Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 July 2023

Black Arrow Cyber Threat Briefing 14 July 2023:

-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves

-Helping Boards Understand Cyber Risks

-Enterprise Risk Management Should Inform Cyber Risk Strategies

-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

-20% of Malware Attacks Bypass Antivirus Protection

-Ransomware Payments and Extortion Spiked Compared to 2022

-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

-Scam Page Volumes Surge 304% Annually

-Financial Industry Faces Soaring Ransomware Threat

-The Need for Risk-Based Vulnerability Management to Combat Threats

-Government Agencies Breached in Microsoft 365 Email Attacks

-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

  • Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

  • Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

  • Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

  • 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

  • Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

  • AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

  • Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

  • Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

  • Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

  • The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

  • Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

  • Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

  • Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Travel

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea


Vulnerability Management

Vulnerabilities

OT/ICS Vulnerabilities


Tools and Controls



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 July 2023

Black Arrow Cyber Threat Briefing 07 July 2023:

-Cyber Attacks Against Mobile Devices Growing Fast

-One Third of Security Breaches Go Unnoticed by Security Professionals

-Cyber Security Experts Have Become Targets for Board Seats

-Phishing Attack Prevention as Email Attacks Surge Over 450%

-Outsmarting Business Email Compromise Scammers

-Small Organisations Face Security Threats on a Limited Budget

-Cloud Security: Sometimes the Risks May Outweigh the Rewards

-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

-75% of Consumers Prepared to Ditch Brands Hit by Ransomware

-Scammers Using AI Voice Technology to Commit Crimes

-What are the Causes of Data Loss and What it the Impact on Your Organisation?

-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

  • One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

  • Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

  • Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

  • Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

  • Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

  • Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

  • Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

  • 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

  • Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

  • What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

  • Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring







Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 9th June 2023

Black Arrow Cyber Threat Briefing 09 June 2023:

-74% of Breaches Involve Human Element- Make Employees Your Best Asset

-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

-BEC Volumes and Ransomware Costs Double in a Year

-Hackers are Targeting C-Suite Executives Through Their Personal Email

-Proactive Detection is Crucial as Organisations Lack Effective Threat Research

-Number of Vulnerabilities Exploited Rose by 55%

-Ransomware Behind Most Cyber Attacks, with Record-breaking May

-4 Areas of Cyber Risk That Boards Need to Address

-North Korea Makes 50% of Income from Cyber Attacks

-Going Beyond “Next Generation” Network Security

-Worldwide 2022 Email Phishing Statistics and Examples

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 74% of Breaches Involve Human Element- Make Employees Your Best Asset

Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.

With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.

https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/

https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/

  • Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.

Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.

https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/

https://www.ibtimes.co.uk/british-cybersecurity-agency-urges-vigilance-major-companies-fall-victim-software-hack-1716493

  • CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.

In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.

https://www.csoonline.com/article/3698708/cisos-it-lack-confidence-in-executives-cyber-defense-knowledge.html

https://www.computerweekly.com/news/366539293/Cyber-spotlight-falls-on-boardroom-privilege-as-incidents-soar

  • Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.

https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says

  • BEC Volumes and Ransomware Costs Double in a Year

The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.

Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.

https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/

  • Hackers are Targeting C-Suite Executives Through Their Personal Email

As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.

https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity

  • Proactive Detection is Crucial as Organisations Lack Effective Threat Research

In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.

https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/

  • Number of Vulnerabilities Exploited Rose by 55%

A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.

Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.

https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/

https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/

  • Ransomware Behind Most Cyber Attacks, with Record-breaking May

2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.

https://www.msspalert.com/cybersecurity-research/ransomware-hit-new-attack-highs-in-may-2023-blackfog-report-says/

https://www.scmagazine.com/analysis/ransomware/ransomware-attacks-have-room-to-grow-verizon-data-breach-report-shows

  • 4 Areas of Cyber Risk That Boards Need to Address

As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.

