Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 January 2024

Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:

-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

-Cyber Insecurity and Misinformation Top WEF Global Risk List

-Why Effective Cyber Security and Risk Management are Crucial for Business Growth

-The Cost of Dealing with a Cyber Attack Doubled Last Year

-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

-Mandiant, SEC Lose Control of X Accounts Without 2FA

-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

-Cyber Security is the Number One Priority for the Financial Sector Again

-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.

When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.

Sources: [Lexology] [Security Brief]

Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.

Sources: [Data Breaches] [UK mortgage news] [The Hacker News]

Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.

Source: [TechRadar]

Cyber Insecurity and Misinformation Top WEF Global Risk List

In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.

Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.

Source: [Infosecurity Magazine]

Why Effective Cyber Security and Risk Management are Crucial for Business Growth

Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.

Source: [World Economic Forum]

The Cost of Dealing with a Cyber Attack Doubled Last Year

New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.

Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.

Source: [TechRadar]

Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.

The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.

Source: [Security Week] [Dark Reading]

Mandiant, SEC Lose Control of X Accounts Without 2FA

While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.

In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.

Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.

Source: [Dark Reading]

If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling.  Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.

Source: [Help Net Security]

82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.

Sources: [Infosecurity Magazine] [SecurityWeek]

Cyber Security is the Number One Priority for the Financial Sector Again

In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.

Sources: [The Fintech Times] [Islamic Finance News]

Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.

Source: [Security Boulevard]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities



Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 November 2023

Black Arrow Cyber Threat Intelligence Briefing 10 November 2023:

-Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually

-Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable

-Cyber Attacks Top Global Risk – 2023 Aon Survey

-To Improve Cyber Defences, Practice for Disaster

-Meet Your New Cyber Security Auditor: Your Insurer

-Allen and Overy Suffer Ransomware Attack

-Shadow IT Remains a Top Threat, as Shown by Attack on Okta

-Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats

-Cyber Governance: Growing Expectations for Information Security Oversight and Accountability

-Generative AI Will Level Up Cyber Attacks, According to New Google Report

-Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?

-88% of Security Leaders Think Their Organisation Is Falling Short Addressing Cyber Security

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually

A recent report by Akamai Technologies has found that organisations experienced an average of 86 ransomware-linked events in the past 12 months (successful or not), double the number of annual attacks from 2 years ago.

The most common issues impacting organisations after a ransomware attack were network downtime (44%), data loss (42%) and brand/reputation damage (39%).

Ransomware attackers have increasingly employed tactics like double and triple extortion. These methods combine encryption, data exfiltration, and distributed denial of service (DDoS) attacks to extort money. While these strategies are not new, their prevalence has significantly increased in recent times.

With 81% of companies experiencing ransomware attacks in the previous 12 months this is increasingly something that company Boards are concerned about, not only the organisation’s ability to stop a ransomware attack in the first place, but also the organisation’s ability to recover when an attack happens.

Sources: [TechTarget] [PRNewsWire] [Security Magazine] [InsuranceJournal] [Financial Times]

Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable

A recent report found that of nearly 6,000 small and medium-sized business (SMB) IT professionals surveyed across Europe, a third of those based in the UK have no cyber security in place to protect assets such as their own printers, with 16% suffering a printer breach alone in the past. Despite this, less than a quarter educated their employees about printer (23%) IT security. With hybrid working seen as a security concern for 38% of SMEs, and potentially leading to more remote use of these devices, surprisingly just 4 in 10 (41%) cover hybrid working as part of their current security training.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [TechRadar] [The Recycler]

Cyber Attacks Top Global Risk – 2023 Aon Survey

Aon’s Global Risk Management Survey identified cyber attacks and data breaches as the leading business risk worldwide, followed by business interruption. Aon warned that deficits in talent or specialised skills may exacerbate cyber risks in particular.

Supply chain disruptions were ranked as another area of concern, with risks associated with supply chain failure hitting a 14-year high in the survey. However, less than 40% of organisations have conducted supplier resilience assessments. which contributes to cyber risk when organisations hand data to suppliers without considering whether their suppliers keep that data safe.

