50 million in March, the Wall Street Journal reports.

Immediately following Russia’s invasion of Ukraine, cybersecurity companies warned the public that criminals were preying on Ukrainian relief fundraising efforts with cryptocurrency scams. Bitdefender Labs reports that cyber criminals have impersonated Ukrainian government entities and charitable organisations such as UNICEF, and the Australian humanitarian agency, Act for Peace. “Some [scammers] are even pretending to be Wladimir Klitschko, whose brother Vitali is mayor of Ukraine’s capital, Kyiv,” according to the BBC.

https://thehill.com/opinion/cybersecurity/3273636-cyber-criminals-are-drinking-the-tears-of-ukrainians/?rl=1

• Hackers For Hire Attempt to Destroy Hedge Fund Manager's Reputation

Hackers bombarded a British hedge fund manager with 3,000 emails and fake news stories about his mortgage in an effort to destroy his reputation after being hired by a corporate rival.

Criminals even sought to gain personal information about Matthew Earl by pretending to be his sister in a three-year campaign when he raised concerns over the controversial German payments company Wirecard.

Mr Earl, a former City analyst who runs the hedge fund ShadowFall, said he was targeted by a group called Dark Basin.

This group has been linked to Aviram Azari, who this week pleaded guilty in New York to a conspiracy to target journalists and critics of Wirecard using phishing emails.

Mr Earl said the hacking attempts started in 2016 after ShadowFall, nicknamed the “dark destroyer” in the City, criticised the financial performance of Wirecard. The German company was later mired in a series of accounting scandals and went bust.

He said: “I was being sent very targeted emails, which were crafted with personal information about my interests, friends and family’s details. They were very specific.”

Mr Earl received news stories that appeared to be from media outlets such as Reuters and Bloomberg. Another email appeared to be sent by his sister, sharing family photographs, he added.

https://www.telegraph.co.uk/business/2022/04/21/reign-terror-hackers-hire-ramp-corporate-espionage/

• New Threat Groups and Malware Families Emerging

Mandiant announced the findings of an annual report that provides timely data and insights based on frontline investigations and remediations of high-impact cyber attacks worldwide. The 2022 report––which tracks investigation metrics between October 1, 2020 and December 31, 2021—reveals over 1,100 new threat groups and 733 new malware families.

The report also notes a realignment and retooling of China cyber espionage operations to align with the implementation of China’s 14th Five-Year Plan in 2021. The report warns that the national-level priorities included in the plan “signal an upcoming increase in China-nexus actors conducting intrusion attempts against intellectual property or other strategically important economic concerns, as well as defence industry products and other dual-use technologies over the next few years.”

https://www.helpnetsecurity.com/2022/04/22/adversaries-innovating-and-adapting/

Economic Warfare: Attacks on Critical Infrastructure Part of Geopolitical Conflict

We’ve known for years that since at least March of 2016, Russian government threat actors have been targeting multiple U.S. critical infrastructure sectors including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. The Department of Homeland Security (DHS), the Federal Bureau of Investigations (FBI), and other agencies have acknowledged this for quite some time in many of their technical alerts and statements.

In the intervening years, with the acceleration of digital transformation, cyber criminals and nation-state actors have increasingly set their sights on these sectors. The convergence of physical and digital assets brings competitive advantage but also inevitable risks. Attacks against hospitals, oil pipelines, food supply chains, and other critical infrastructure, have brought into sharp focus the vulnerability of cyber-physical systems (CPS) and the impact on lives and livelihoods when they are disrupted. Now, overwhelming signs indicate critical infrastructure companies are in the bullseye of geopolitical conflict.

https://www.securityweek.com/economic-warfare-attacks-critical-infrastructure-part-geopolitical-conflict

Threats

Ransomware

• How Ready Are Organisations to Manage and Recover From A Ransomware Attack? - Help Net Security

• FBI: BlackCat Ransomware Breached At Least 60 Entities Worldwide (bleepingcomputer.com)

• Ransomware: This Gang Is Getting a Lot Quicker at Encrypting Networks | ZDNet

• Hive Hackers Are Exploiting Microsoft Exchange Servers in Ransomware Spree | ZDNet

• REvil's TOR Sites Come Alive to Redirect To New Ransomware Operation (bleepingcomputer.com)

