Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 26 January 2024
Black Arrow Cyber Threat Intelligence Briefing 26 January 2024:
-Russian Hackers' Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call
-94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures
-Cyber Risks Needs to be Prioritised as a Key Business Risk Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda
-81% of Security Professionals Say Phishing Is Top Threat
-Ransomware Attacks Cause Significant Psychological Harm
-Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password
-NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime
-Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk
-Historic Data Leak Reveals 26 billion Records: Check What is Exposed
-Boardroom Cyber Expertise Comes Under Scrutiny
-“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules
-Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%
Black Arrow Cyber Threat Briefing 26 January 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call
Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.
Sources: [Help Net Security] [Security Boulevard]
94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures
A recent study found that while 94% of CISOs are concerned with third-party cyber security threats, including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.
Sources: [Dark Reading]
Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda
The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.
Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]
81% of Security Professionals Say Phishing Is Top Threat
A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.
Sources: [ITPro] [Beta News] [Security Magazine]
Ransomware Attacks Cause Significant Psychological Harm
One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.
Sources: [The Record Media] [TechRadar]
Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password
A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.
Sources: [ITPro] [Business Wire] [Security Magazine]
NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime
An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.
Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]
Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk
Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.
One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations; in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.
Sources: [ITPro] [Help Net Security] [ITPro]
Historic Data Leak Reveals 26 billion Records: Check What is Exposed
In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com
Source: [Security Affairs]
Boardroom Cyber Expertise Comes Under Scrutiny
Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.
Source: [Security Intelligence]
“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules
The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.
These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.
Source: [The Currency]
Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%
In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.
Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]
Governance, Risk and Compliance
Treat cyber risk like financial or legal issue, says UK government | Computer Weekly
Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)
Organisations face devastating financial consequences from cyber attacks (betanews.com)
Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire
The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)
Boardroom cyber expertise comes under scrutiny (securityintelligence.com)
Resilience: The New Priority for Your Security Model (inforisktoday.com)
10 must-have security tips for digital nomads | Computerworld
CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)
Why cyber attacks mustn’t be kept secret - Help Net Security
Business continuity vs. disaster recovery vs. incident response | TechTarget
Why resilience leaders must prepare for polycrises - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)
UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)
Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News
UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar
Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)
Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)
Organisations invest more in data protection but recover less - Help Net Security
Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)
Hackers target TeamViewer to try and get access to your company's network | TechRadar
Ransomware Victims
Major US, UK Water Companies Hit by Ransomware - SecurityWeek
Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg
Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)
Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)
LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)
loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)
Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek
Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)
Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)
Cyber attack in Merseyside as 'immediate steps taken' (msn.com)
Phishing & Email Based Attacks
81 percent of security pros say phishing is the top threat (betanews.com)
Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)
Organisations need to switch gears in their approach to email security - Help Net Security
HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek
Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security
Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra
Trezor reveals 66,000 users could face phishing attack (coinjournal.net)
PHP-less phishing kits that can run on any website | Netcraft
New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire
Artificial Intelligence
AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger
The near-term impact of AI on the cyber threat - NCSC.GOV.UK
NCSC: AI to boost nation-states’ malware potency • The Register
Battling Misinformation During Election Season (darkreading.com)
Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)
AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)
Researchers Map AI Threat Landscape, Risks (darkreading.com)
The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard
Malware
NCSC: AI to boost nation-states’ malware potency • The Register
MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)
'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)
Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)
Mobile
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)
iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)
New method to safeguard against mobile account takeovers - Help Net Security
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)
Data of 15 million Trello users scraped and offered for sale - Help Net Security
Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)
BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)
Healthtech firm's cyber attack victim list keeps growing - Digital Journal
VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek
Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)
loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)
Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)
The growing threat of data breaches in the age of AI and data privacy | TechRadar
23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)
Organised Crime & Criminal Actors
Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’
Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471
'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)
Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US regulator admits cyber security lapse before rogue Bitcoin post - BBC News
Trezor reveals 66,000 users could face phishing attack (coinjournal.net)
Insider Risk and Insider Threats
Majority of companies not prepared for insider threats (betanews.com)
Fighting insider threats is tricky but essential work - Help Net Security
Insurance
Supply Chain and Third Parties
From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)
Supply chain security: Responding to emerging cyber threats (techuk.org)
CISOs' role in identifying tech components and managing supply chains - Help Net Security
Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)
Cloud/SaaS
On premises vs. cloud pros and cons, key differences | TechTarget
The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)
Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)
88% of organisations use passwords as primary authentication method | Security Magazine
The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro
Social Media
Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)
Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
Malvertising
Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED
Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED
Regulations, Fines and Legislation
Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
US regulator admits cyber security lapse before rogue Bitcoin post - BBC News
Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)
Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek
Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop
Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek
The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Russia
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)
HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek
Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)
Massive cyber attack targets Ukrainian online bank (kyivindependent.com)
Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)
Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News
Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)
Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)
Iran
North Korea
Vulnerability Management
45% of critical CVEs left unpatched in 2023 - Help Net Security
Patch management: Why firms ignore vulnerabilities at their own risk | ITPro
What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard
Security vendors are accused of bending CVE assignment rules • The Register
German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)
The effect of omission bias on vulnerability management - Help Net Security
52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)
Vulnerabilities
Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)
CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)
Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)
Chrome 121 ships with security updates and new AI tools - gHacks Tech News
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)
Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek
Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)
High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek
Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)
Security vendors are accused of bending CVE assignment rules • The Register
Mozilla Releases Security Updates for Thunderbird and Firefox | CISA
5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)
Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)
Tools and Controls
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Resilience: The New Priority for Your Security Model (inforisktoday.com)
With so much data at hand, should cyber defences be more effective? | TechRadar
How to Shine in Your Next Cyber Security Audit - Security Boulevard
AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)
Business continuity vs. disaster recovery vs. incident response | TechTarget
Why resilience leaders must prepare for polycrises - Help Net Security
Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)
German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)
The 9 best incident response metrics and how to use them | TechTarget
The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard
We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA
Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)
Emerging trends and strategies in digital forensics - Help Net Security
Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard
Reports Published in the Last Week
Other News
With so much data at hand, should cyber defences be more effective? | TechRadar
Threat actors are exploiting web applications - Security Boulevard
Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru
Cyber Security Challenges at the World Economic Forum (govtech.com)
The Threat Landscape Is Always Changing: What to Expect in 2024 | Proofpoint US
What is Lateral Movement in Cyber Security? - Security Boulevard
Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon
US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine
US continues to be leading cyber threat target | SC Media (scmagazine.com)
Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)
Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 April 2022
Black Arrow Cyber Threat Briefing 29 April 2022
-Ransomware Attacks Surged to New Highs in 2021
-NCSC and Allies Publish Advisory on The Most Commonly Exploited Vulnerabilities In 2021
-Network Attacks Increased to a 3-Year High
-World War Three Is Far More Likely Than Anyone Is Prepared to Admit
-The Ransomware Crisis Deepens, While Data Recovery Stalls
-Ransoms Only Make Up 15% of Ransomware Costs
-Defending Your Business Against Russian Cyber Warfare
-5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable
-Cisco Talos Observes 'Novel Increase' in APT Activity in Q1
-Deepfakes Set to Be Used in Organised Crime
-Smart Contract Developers Not Really Focused on Security. Who Knew?
-Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Attacks Surged to New Highs in 2021
Ransomware attacks are getting more frequent, more successful and more expensive.
Sixty-six percent of the organisations surveyed by Sophos for its annual State of Ransomware report admitted that they were hit with a ransomware attack last year, up from 37% in 2020. And 65 percent of those attacks were successful in encrypting their victims' data, up from 54 percent the year before.