To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.

https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address

  • North Korea Makes 50% of Income from Cyber Attacks

The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.

North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.

They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.

https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/

  • Going Beyond “Next Generation” Network Security

Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.

https://blogs.cisco.com/security/going-beyond-next-generation-network-security-cisco-platform-approach

  • Worldwide 2022 Email Phishing Statistics and Examples

Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.

https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT             

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Data Protection

Careers, Working in Cyber and Information Security

Privacy, Surveillance and Mass Monitoring




Vulnerability Management

Vulnerabilities


Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 16 December 2022

Black Arrow Cyber Threat Briefing 16 December 2022:

-Executives Take More Cyber Security Risks Than Office Workers

-CISO Role is Diversifying from Technology to Leadership & Communication Skills

-How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor

-Cyber Security Drives Improvements in Business Goals

-Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering

-Managing Cyber Risk in 2023: The People Element

-What We Can't See Can Hurt Us

-Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online

-When Companies Compensate the Hackers, We All Foot the Bill

-HSE Cyber-Attack Costs Ireland $83m So Far

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Executives Take More Cyber Security Risks Than Office Workers

IT software company Ivanti worked with cyber security experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and to find out how companies are preparing for yet-unknown future threats.

The report revealed that despite 97% of leaders and security professionals reporting their organisation is as prepared, or more prepared, to defend against cybersecurity attacks than they were a year ago, one in five wouldn’t bet a chocolate bar that they could prevent a damaging breach.

In fact, the study finds that organisations are racing to fortify against cyber attacks, but the industry still struggles with a reactive, checklist mentality. This is most pronounced in how security teams are prioritising patches. While 92% of security professionals reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning none do.

“Patching is not nearly as simple as it sounds,” said Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and even address vulnerabilities without excess manual intervention”.

Cyber security insiders view phishing, ransomware, and software vulnerabilities as top industry-level threats for 2023. Approximately half of respondents indicated they are “very prepared” to meet the growing threat landscape including ransomware, poor encryption, and malicious employees, but the expected safeguards such as deprovisioning credentials is ignored a third of a time and nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.

The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers.

Additionally:

  • More than 1 in 3 leaders have clicked on a phishing link

  • Nearly 1 in 4 use easy-to-remember birthdays as part of their password

  • They are much more likely to hang on to passwords for years

  • And they are 5x more likely to share their password with people outside the company.

One survey taker shared, “We’ve experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years – even our most experienced staff are falling prey to it.”

To cope with a rapidly expanding threat landscape, organisations must move beyond a reactive, rules-based approach.

https://www.helpnetsecurity.com/2022/12/16/executives-take-more-cybersecurity-risks-than-office-workers/

  • CISO Role is Diversifying from Technology to Leadership & Communication Skills

The role of chief information security officer (CISO), a relatively new executive position, is undergoing some significant changes and an archetype has yet to emerge, a new global report from Marlin Hawk, an executive recruiting and leadership consultant, said.

CISOs are still more likely to serve on advisory boards or industry bodies than on the board of directors. Only 13% of the global CISOs analysed are women; approximately 20% are non-white. Each diversity dimension analysed is down one percentage point year-on-year.

According to James Larkin, managing partner at Marlin Hawk, “Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the chief information officer (CIO), which is to act as the primary gateway from the tech department into the wider business and the outside marketplace. This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the ‘softer’ skill sets of communication, leadership, and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow.”

The job does not come without its downsides. For one, according to the search firm, many CISOs change roles and leave their jobs. Their skillset may not be adequate or new leaders get appointed to the job, they lack the necessary internal support, or their company may not have the required commitment to cyber security to make the job effective.

Key findings from the report include:

  • 45% of global CISOs have been in their current role for two years or less, down from 53% in 2021, with 18% turnover year-on-year. While there is still a lot of movement in the CISO seat, there is potentially some stabilisation emerging.