• PYSA Ransomware Attacks: Here's What MSSPs Need to Know - MSSP Alert

• An Investigation of the BlackCat Ransomware via Trend Micro Vision One

• REvil Resurrected? Ransomware Crew Appears to Be Back • The Register

• FBI Warning: Ransomware Gangs Are Going After This Lucrative but Unexpected Target | ZDNet

Phishing & Email Based Attacks

• LinkedIn Brand Takes Lead as Most Impersonated In Phishing Attacks (bleepingcomputer.com)

• FBI Warns of 'Reverse' Instant Payments Phishing Schemes | SecurityWeek.Com

• Spreading Malware Through Community Phishing - Help Net Security

Malware

• Windows Malware Can Steal Social Media Credentials and Banking Logins (komando.com)

• Emotet Botnet Switches to 64-bit Modules, Increases Activity (bleepingcomputer.com)

• New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar (thehackernews.com)

• Emotet Reestablishes Itself at The Top Of The Malware World • The Register

Mobile

• Millions of Android Users at Risk Of Attack After Widespread Security Issue Uncovered | TechRadar

BYOD

• 60% of Companies using BYOD Face Serious Security Risks - Help Net Security

IoT

• How to Secure Smart Home (IOT) Devices | Reviews by Wirecutter (nytimes.com)

• New Stealthy BotenaGo Malware Variant Targets DVR Devices (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Hackers Are Seeking Alternative Money-Laundering Options (bleepingcomputer.com)

• How Russia Is Isolating Its Own Cyber Criminals (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Hammer SpringShell Vulnerability In Attempt To Install Cryptominers | Ars Technica

• Beanstalk DeFi Platform Loses $182 Million In Flash-Loan Attack (bleepingcomputer.com)

• Yet Another Phishing Attack? Terra Users Lose $4.3 Million, According To Security Firm (watcher.guru)

• Hackers Steal $655K After Picking MetaMask Seed from iCloud Backup (bleepingcomputer.com)

• LemonDuck Botnet Plunders Docker Cloud Instances in Cryptocurrency Crime Wave | ZDNet

Fraud, Scams & Financial Crime

• Security Lessons From a Payment Fraud Attack (darkreading.com)

• Scammers Snatch Up Expired Domains, Vexing Google | TechCrunch

Insurance

• Cyber Insurance and the Changing Global Risk Environment - Security Affairs

Dark Web

• Experts Spotted Industrial Spy, A New Stolen Data Marketplace - Security Affairs

Supply Chain and Third Parties

• Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now (darkreading.com)

• More Than Half of Initial Infections in Cyber Attacks Come Via Exploits, Supply Chain Compromises (darkreading.com)

Cloud

• IT Leaders Require Deeper Security Insights to Confidently Manage Multi-Cloud Workloads - Help Net Security

• Rethinking Cyber-Defence Strategies in the Public-Cloud Age | Threatpost

• Cyber Criminals Are Shifting Their Gaze To Kubernetes - Information Security Buzz

Passwords & Credential Stuffing

• What Is Peppering in Password Security and How Does It Work? (makeuseof.com)

Digital Transformation

• The Price of An Accelerated Digital Transformation - Help Net Security

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Moving Towards Defence in Depth Under The Grey Skies Of Conflict - Help Net Security

• Locked Shields ‘Live Fire’ Cyber Drills to be Held as War in Ukraine Continues - Bloomberg

• Russian-Linked Shuckworm Crew Ups Attacks on Ukraine • The Register

• Russian Gamaredon APT Continues to Target Ukraine - Security Affairs

• Phishing Attacks Using the Topic "Azovstal" Targets Entities in Ukraine - Security Affairs

• Hackers Claim to Target Russia with Cyber Attacks and Leaks - The New York Times (nytimes.com)

• The Anonymous Collective Hacked Other Russian Organisations - Security Affairs

• Spyware Was Used Against Catalan Targets and UK Prime Minister and Foreign Office | CSO Online

• Stalkerware Detection Trends: Monitor and Spyware Findings - MSSP Alert

• Catalan Chief Accuses Spain's Intelligence Agency of Hacking | SecurityWeek.Com

• Anomaly 6 Tracked NSA and CIA Spies as Product Demo: Report (gizmodo.com)

Nation State Actors

Nation State Actors – Russia

• Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure (thehackernews.com)

• NATO Locked Shields War Games Prep for Real Russian Cyber Attack (gizmodo.com)

• The Russian Cyber Threat Is Here to Stay and NATO Needs To Understand It | Fox News