On top of that, the average ransom paid by organisations for their most significant ransomware attack grew by nearly five times, to just over $800,000, while the number of organisations that paid ransoms of $1 million or more tripled to 11%, the UK-based cybersecurity company said. For its annual report, Sophos surveyed 5,600 organisations from 31 countries. A total of 965 of those polled shared details of their ransomware attacks.
The numbers aren't a huge surprise after a year of epic ransomware attacks that shut down everything from a major oil pipeline to one of the largest meat processors in the US. While both Colonial Pipeline and JBS US Holdings paid millions in ransom, the attacks paused their operations long enough to spark panic buying and drive prices up for consumers.
NCSC and Allies Publish Advisory on The Most Commonly Exploited Vulnerabilities In 2021
The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.
The National Cyber Security Centre (NCSC), a part of GCHQ, has jointly published an advisory with agencies in the US, Australia, Canada and New Zealand, showing that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sectors worldwide.
Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers.
It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.
The advisory directs organisations to follow specific mitigation advice to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software no longer supported by the vendor.
Network Attacks Increased to a 3-Year High
WatchGuard Technologies’ Internet Security Report for Q4 2021 revealed all threats were up, whether they’re network attacks or malware.
When the pandemic started, their research team saw a big drop in malware being detected by network security devices. In this period, tech based jobs moved to remote work, which meant a lot of users were no longer browsing the internet and encountering bad things through the network security control at the office. That’s probably why network detection for malware dropped quite a bit at the beginning of the pandemic.
Meanwhile, network attacks continued to rise even through the pandemic, since the servers still lived at the offices and the cloud, and network security still protected those.
The big takeaway in Q4 2021 is that malware rose significantly, returning to normal levels. The reason might be the holiday season, but it’s most probably the fact that, at the end of last year, a lot of tech-based offices started reopening and offering employees to come back in, and thus there’s a bigger chance for network security controls to catch malware.
https://www.helpnetsecurity.com/2022/04/25/network-attacks-q4-2021-video/
World War Three Is Far More Likely Than Anyone Is Prepared to Admit
A Telegraph article looks at the Russia-Ukraine conflict and considers risks posed by new weapons and how the West’s failure to understand our enemies are raising the chances of a horrific conflict.
The fact is the world is becoming more, rather than less, dangerous: there are plenty of other wannabe Putins, and they are better equipped to sow death and destruction. Not only traditional and nuclear threats but bioterrorism is a growing worry and a major cyber attack or assault on transatlantic cables could be so devastating to an internet-based economy as to be seen as a declaration of war.
https://www.telegraph.co.uk/news/2022/04/27/world-war-three-far-likely-anyone-prepared-admit/
The Ransomware Crisis Deepens, While Data Recovery Stalls
Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.
When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up or paying ransom demands, less data was recovered in 2021 compared with the previous year.
For instance, in its "State of Ransomware 2022" report, cybersecurity firm Sophos found that 66% of surveyed companies had encountered ransomware in 2021, with two-thirds of those firms — or 43% overall — suffering from an actual attack that encrypted data. In its previous report covering 2020, the frequency of successful attacks was much smaller, with about 20% overall resulting in encryption.
The deteriorating cyberthreat landscape is largely due to the evolution of ransomware groups and their techniques, says Sean Gallagher, senior threat researcher with Sophos.
"Over the past couple of years, there has been a massive transition from ransomware to ransomware-as-a-service," he says. "There are very well-established [groups] that are doing these attacks, and as a result, the number of attacks companies are seeing has gone up."
Ransomware continues to plague companies with business-disrupting attacks and defy efforts by cybersecurity experts to rein in the operators behind the criminals’ campaigns. Not only did the portion of companies affected by ransomware more than double last year, but the mean ransomware payment more than quadrupled to $812,000, according to the Sophos report.
https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls
Ransoms Only Make Up 15% of Ransomware Costs
New research suggests that paying ransoms is only the tip of the cost iceberg when it comes to ransomware attacks.
Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors.
The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption.
Ransomware attacks are an increasingly popular attack method, typically involving stealing data from the victim, encrypting data and forcing them to pay for decryption and avoiding a data leak.
Check Point said in the report:
“Most other losses, including response and restoration costs, legal fees, monitoring costs, etc., are applied whether the extortion demand was paid or not. The year 2020 showed that the average total cost of a ransomware attack was more than seven times higher than the average ransom paid.”
https://www.itsecurityguru.org/2022/04/28/ransoms-only-make-up-15-of-ransomware-costs/
Defending Your Business Against Russian Cyber Warfare
We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine.
The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyber attacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place.
The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organisations to prepare and implement more robust defences. These defences include actions both inside and outside an enterprise's perimeter.
https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare
5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable
What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.
Cyber crime can cause major disruption when it comes to the sustainability and long-term success of companies. Teams want to have robust security but often struggle to meet that objective. It's crucial for security professionals to leverage insights into emerging trends in cybersecurity to pinpoint which vulnerabilities put organisations at the greatest risk, and Cobalt's "State of Pentesting" reports explore how to achieve efficiency to strengthen security.
The "State of Pentesting 2022" surveyed 602 cybersecurity and software development professionals and analysed data from 2,380 pentests conducted over the course of 2021 to pull key insights that are relevant to security and development teams when it comes to fixing vulnerabilities.
As a result of the data collected, the top five most common vulnerability categories outlined in this year's "State of Pentesting" report include:
· Server Security Misconfigurations
· Cross-Site Scripting (XSS)
· Broken Access Control
· Sensitive Data Exposure
· Authentication and Sessions
Surprisingly — yet predictably — these vulnerability categories have stayed at the top of the list for at least the last five years in a row. They're also recognisable to those who are familiar with OWASP Top 10 list for Web Application Security Risks.
The majority of these findings are connected to missing configurations, outdated software, and a lack of access management controls — all common and easily preventable security flaws. So, what's holding companies back from preventing well-known security flaws? Why does this come as a surprise?
Cisco Talos Observes 'Novel Increase' in APT Activity in Q1
Advanced persistent threat actors have been busy over the past few months, according to Cisco Talos.
The security vendor released its Quarterly Trends report, which examined incident response trends from engagements in the first quarter of 2022. While ransomware remained the top threat, as it has for the past two years now, Cisco observed a new trend of increased APT activity. The Cisco Talos Incident Response (CTIR) team attributed some of the increase to groups like Iranian state-sponsored Muddywater and China-based Mustang Panda.
One suspected Chinese APT, dubbed "Deep Panda," was connected to exploitation of the Log4j flaw that was discovered last year in the widely used Java logging tool. Log4j exploitation was the second most common threat for Q1 behind ransomware, indicating the bug is a growing threat despite a patch being available.
Deepfakes Set to Be Used in Organised Crime
New research from Europol suggests that deepfakes will be used extensively in organised crime operations.
Europol has warned of a projected rise in the use of deepfake technology by organised crime organisations.
Deepfakes involve the use of artificial intelligence to create realistic audio and audio-visual content “that convincingly shows people saying or doing things they never did, or create personas that never existed in the first place.”
Law enforcement and the challenge of deepfakes is the first published analysis of the Europol Innovation Lab’s Observatory function, warning that law enforcement agencies must rapidly improve skills and technologies utilised by officers in order to keep up with criminal deepfake use.
The analysis report highlighted how deepfakes are used primarily in disinformation, non-consensual pornography and document fraud campaigns, which will grow more realistic in years to come.
https://www.itsecurityguru.org/2022/04/29/deepfakes-set-to-be-used-in-organised-crime/
Smart Contract Developers Not Really Focused on Security. Who Knew?
"Smart contracts," which consist of self-executing code on a blockchain, are not nearly as smart as the label suggests.
