Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]

Governance, Risk and Compliance

• Cyber Insecurity: Report Finds Majority of Enterprises Expect an Imminent Cyber Attack (prnewswire.com)

• Cyber Crime Costs Soar to $8 Trillion, Spotlighting the Critical Need for Cyber security Experts (globenewswire.com)

• Many cyber bosses just aren't confident in their company's defences | TechRadar

• SMBs seek help as cyber threats reach an all-time high - Help Net Security

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• The real impact of the cyber security poverty line on small organisations - Help Net Security

• Cyber security investments show mature business mindset, says IT expert | Insider Media

• Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud

• The best time to deal with cyber attacks is before they happen (thetimes.co.uk)

• ‘A matter of when not if’: Why is it crucial for businesses to protect themselves from cyber attacks? | Euronews

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Over 70% of firms hit by cyber attack in last 12 months (rte.ie)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• Getting ready for NIS2 with strong identity controls | ITPro

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• 10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News

• How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• The Need for a Cyber security-Centric Business Culture (darkreading.com)

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine

• Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)

• Keeping control in complex regulatory environments - Help Net Security

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• 7 risk mitigation strategies to protect business operations | TechTarget

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

• Regulations are still necessary to compel adoption of cyber security measures | ZDNET

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Ready For Cyber Readiness - Any Time Now (forbes.com)

• CISOs and board members are finding a common language - Help Net Security

• IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)

• When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)

• 18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Cyber Insecurity, AI and the Rise of the CISO | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)

• Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)

• Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)

• Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)

• CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)

• What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon

• Healthcare Sector Warned About New Ransomware Group NoEscape - Infosecurity Magazine (infosecurity-magazine.com)

• New trend in ransomware: Anonymity (betanews.com)

• 63% of organisations restore data after a ransomware attack | Security Magazine

• Hacker Group GhostSec Unveils New Generation Ransomware Implant - Infosecurity Magazine (infosecurity-magazine.com)

• Black Basta ransomware is out and about, again. (thecyberwire.com)

• Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• Scammers are targeting plastic surgery clinics with extortion scams | TechRadar

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Ransomware Victims

• Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)

• Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)

• KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV (databreaches.net)

Phishing & Email Based Attacks

• More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)

• Make sure that email from HR is legit - it could be another phishing scam | TechRadar

• Human resources emails remain top phishing targets - SiliconANGLE

• CISA, NSA, FBI publish phishing guidance | TechTarget

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing: What’s in a Name? | CISA

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

Artificial Intelligence

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• AI Adoption Surges But Security Awareness Lags Behind - Infosecurity Magazine (infosecurity-magazine.com)

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)

• AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Research: GPT-4 Jailbreak Easily Defeats Safety Guardrails

• Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

2FA/MFA

• Google Authenticator synchronization raises MFA concerns | TechTarget

Malware

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• Valve upgrades Steam's security after several games are hacked and filled with malware | Rock Paper Shotgun

• DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)

• Researchers warn of increased malware delivery via fake browser updates - Help Net Security

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Beware - that Google Chrome update alert might actually just be malware | TechRadar

Mobile

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)

• The top 9 mobile security threats and how you can avoid them | ZDNET

• Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld

• Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS Attacks in 2024: Distributed DoS Explained | Splunk

Internet of Things – IoT

• Inadequate IoT protection can be a costly mistake - Help Net Security

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Logistics Matters - Alert: How hackers use printers to gain access

• Microsoft HoloLens for the military: Hacker attacks on VR headset may cause physical pain - NotebookCheck.net News

Data Breaches/Leaks

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)

• 530K people's info stolen from cloud PC gaming's Shadow • The Register

• Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) (databreaches.net)

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

• Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News

• 23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

• Care provider under fire over response to cyber attack (thetimes.co.uk)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• ServiceNow leak: thousands of companies at risk | Cybernews

Organised Crime & Criminal Actors

• Cyber attacks -- where they come from and the tactics they use (betanews.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

Insider Risk and Insider Threats

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• Employees leaving businesses open to cyber attack – QBE research - CIR Magazine

• Why disaffected employees are your greatest cyber security risk | Federal News Network

• Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)

Insurance

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

Supply Chain and Third Parties

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Why fourth-party risk management is a must-have | TechTarget

Identity and Access Management

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

Encryption

• Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication (thehackernews.com)

Linux and Open Source

• Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Report Finds Few Open Source Projects are Actively Maintained - Slashdot

Passwords, Credential Stuffing & Brute Force Attacks

• IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru

• Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)