• A Russian Cyber Attack Is Coming —Lawmakers and Citizens Must Prepare | The Hill

• US Officials Increase Warnings About Russian Cyber-Attacks - Infosecurity Magazine

• Work From Home Software 'At Risk of Russian Cyber Attacks' (telegraph.co.uk)

• US Officials Preparing for Potential Russian Cyber Attacks - CBS News

• After Foiled Sandworm Attack, US Critical Infrastructure Should Stand Guard | CSO Online

Nation State Actors – China

• Chinese Hackers Behind Most Zero-Day Exploits During 2021 (bleepingcomputer.com)

Nation State Actors – North Korea

• North Korea Funds Nuclear Program with Cyber Crime- IT Security Guru

• North Korea Aims 'TraderTraitor' Malware at Cryptocurrency Workers (cyberscoop.com)

• Blockchain Companies Warned of North Korean Hackers - IT Security Guru

Nation State Actors – Misc

• State Actors Drive Record Number of Zero-Day Exploits in 2021 - Infosecurity Magazine

Vulnerability Management

• Vulnerabilities That Kept Security Leaders Busy in Q1 2022 - Help Net Security

• How Fast Do Cyber Criminals Capitalize on New Security Weaknesses? - Help Net Security

• Zero-Day Exploit Use Exploded in 2021 (darkreading.com)

Vulnerabilities

• VMware, Chrome Flaws Added to Known Exploited Vulnerabilities Catalogue - Security Affairs

• Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild (thehackernews.com)

• Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA (thehackernews.com)

• Time to get patching: Oracle's quarterly Critical Patch Update arrives with 520 fixes | ZDNet

• 7-Zip Zero-Day Vulnerability Grants Privilege Escalation | TechSpot

• When “Secure” Isn’t Secure at All: High‑Impact UEFI Vulnerabilities Discovered in Lenovo Consumer Laptops | WeLiveSecurity

• QNAP Warns of New Bugs in Its Network Attached Storage Devices – Naked Security (sophos.com)

• Cisco Umbrella Default SSH Key Allows Theft of Admin Credentials (bleepingcomputer.com)

• Researcher Releases PoC for Recent Java Cryptographic Vulnerability (thehackernews.com)

• Critical Cryptographic Java Security Blunder Patched – Update Now! – Naked Security (sophos.com)

• Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability (thehackernews.com)

• Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails (thehackernews.com)

• Zero-Day Exploits Found And Disclosed Hit A Record High In 2021, Google Project Zero says - CyberScoop

Sector Specific

Financial Services Sector

• Modern Bank Heists 5.0: The Escalation from Dwell to Destruction (vmware.com)

• Two-Thirds of Global Banks Witness Surge in Destructive Attacks - Infosecurity Magazine

FinTech

• Ransomware in Fintech: Cyber Criminals Adopt New Means as Theft Gives Way To Sabotage - Help Net Security

Health/Medical/Pharma Sector

• The New Cyberthreat To Healthcare: Killware - Information Security Buzz

• Many Medical Device Makers Skimp on Security Practices (darkreading.com)

Transport and Aviation

• Cyber-Attackers Hit Sunwing Airlines - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

• Modern Bank Heist 5.0 (vmware.com)

• 3 Key Takeaways from the 2022 ConnectWise MSP Threat Report - MSSP Alert

• Discover The Anatomy of An External Cyber Attack Surface With New RiskIQ Report - Microsoft Security Blog

Other News

• Why Companies Should Make ERP Security a Top Priority (techtarget.com)

• The Evolving Role of The Lawyer in Cyber Security - Help Net Security

• Cyber Security Litigation Risks: 4 Top Concerns for CISOs | CSO Online

• Ponemon Research - Businesses to Invest $172b On Cyber Security In 2022 - Information Security Buzz

• T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code (thehackernews.com)

• Funkypigeon.com Suspends Orders After 'Cyber Security Incident' | Business News | Sky News

• The SEC Is About To Force CISOs Into America’s Boardrooms (forbes.com)

• Data Breaches, Ransomware Attacks Leave Security Teams “Exhausted” - MSSP Alert

• When Attacks Surge, Turn to Data to Strengthen Detection and Response | SecurityWeek.Com

• What Can Someone Do with Your IP Address? (makeuseof.com)

• Attacker Accessed Dozens of Repositories After OAuth Token Theft - Information Security Buzz

• 7 Best Practices for Web3 Security Risk Mitigation (techtarget.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.