They are at least as error-prone as any other software, where historically the error rate has been about one bug per hundred lines of code.
And they may be shoddier still due to disinterest in security among smart contract developers, and perhaps inadequate technical resources.
Multi-million dollar losses attributed to smart contract bugs – around $31m stolen from MonoX via smart contract exploit and ~$34m locked into a contract forever due to bad increment math, to name a few – illustrate the consequences.
https://www.theregister.com/2022/04/26/smart_contract_losses/
Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
We’ve been predicting this for a while now and the move to more and more connected systems, autonomous and semi-autonomous vehicles, how long until someone is subject to threats to disconnect a vehicle’s brakes as they are driving along a motorway? Who wouldn’t pay the ransom demand in that scenario?
A report this week is related to articulated lorries but this is something that will be affecting all vehicles unless safeguards are put in place.
Researchers have analysed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks.
The research was conducted by the US National Motor Freight Traffic Association (NMFTA), which is a non-profit organisation that represents roughly 500 motor freight carriers, in collaboration with Assured Information Security, Inc.
NMFTA has been analysing the cyber security of heavy vehicles since 2015 and it has periodically disclosed its findings. The latest report from the organisation came in early March, when the US Cybersecurity and Infrastructure Security Agency (CISA) also issued an advisory to describe two vulnerabilities affecting trailer brake controllers.
The flaws described in the CISA advisory are related to the power line communications (PLC) between tractors and trailers, specifically the PLC4TRUCKS technology, which uses a standard named J2497 for bidirectional communications between the tractor and trailer without adding new wires.
https://www.securityweek.com/tractor-trailer-brake-controllers-vulnerable-remote-hacker-attacks
Threats
Ransomware
Prevent HEAT Attacks to Foil Ransomware Incidents - Help Net Security
Conti Ransomware Operations Surge Despite Recent Leak - Security Affairs
Beware: Onyx Ransomware Destroys Files Instead of Encrypting Them (bleepingcomputer.com)
FBI says BlackCat Rust-Based Ransomware Scratched 60+ Orgs • The Register
REvil Ransomware Attacks Resume, But Operators Are Unknown (techtarget.com)
Fake Windows 10 Updates Infect You with Magniber Ransomware (bleepingcomputer.com)
New Black Basta Ransomware Springs into Action with A Dozen Breaches (bleepingcomputer.com)
Companies Can't Get Enough of Good Ol' Tape Storage For Ransomware Resistance | PC Gamer
Phishing & Email Based Attacks
Phishing Goes KISS: Don’t Let Plain and Simple Messages Catch You Out! – Naked Security (sophos.com)
Phishing Attacks Benefiting from Shady SEO Practices (techtarget.com)
Malware
Emotet Malware Now Installs Via Powershell in Windows Shortcut Files (bleepingcomputer.com)
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer (thehackernews.com)
Emotet Tests New Attack Techniques: Sign of Things to Come? | CSO Online
Cyber Criminals Using New Malware Loader 'Bumblebee' in the Wild (thehackernews.com)
New Powerful Prynt Stealer Malware Sells for Just $100 Per Month (bleepingcomputer.com)
Mobile
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Scammers Are Copying News Sites To Push Elon Musk-themed Crypto Scams - Information Security Buzz
Why Did Hackers Target DeFi L1, L2 Solutions for a $1.2 Billion Theft in 2022? (watcher.guru)
Intuit Sued Over Phishing Attack Targeting Trezor Crypto Wallet Users - Decrypt
Crypto Trading Fund Partners Accused of Fraud - Infosecurity Magazine
LemonDuck Botnet Evades Detection in Cryptomining Attacks (techtarget.com)
Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen (vice.com)