  • Approximately 62% of global CISOs were hired from another company, indicating a slight increase in the number of CISOs hired internally (38% were hired internally compared to 36% in 2021) but a large gap remains in appropriate successors.

  • 36% of CISOs analysed with a graduate degree received a higher degree in business administration or management. This is down 10% from last year (46% in 2021). Conversely, there has been an increase to 61% of CISOs receiving a higher degree in STEM subjects (up from 46% in 2021).

https://www.msspalert.com/cybersecurity-research/ciso-role-is-diversifying-from-technology-to-leadership-communication-skills/

  • How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor

Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratise cyber crime.

With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.

While security teams can also leverage ChatGPT for defensive purposes such as testing code, by lowering the barrier for entry for cyber attacks, the solution has complicated the threat landscape significantly. From a cyber security perspective, the central challenge created by OpenAI’s creation is that anyone, regardless of technical expertise, can create code to generate malware and ransomware on-demand.

Whilst it can be used for good to assist developers in writing code for good, it can (and already has) been used for malicious purposes. Examples including asking the bot to create convincing phishing emails or assist in reverse engineering code to find zero-day exploits that could be used maliciously instead of reporting them to a vendor.

ChatGPT does have inbuilt guardrails designed to prevent the solution from being used for criminal activity. For instance, it will decline to create shell code or provide specific instructions on how to create shellcode or establish a reverse shell and flag malicious keywords like phishing to block the requests.

The problem with these protections is that they’re reliant on the AI recognising that the user is attempting to write malicious code (which users can obfuscate by rephrasing queries), while there’s no immediate consequences for violating OpenAI’s content policy.

https://venturebeat.com/security/chatgpt-ransomware-malware/

  • Cyber Security Drives Improvements in Business Goals

Cyber threats should no longer be viewed as just an IT problem, but also a business problem, Deloitte said in its latest Future of Cyber study. Operational disruption, loss of revenue, and loss of customer trust are the top three significant impacts of cyber incidents. More than half, or 56%, of respondents told Deloitte they suffered related consequences to a moderate or large extent.

In 2021, the top three negative consequences from cyber incidents and breaches were operational disruption, which includes supply chain and the partner ecosystem, intellectual property theft, and a drop in share price. While operational disruption remained the top concern in 2022, loss of revenue and loss of customer trust and negative brand impact moved up in importance. Intellectual property theft and drop in share price dropped to eighth and ninth (out of ten) in ranking. Losing funding for a strategic initiative, loss of confidence in the integrity of the technology, and impact on employee recruitment and retention moved up in ranking in 2022. Respondents were also asked to mark two consequences they felt would be most important in 2023: Operational disruption and loss of revenue topped the list.

"Today, cyber means business, and it is difficult to overstate the importance of cyber as a foundational and integral business imperative," Deloitte noted in its report. "It [cyber] should be included in every functional area, as an essential ingredient for success—to drive continuous business value, not simply mitigate risks to IT."

Deloitte categorised organisations' cyber security maturity based on their adoption of cyber planning, risk management, and board engagement. Risk management included activities such as industry benchmarking, incident response, scenario planning, and qualitative and quantitative risk assessment.

Whether or not the organisation adopted any of these three practices hinged on stakeholders recognising the importance of cyber responsibility and engagement across the whole organisation, Deloitte said in its report. Examples included having a governing body that comprises IT and senior business leaders to oversee the cyber program, conducting incident-response scenario planning and simulation at the organisational and/or board level, regularly providing cyber updates to the board to secure funding, and conducting regular cyber awareness training for all employees.

https://www.darkreading.com/edge-threat-monitor/cybersecurity-drives-improvements-in-business-goals

  • Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering

The man who will lead UK efforts to regulate cryptocurrency firms issued a stark condemnation of the sector on Wednesday, telling MPs that in his experience crypto platforms were “deliberately evasive”, facilitated money laundering at scale and created “massively untoward risk”.