Source: [Investing]

To Improve Cyber Defences, Practice for Disaster

If you aren’t already running incident simulations in your organisation, it’s time to start. Such simulations allow employees to understand their roles and responsibilities, as well as providing a great opportunity to educate. Cyber attacks are a matter of when, not if, and no-one wants to be improvising their security response in the event of a real cyber incident.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Meet Your New Cyber Security Auditor: Your Insurer

In the dynamic world of cyber security, cyber insurers are emerging as key players, reshaping the landscape with ever more stringent requirements. With ransomware attacks becoming more complex, cyber insurance premiums have surged by 50%, challenging Chief Information Security Officers (CISOs) to demonstrate their organisation's cyber defence capabilities. Insurers, using detailed risk assessments, are influencing cyber security strategies, compelling organisations to adapt and meet higher standards.

CISOs are now tasked with ensuring their security measures are comprehensive and transparent, as insurers scrutinise everything from multifactor authentication to Active Directory policies. Accurate self-assessment is critical, as any misrepresentation can lead to denied coverage or legal repercussions. In this competitive market, organisations must showcase their cyber maturity, particularly in high-risk industries, to secure coverage. The evolving cyber insurance landscape demands a clear understanding of risk factors and continuous improvement in cyber defence strategies, ultimately aiming to enhance overall protection against cyber threats.

Source: [Dark Reading]

Allen and Overy Suffer Ransomware Attack

Allen & Overy, the “magic circle” law firm, has suffered a cyber attack on its systems, making it the latest large corporation to fall victim to a ransomware hack. A&O confirmed the incident after the infamous ransomware gang LockBit posted on social media platform X, formerly Twitter, claiming to have breached the legal giant and threatening to publish data from the firm’s files on 28 November.

Earlier this year, the UK National Cyber Security Centre reported that law firms of all sizes were at risk from cyber attackers because of the sensitive client information they routinely handle. The importance of reputation to the business also made law firms attractive targets for extortion.

Sources: [Financial Times] [Law Gazette]

Shadow IT Remains a Top Threat, as Shown by Attack on Okta

Shadow IT refers to IT resources used by employees or end users that don’t have IT approval or oversight. This was the case in the recent Okta attack in which an Okta employee signed into their personal Google account on a company-owned device. It is believed that the employee’s personal Google account had been compromised, and unfortunately since the employee had configured it in a way to save credentials of Okta accounts, the attacker now also had these credentials. The result? 134 downstream customers impacted.  

Source: [Computer Weekly]

Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats

Ransomware attacks surged to record highs in 2023 and are expected to escalate further, especially with key 2024 elections approaching, ZeroFox Intelligence's 2024 Key Forecasts report indicates. This trend is driven by evolving cyber threats, including sophisticated social engineering and AI-generated synthetic media, aimed at spreading misinformation and targeting electoral processes.

ZeroFox also highlights a concerning shift towards physical damages from cyber attacks, with critical sectors like finance, energy, and healthcare being vulnerable due to outdated security infrastructures. These sectors are likely targets for nation-state and state-sponsored attacks amidst global geopolitical tensions. To counter these threats, the report suggests enhanced security measures, including encrypted cloud backups, vigilant network monitoring, and a zero-trust cyber security approach to safeguard against the evolving landscape of cyber threats.

Source: [TechRadar]

Cyber Governance: Growing Expectations for Information Security Oversight and Accountability

In today's interconnected digital economy, cyber security is a critical governance issue for businesses, necessitating effective oversight and strategic planning. The SEC's new rules, effective July 2023, require public companies to transparently disclose their cyber security strategies and report significant incidents, highlighting the increasing importance of cyber security in corporate governance. This regulatory development aims to improve transparency and accountability in managing cyber risks.

Corporations are responding by emphasising detailed cyber security disclosures, employee training programmes, and board-level expertise in information security. As the landscape of cyber threats evolves, timely and comprehensive reporting of breaches becomes more crucial, aligning with both regulatory requirements and stakeholder expectations for robust cyber security governance.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Harvard]

Generative AI Will Level Up Cyber Attacks, According to New Google Report

Google's Cloud Cyber Security Forecast 2024 report reveals a growing trend of using generative AI in cyber attacks. The technology, particularly large language models (LLMs), is enhancing phishing and social engineering tactics by producing content that appears more legitimate, making it difficult to spot errors typically associated with such attacks. This advancement allows attackers to mimic natural language effectively and create authentic-looking fake news, phone calls, and deepfake videos, potentially eroding public trust in online information.

On the flip side, the report highlights the potential of AI as a powerful tool for cyber defence. Cyber security professionals can leverage AI for rapid data synthesis, efficient threat detection, and swift response actions. As defenders direct AI development with specific security objectives, its capabilities are expected to significantly bolster cyber security measures in the near future.