Insider Risk and Insider Threats
AML/CFT
Two More Indicted Over North Korean Sanctions Evasion Plot - Infosecurity Magazine
FCA: Challenger Banks Failing to Spot Money Launderers - Infosecurity Magazine
Denial of Service DoS/DDoS
Cloudflare Stomps On 15.3 Million Requests Per Second DDoS • The Register
How a New Generation of IoT Botnets Is Amplifying DDoS Attacks | CSO Online
DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert
Cloud
Is Cloud Critical Infrastructure? Prep Now for Provider Outages (techtarget.com)
Shadow IT Is A Top Concern Related To SaaS Adoption - Help Net Security
Travel
Parental Controls and Child Safety
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Data-Wiper Malware Strains Surge Amid Ukraine Invasion • The Register
Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (thehackernews.com)
Cyber Attacks Rage in Ukraine, Support Military Operations | Threatpost
Ongoing DDoS Attacks from Compromised Sites Hit Ukraine - Security Affairs
Anonymous Hacked Russian PSCB Commercial Bank and Energy Firms - Security Affairs
Russia-Linked Threat Actors Launched Hundreds of Cyber Attacks on Ukraine - Security Affairs
Russian Hacktivists Launch DDoS Attacks on Romanian Govt Sites (bleepingcomputer.com)
Cyber Espionage APT Now Identified as Three Separate Actors | Threatpost
Nation State Actors
Nation State Actors – Russia
Microsoft Documents Over 200 Cyber Attacks by Russia Against Ukraine (thehackernews.com)
Russian Govt Impersonators Target Telcos in Phishing Attacks (bleepingcomputer.com)
The Subject of Trusting ‘Russian’ Applications - Information Security Buzz
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerabilities
CISA Adds 7 Vulnerabilities to List Of Bugs Exploited In Attacks (bleepingcomputer.com)
Cisco Patches 11 High-Severity Vulnerabilities in Security Products | SecurityWeek.Com
Update Now! Critical Patches for Chrome and Edge | Malwarebytes Labs
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL (darkreading.com)
Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (thehackernews.com)
Millions of Java Apps Remain Vulnerable to Log4Shell | Threatpost
Organisations Warned of Attacks Exploiting WSO2 Vulnerability | SecurityWeek.Com
Vulnerability Found in WordPress Anti-Malware Firewall (searchenginejournal.com)
Sector Specific
Financial Services Sector
Government
Governments Under Attack Must Think Defensively - Help Net Security
Data Breach Disrupts UK Army Recruitment - Infosecurity Magazine
Health/Medical/Pharma Sector
French Hospital Group Disconnects Internet After Hackers Steal Data (bleepingcomputer.com)
Medical Software Firm Fined €1.5M for Leaking Data of 490k Patients (bleepingcomputer.com)
DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert
Smile Brands Breach Impacts 2.5 Million Individuals - Infosecurity Magazine
CNI, OT, ICS, IIoT and SCADA
Education and Academia
Gaming/Gambling
Other News
SolarWinds Breach Lawsuits: 6 Takeaways for CISOs | CSO Online
41% Of Businesses Had an API Security Incident Last Year - Help Net Security
Security Leaders Relying More Heavily on MSPs Amid Talent Crunch - Help Net Security
2022 Security Priorities: Staffing and Remote Work (darkreading.com)
GitHub: How Stolen OAuth Tokens Helped Breach Dozens of Orgs (bleepingcomputer.com)
Why Companies Should Focus on Preventing Privilege Escalation (techtarget.com)
German Wind Turbine Firm Hit by 'Targeted, Professional Cyber Attack' | SecurityWeek.Com
308,000 Exposed Databases Discovered, Proper Management Is Key - Help Net Security
Lapsus$ targeting SharePoint, VPNs and virtual machines (techtarget.com)
Top Five Post-Pandemic Priorities for Cyber Security Leaders - Help Net Security
Security Spending Set to Hit $198bn by 2025 - Infosecurity Magazine
Companies Poorly Prepared to Meet CCPA, CPRA and GDPR Compliance Requirements - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.