The comments from Ashley Alder, the incoming chair of the Financial Conduct Authority, suggest that crypto firms hoping to build businesses in the UK will face an uphill battle when the FCA assumes new powers to regulate broad swaths of the sector.

They also put Alder, who will become FCA chair in February, on a potential collision course with the government’s aspiration to create a high quality crypto hub that fosters innovation, a vision ministers have remained loyal to even as the global crypto market lurches from crisis to crisis, epitomised by the collapse of FTX. The FCA declined to comment on whether their incoming chair’s views were at odds with those of the government.

Alder comments came during a sometimes terse appointment hearing with the cross-party Treasury select committee, where he faced sustained criticism for appearing virtually from Hong Kong and for his lack of familiarity with some parts of the UK market place and its accountability structures.

https://www.ft.com/content/7bf0a760-5fb5-4146-b757-1acc5fc1dee5

  • Managing Cyber Risk in 2023: The People Element

2022 has had many challenges from cyber war between Russia and Ukraine, continuing ransomware attacks, and a number of high-profile vulnerabilities and zero day attacks.  With the attack surface constantly expanding, CISOs and security leaders are acutely aware of the need to minimise risk across people, processes, and technology.

Top infrastructure risk: people

It’s common knowledge that it’s not if, but when, your organisation will be the target of a cyber attack. CISOs and security leaders seem to share the same opinion—according to Trend Micro’s latest Cyber Risk Index (CRI) (1H’2022), 85% of 4,100 respondents across four global regions said its somewhat to very likely they will experience a cyber attack in the next 12 months.  More concerning was 90% of respondents had at least one successful cyber attack in the past 12 months.

The CRI (1H’2022) also found that CISOs, IT practitioners, and managers identified that most organisations’ IT security objectives are not aligned with the business objectives, which could cause challenges when trying to implement a sound cyber security strategy.

It’s important to note that while ideal, avoiding a cyber attack isn’t the main goal—companies need to address critical challenges across their growing digital attack surface to enable faster detection and response, therefore minimising cyber risk.

While it's commonly assumed that security efforts should be largely focused on protecting critical servers and infrastructure, the human attack vector shouldn’t be so quickly forgotten.

https://www.trendmicro.com/en_us/ciso/22/e/managing-cyber-risk.html

  • What We Can't See Can Hurt Us

In speaking with security and fraud professionals, visibility remains a top priority. This is no surprise, since visibility into the network, application, and user layers is one of the fundamental building blocks of both successful security programs and successful fraud programs. This visibility is required across all environments — whether on-premises, private cloud, public cloud, multicloud, hybrid, or otherwise.

Given this, it is perhaps a bit surprising that visibility in the cloud has lagged behind the move to those environments. This occurred partially because few options for decent visibility were available to businesses as they moved to the cloud. But it also partially happened because higher priority was placed on deploying to the cloud than on protecting those deployments from security and fraud threats.

This is unfortunate, since what we can't see can hurt us. That being said, cloud visibility is becoming a top priority for many businesses. There are a few areas where many businesses are looking for visibility to play a key role, including Compliance, Monitoring, Investigation, Response, API Discovery, Application Breaches, and Malicious User Detection.

Organisation have been a bit behind in terms of ensuring the requisite visibility into cloud environments. Whilst time has been lost, it does seem that gaining visibility into the network, application, and user layers is now a priority for many businesses. This is a positive development, as it enables those businesses to better mitigate the risks that operating blindly creates.

https://www.darkreading.com/edge-articles/what-we-can-t-see-can-hurt-us

  • Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cyber security incident.

On Saturday last week, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.

The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms. Each post refers to a member of the Lapsus$ hacking group who is believed to be responsible for numerous high-profile attacks, including a September cyber attack on Uber where threat actors gained access to the internal network and the company's Slack server.

News outlet BleepingComputer has been told that the newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information. One of the documents seen by BleepingComputer includes email addresses and Windows Active Directory information for over 77,000 Uber employees.