• 39% of individuals use the same password for multiple accounts | Security Magazine

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

• Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)

• A worrying amount of corporate IDs still aren't properly protected | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

Malvertising

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Guide to detecting and disrupting fake ads | Netcraft

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)

Training, Education and Awareness

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

Regulations, Fines and Legislation

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)

• SEC stepping up cyber security efforts | Inquirer Business

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)

• Keeping control in complex regulatory environments - Help Net Security

• UN cyber crime treaty: A menace in the making – EURACTIV.com

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

Models, Frameworks and Standards

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

Backup and Recovery

• Principles for ransomware-resistant cloud backups - NCSC.GOV.UK

• 63% of organisations restore data after a ransomware attack | Security Magazine

Data Protection

• Care provider under fire over response to cyber attack (thetimes.co.uk)

Careers, Working in Cyber and Information Security

• Over half of cyber security pros say they want to switch jobs (betanews.com)

• Compelling Reasons Why You Should Study Cyber Security - Minutehack

• Your guide to landing a job in cyber security (fastcompany.com)

• New Cyber security Salary Report Guides Hiring in an $8 Trillion Cyber Crime Landscape (prnewswire.com)

• One in five CISOs miss out on pay raise - Help Net Security

Law Enforcement Action and Take Downs

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

• ‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes issues five tips on thwarting nation state threats | Computer Weekly

• APT trends report Q3 2023 | Securelist

• Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• The evolution of deception tactics from traditional to cyber warfare - Help Net Security

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Government officials debate effectiveness of multilateral relations in cyber security | ZDNET

• Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems

Geopolitical Threats/Activity

• How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)

• AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

• Mideast War Has Cyber Implications | Newsmax.com

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)

China

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft   | SC Media (scmagazine.com)

• Five Eyes Warn Of Chinese Cyber Espionage | Silicon UK

• Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)

• 20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian

• Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Huawei wants to know why EU labelled it high security risk • The Register

• Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)

Russia

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Russian Hackers Target Romanian Media - Valahia.News

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

Iran

• Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)

• Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop

North Korea

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• North Korean hackers exploit critical TeamCity flaw to breach networks (bleepingcomputer.com)

• FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program - SecurityWeek

Vulnerability Management

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)

Vulnerabilities

• Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek

• Cisco working on fix for critical IOS XE zero-day | TechTarget

• Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek

• Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)

• You Need to Update WinRAR, Right Now (gizmodo.com)

• Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek

• Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)

• Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• ServiceNow leak: thousands of companies at risk | Cybernews

Tools and Controls

• Well-informed employees act as 1st line of defence against cyber threats

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Why Zero Trust Is the Cloud Security Imperative (darkreading.com)

• 3 Essential Steps to Strengthen SaaS Security (darkreading.com)

• Cyber expert calls for renewed focus on zero-trust and recovery as threat actors scale-up - SiliconANGLE

• How hackers use printers to gain access

• Google Authenticator synchronization raises MFA concerns | TechTarget

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• Email Security Best Practices for Phishing Prevention (trendmicro.com)

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

• Reinforcing cyber security: The network's role to prevent, detect, and respond to attacks - Help Net Security

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What is Structured Threat Information eXpression (STIX)? (techtarget.com)

Reports Published in the Last Week

• Trustwave SpiderLabs Research: Cyber security in the Financial Services Sector

• APT trends report Q3 2023 | Securelist

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• ENISA THREAT LANDSCAPE REPORT 2023 REPORT IS OUT! (securityaffairs.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• The CISO Report | Splunk

• VIPRE Security Group’s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - VIPRE

Other News

• SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru

• Many SMBs really don't know exactly what security tools they need | TechRadar

• Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN

• What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)

• Progress gets SEC subpoena over MOVEit breach – and more! • The Register

• 51% of Financial Services Firms Reporting Breaches are From US: Trustwave Threat Landscape Report | The Fintech Times

• Cyber attacks on healthcare organisations affect patient care - Help Net Security

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)

• Cyber risk report says shipping remains ‘easy target’, paying an average $3.2m In cyber attacks (shipmanagement idcinternational.com)

• Space industry group turns up volume on satellite vulnerabilities - SpaceNews

• 5 Tips for Improving Security in Public Sector (govinfosecurity.com)

• Marketers Must Make Cyber security A Priority Every Day (forbes.com)

• UK at risk of massive security breach from national HMRC IT meltdown | The Independent

• UK warns nuclear power plant operator of cyber security failings (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.