Source: [ZDNET]

Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?

New research found that half of UK participants believed they are most at risk of a cyber attack when using public Wi-Fi, which is Wi-Fi that anyone, including an attacker, can connect to. However, in contrast to concerns, the report found that 41% will use unsecured Wi-Fi if given the opportunity. Further, 53% of participants would enter or access sensitive information whilst connected to an unsecured public Wi-Fi network; this includes bring your own devices (BYOD) that have access to corporate data.

Source: [TechRadar]

88% of Security Leaders Think Their Organisation Is Falling Short in Addressing Cyber Security

A recent study by Foundry reveals a trend towards AI-driven security measures and increased reliance on cyber insurance among organisations. Key priorities for security leaders include preparedness for incidents, data protection, and enhancing IT and cloud data security. Despite this, 88% of security leaders feel their organisations are inadequate in addressing cyber security risks, mainly due to budget limitations, talent scarcity, and challenges in stakeholder communication.

To improve the situation, more top security executives are having regular engagements with the board of directors (85% this year compared to 82% in 2022), aiding in better cyber security initiatives. Security budgets are expected to remain stable or increase, with investments focused on authentication, data analytics, and cloud security, complemented by cyber insurance. AI's role is expanding in threat detection, malware identification, and automated responses, showcasing its growing importance in evolving security landscapes.

Source: [Foundry]


Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 October 2023

Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:

-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

-Cyber Security Investments Show Mature Business Mindset

-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure

-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen

-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack

-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head

-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors

-39% of Individuals Use the Same Password for Multiple Accounts

-Why Fourth-Party Risk Management Is a Must-Have

-AI Adoption Surges But Security Awareness Lags Behind

-UK watchdog fines Equifax £11 million for role in cyber breach

-Why Boards Must Understand and Govern Cyber Security Risk

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

Geopolitical Threats/Activity

China

Russia

Iran

North Korea



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 29 September 2023

Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:

-Ransomware Groups Are Shifting Their Focus Away From Larger Targets

-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

-Attacks on SME’s Surged in The First Half of 2023

-The CISO Carousel and Its Effect on Enterprise Cyber Security

-Bermuda Struggles to Recover from Ransomware Attack

-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations

-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

-Boards Still Lack Cyber Security Expertise

-4 Legal Surprises You May Encounter After a Cyber Security Incident

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Groups Are Shifting Their Focus Away from Larger Targets

Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.

Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.

Sources: [Techcentral] [Helpnet Security]

Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.

The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.

Sources: [Computer Weekly] [InfoSecurity Magazine]

Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.

Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.

Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]

Attacks on SME’s Surged in The First Half of 2023

According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.

An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices.  Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.

Sources: [Inquirer] [HelpNet Security] [Insurance Times]

The CISO Carousel and Its Effect on Enterprise Cyber Security

The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.

In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.

Source: [Security Week]

Bermuda Struggles to Recover from Ransomware Attack

The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.

The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.

Sources: [Duo] [GovInfo Security] [Bleeping Computer]

Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.

Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.

Source: [Reinsurance News]

Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations

According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.

Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]

Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.

With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.

Sources: [BleepingComputer] [Inforsecurity Magazine]

Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.

AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.

Source: [Management Issues]

Boards Still Lack Cyber Security Expertise

A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]

4 Legal Surprises You May Encounter After a Cyber Security Incident

In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.

Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Containers

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Malvertising

Training, Education and Awareness

Travel

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Misc Nation State/Cyber Warfare



Tools and Controls



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 08 September 2023

Black Arrow Cyber Threat Intelligence Briefing 08 September 2023:

-More Than Half of UK Organisations Know They Aren’t Well Protected

-Generative AI Considered a Security Risk by 60% of Board Members: How Organisations Can Prepare

-Businesses Ignore Incident Response at Their Peril

-Blame Culture: An Organisation’s Ticking Time Bomb

-Spend to Save: CFO’s and Cyber Security Investment

-Cyber Security Tools Are New Targets for Attackers, including Nation-State Actors

-Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

-Common Tactics Used by Threat Actors to Weaponise PDFs

-Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

-Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

-71% of Organisations are Impacted by Cyber Security Skills Shortage

-Multiple Schools Hit by Cyber Attacks Before Term Begins

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Than Half of UK Organisations Know They Aren’t Well Protected

According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.

Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.

Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Sources: [IT Security Guru][Beta News]

Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare

A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.

The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.

For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.

Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]

Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]

Businesses Ignore Incident Response at Their Peril

According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.

Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.

One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it. 

Source: [Infosecurity Magazine]

Blame Culture: An Organisation’s Ticking Time Bomb

An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.

Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.

Source: [ IT Security Guru]

Spend to Save: CFOs and Cyber Security Investment

For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.

When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.

Source: [Security Intelligence]

Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors

An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.

Source: [News Week]

Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.

Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Source: [The Register] [Tech Monitor]

Common Tactics Used by Threat Actors to Weaponise PDFs

PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.

Source: [Cyber Security News]

Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.

The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.

Source: [The Register]

Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability.  Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.

Source: [IT Security Guru]

71% of Organisations are Impacted by Cyber Security Skills Shortage

Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.

Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.

Source: [Security Magazine] [Digital Journal]

Multiple Schools Hit by Cyber Attacks Before Term Begins

Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.

The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.

Source: [Infosecurity Magazine]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc Nation State/Cyber Warfare


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 21 July 2023

Black Arrow Cyber Threat Briefing 21 July 2023:

-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals

-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

-Risk is Driving Medium-Sized Business Decisions

-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security

-Hybrid Work, Digital Transformation can Exploit Security Gaps

-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

-Pro-Russian Hacktivists Increase Focus on Western Targets

-Infosec Doesn't Know What AI Tools Orgs Are Using

-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.

A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.

https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/

https://www.itpro.com/security/ransomware/weekly-cyber-attacks-reach-two-year-high-amid-ransomware-resurgence

  • MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals

The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.

The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.

https://www.theregister.com/2023/07/20/moveit_victim_count/

  • IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.

Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.

https://www.bleepingcomputer.com/news/security/it-worker-jailed-for-impersonating-ransomware-gang-to-extort-employer/

  • Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.

A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.

https://www.forbes.com/sites/theyec/2023/07/14/stabilizing-the-cybersecurity-landscape-the-ciso-exodus-and-the-rise-of-vcisos/

  • Risk is Driving Medium-Sized Business Decisions

Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.

In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.

https://www.msspalert.com/cybersecurity-guests/risk-is-driving-small-and-medium-sized-businesses-smb-decisions/

  • Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security

For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.

However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.

This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.

https://technative.io/talent-and-governance-not-technology-are-key-to-drive-change-around-cyber-security/

  • Hybrid Work, Digital Transformation can Exploit Security Gaps

A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.

The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.

https://www.msspalert.com/cybersecurity-research/digital-transformation-hybrid-work-models-create-perfect-setting-for-cybercriminals-to-exploit-security-gaps-study-finds/

  • Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.

What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.

https://www.securityweek.com/human-cyber-risk-can-be-demonstrably-mitigated-by-behavior-changing-training-analysis/

  • AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.

https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/

https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html

  • Pro-Russian Hacktivists Increase Focus on Western Targets

‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.

The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.

https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/

  • Infosec Doesn't Know What AI Tools Organisations Are Using

With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.

Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.

https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using

  • Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

https://www.theregister.com/2023/07/19/google_cuts_internet/

  • Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Digital Transformation

Travel

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities


Tools and Controls



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 July 2023

Black Arrow Cyber Threat Briefing 07 July 2023:

-Cyber Attacks Against Mobile Devices Growing Fast

-One Third of Security Breaches Go Unnoticed by Security Professionals

-Cyber Security Experts Have Become Targets for Board Seats

-Phishing Attack Prevention as Email Attacks Surge Over 450%

-Outsmarting Business Email Compromise Scammers

-Small Organisations Face Security Threats on a Limited Budget

-Cloud Security: Sometimes the Risks May Outweigh the Rewards

-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

-75% of Consumers Prepared to Ditch Brands Hit by Ransomware

-Scammers Using AI Voice Technology to Commit Crimes

-What are the Causes of Data Loss and What it the Impact on Your Organisation?