While BleepingComputer initially thought this data was stolen during the September attack, Uber told BleepingComputer it believes it is related to a security breach on a third-party vendor.

https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/

  • When Companies Compensate the Hackers, We All Foot the Bill

Companies are always absorbing costs that are seen as par for the course of budget planning: maintenance, upgrades, office supplies, wastage, shrinkage, etc. These costs ratchet up the price of a company's products and are then passed on to the consumer. Breaches in cyber security and paying out ransoms to hackers should be outside of this remit, and yet more than half of all companies admit to transferring the costs of data breaches on to consumers. Careless or ill-informed employees and other weaknesses in a company's protections lead to catastrophic losses to businesses of around $1,797,945 per minute — and the consumers are paying it off.

If a company estimates the recovery costs from a ransomware attack to exceed the requested payment from the hacker, then it feels like a no-brainer — they're better off just cutting their losses and giving in to the cyber criminal's demands. The issue is that this creates an unvirtuous circle of paying the hacker, which enforces nefarious behaviour and empowers hackers to increase the number and volume of ransoms.

When it comes to ransomware, 32% of companies pay off hackers, and, of that percentage, the average company only retrieves about 65% of its data. Giving in to hackers is counterintuitive. On an even more disturbing note, one study found that 80% of companies that paid a ransom were targeted a second time, with about 40% paying again and a majority of that 40% paying a higher ransom the second time round. This is ludicrous. With 33% of companies suspending operations following an attack, and nearly 40% resorting to laying off staff, it comes as no surprise that the downstream costs are picked up to some extent by the consumer.

As for smaller companies, about 50% of US small businesses don't have a cyber security plan in place, despite the fact that small businesses are three times more likely to be targeted by cyber criminals than larger companies. An average breach costs these companies around $200,000 and has put many out of business. It isn't simply the cost passed on to consumers, it's also the intangible assets, such as brand reputation.

When data is leaked and a site goes down, customers become rightly anxious when their information is sold to the highest bidder on the Dark Web. To safeguard against this, companies of all sizes should exploit automated solutions while training every single member of staff to recognise and report online threats. Paying a ransom does not guarantee the return of data, and for a smaller business, losing valuable customer information could cause long-term damage way beyond the initial attack.

Cyber security professionals, governments, and law enforcement agencies all advise companies to avoid paying the hackers' ransoms. This strategy is affirmed by the success businesses have had in retrieving the stolen data and turning the lights back on — 78% of organisations who say they did not pay a ransom were able to fully restore systems and data without the decryption key. This evidently is not enough to reassure companies who, at the click of a dangerous email being opened, have lost sensitive information and access to their systems and are desperate to get back online. There are many preventative techniques businesses can take advantage of before it even gets to that stage.

https://www.darkreading.com/attacks-breaches/when-companies-compensate-the-hackers-we-all-foot-the-bill

  • HSE Cyber-Attack Costs Ireland $83m So Far

The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).

The figures come from a letter from HSE’s chief information officer, seen by The Irish Times. This comes months after the Department of Health suggested in February the attack could end up costing up to €100m ($104m). The letter confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) until October of this year.

Ireland has a very capable national cyber security centre and a well-oiled CSIRT team that engages the public/private sector. If the cost does continue to escalate to €100m, that is the equivalent to everyone in the Republic of Ireland having been defrauded by €20. According to The Irish Times, the costs were said to be “enormous,” and the government has been asked to complete a comprehensive assessment of the impact caused by the breach.

The cyber-attack, believed to have been conducted by Russia-based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email. According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. A total of roughly 100,000 people had their personal data stolen during the cyber-attack.

Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices.

https://www.infosecurity-magazine.com/news/hse-cyber-attack-ireland-dollar83m/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Hybrid/Remote Working

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine



Vulnerability Management

Vulnerabilities

Tools and Controls

Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More