-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

  • One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

  • Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

  • Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

  • Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

  • Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

  • Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

  • Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

  • 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

  • Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

  • What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

  • Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring







Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 30 June 2023

Black Arrow Cyber Threat Briefing 30 June 2023:

-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

-Employees Worry Less About Cyber Security Best Practices in the Summer

-Businesses are Ignoring Third-Party Security Risks

-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing

-Widespread BEC Attacks Threaten European Organisations

-Lloyd’s Syndicates Sued Over Cyber Insurance

-95% Fear Inadequate Cloud Security Detection and Response

-The Growing Use of Generative AI and the Security Risks They Pose

-The CISO’s Toolkit Must Include Political Capital Within The C-Suite

-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

-SMBs Plagued by Exploits, Trojans and Backdoors

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

  • Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

  • Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

  • Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

  • Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

  • Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

  • Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

  • 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

  • The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

  • The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

  • Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

  • SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Travel

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 02 June 2023

Black Arrow Cyber Threat Briefing 02 June 2023:

-How to Keep Cyber Attacks from Tanking Your Balance Sheet

-Company Size Doesn’t Matter When It Comes to Cyber Attacks

-‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

-How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

-Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

-Don't be Polite When you Get a Text from a Wrong Number

-Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

-Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

-Organisations Spend 100 Hours Battling Post-Delivery Email Threats

-Ransomware Gangs Adopting Business-like Practices to Boost Profits

-The Sobering Truth About Ransomware—For The 80% Who Paid Up

-The Great CISO Resignation: Why Security Leaders are Quitting in Droves

-When is it Time for a Cyber Hygiene Audit?

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • How to Keep Cyber Attacks from Tanking Your Balance Sheet

According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.

The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.

When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.

https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet

  • Company Size Doesn’t Matter When It Comes to Cyber Attacks

65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).

Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.

https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

  • ‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.

Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.”  Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.

https://www.thetimes.co.uk/article/exceptional-cyberattacks-now-normal-says-bt-security-chief-nd2kfp3gc

  • How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.

Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.

Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.

https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/

  • Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.

In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.

https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/

  • Don't be Polite When you Get a Text from a Wrong Number

You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.

https://www.kens5.com/article/money/consumer/wrong-number-text-messages/273-c94cd68b-6117-4add-bf16-e010f7e16726

  • Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.

The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.

https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico

  • Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.

This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.

https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season

  • Organisations Spend 100 Hours Battling Post-Delivery Email Threats

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.

Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.

https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/

  • Ransomware Gangs Adopting Business-like Practices to Boost Profits

Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.

The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.

https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/

  • The Sobering Truth about Ransomware—for the 80% Who Paid Up

Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.

Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.

Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.

https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up 

  • The Great CISO Resignation: Why Security Leaders are Quitting in Droves

With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.

This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?

https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05/

  • When is it Time for a Cyber Hygiene Audit?

Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.

Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.

An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.

https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Travel

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda




Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 May 2023

Black Arrow Cyber Threat Briefing 12 May 2023:

-79% of Cyber Pros Make Decisions Without Threat Intelligence

-61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

-Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

-Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

-AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

-Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

-Majority of US, UK CISOs Unable to Protect Company 'Secrets'

-Company Executives Can’t Afford to Ignore Cyber Security Anymore

-BEC Campaign via Israel Spotted Targeting Multinational Companies

-CISOs Worried About Personal Liability for Breaches

-UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

-Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

  • 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

  • Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

  • Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

  • AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

  • Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

  • Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

  • Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

  • BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

  • CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

  • UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

  • Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Asset Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence



Nation State Actors



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 05 May 2023

Black Arrow Cyber Threat Briefing 05 May 2023:

- Boards Need Better Conversations About Cyber Security

- Uber’s Ex-Security Chief Sentenced for Security Breach

- Global Cyber Attacks Rise by 7% in Q1 2023

- Three-Quarters of Firms Predict Breach in Coming Year

- The Costly Threat That Many Businesses Fail to Address

- European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

- Understanding Cyber Threat Intelligence for Business Security

- Hackers Are Finding Ways to Evade Latest Cyber Security Tools

- Study Shows a 27% Spike in Publicly Known Ransomware Victims

- Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

- Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

- 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Boards Need Better Conversations About Cyber Security

In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.

Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.

As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.

https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

  • Uber’s Ex-Security Chief Sentenced for Security Breach

Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.

The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.

https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347

  • Global Cyber Attacks Rise by 7% in Q1 2023

Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.

The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.

https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/

  • Three-Quarters of Firms Predict a Breach in the Coming Year

Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.

While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.

Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.

https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/

  • The Costly Threat That Many Businesses Fail to Address

Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.

Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.

Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.

https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/

  • European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.

Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.

Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.

https://www.itsecurityguru.org/2023/05/03/european-data-at-risk-with-tick-box-gdpr-compliance-and-high-cyberattack-volumes

  • Understanding Cyber Threat Intelligence for Business Security

Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.

Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.

https://www.forbes.com/sites/forbestechcouncil/2023/05/04/understanding-cyber-threat-intelligence-for-business-security

  • Hackers Are Finding Ways to Evade Latest Cyber Security Tools

As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.

Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.

https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html

  • Study Shows a 27% Spike in Publicly Known Ransomware Victims

A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.

The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.

https://www.msspalert.com/cybersecurity-news/guidepoint-study-shows-a-27-spike-in-public-ransomware-victims/

  • Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).

Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.

https://www.theregister.com/2023/05/02/data_breach_costs_rise/

  • Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.

https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/

  • 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.

  • Recognise that priorities have evolved.

  • Understand that security burdens have changed.

  • Understand why, despite best efforts, criminals are still successful.

  • Evaluate the ways in which you are protecting your most vulnerable data.

https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2023/05/02/4-ways-leaders-should-reevaluate-their-cybersecuritys-focus/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Governance, Risk and Compliance

Secure Disposal

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors



Tools and Controls



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 April 2023

Black Arrow Cyber Threat Briefing 14 April 2023:

-Almost Half of Former Employees Say Their Passwords Still Work

-Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

-Printers Pose Persistent Yet Overlooked Threat

-Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

-Over 90% of Organisations Find Threat Hunting a Challenge

-75% of Organisations Have Suffered a Cyber Security Breach

-Leak Shows Evolving Russian Cyber War Capabilities

-Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

-When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

-Insider Threat and Ransomware: A Growing Issue

-How LockBit Changed Cyber Security Forever

-Hybrid Work Environments Are Stressing CISOs

-Protect Your Data with a USB Condom

-Strategising Cyber Security: Why a Risk-based Approach is Key

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

  • Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

  • Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

  • Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

  • Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

  • 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

  • 97% of organisations indicated they are experiencing private cloud problems.

  • 75% have experienced a cyber security breach, threat and/or theft of data.

  • 75% said shadow IT “impairs their ability to keep data secure.”

  • 60% allow employees to download sensitive data to their personal devices.

  • 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

  • 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

  • Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

  • Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

  • When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

  • Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

  • How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

  • Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

  • Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

  • Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities



Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 April 2023

Black Arrow Cyber Threat Briefing 07 April 2023:

-15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

-New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

-Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

-IT and Security Pros Pressured to Keep Quiet About Data Breaches

-Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard"

-Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

-MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

-Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

-GCHQ Updates Security Guidance for Boards

-More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

-For Cyber Crime Gangs, Professionnalisation Comes With “Corporate” Headaches

-UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

-Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

-Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.

Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.

https://www.bleepingcomputer.com/news/security/15-million-public-facing-services-vulnerable-to-cisa-kev-flaws/

  • New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.

https://www.itsecurityguru.org/2023/04/03/new-research-highlights-increased-security-risks-posed-by-remote-working-and-bring-your-own-device-policies/

  • Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.

54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.

A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.

https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/

  • IT and Security Pros Pressured to Keep Quiet About Data Breaches

It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.

At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.

52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.

Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.

https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/

  • Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard

Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.

https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard

  • Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.

https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/

  • MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.

When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.

ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.

Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.

https://www.msspalert.com/cybersecurity-research/msps-a-favored-target-of-supply-chain-and-infrastructure-attacks-connectwise-reports/

  • Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

  • GCHQ Updates Security Guidance for Boards

The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.

Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.

https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/

  • More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.

https://www.msspalert.com/cybersecurity-research/splunk-details-increase-in-data-breaches-downtime-due-to-cybersecurity-issues/

  • For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches

Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.

https://www.darkreading.com/vulnerabilities-threats/cybercrime-professionalization-gangs-corporate-headaches

  • UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.

https://www.theguardian.com/technology/2023/apr/03/uks-offensive-hacking-unit-takes-on-military-opponents-and-terrorist-groups

  • Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.

https://www.euronews.com/next/2023/03/31/man-ends-his-life-after-an-ai-chatbot-encouraged-him-to-sacrifice-himself-to-stop-climate-

  • Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress.  Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.

https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors






Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 March 2023

Black Arrow Cyber Threat Briefing 17 March 2023:

-Almost Half of IT Leaders Consider Security as an Afterthought

-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

-Over 721 Million Passwords Were Leaked in 2022

-How Much of a Cyber Security Risk are Suppliers?

-90% of £5m+ Businesses Hit by Cyber Attacks

-Rushed Cloud Migrations Result in Escalating Technical Debt

-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

-Microsoft Warns of Large-Scale Use of Phishing Kits

-BEC Volumes Double on Phishing Surge

-The Risk of Pasting Confidential Company Data in ChatGPT

-Ransomware Attacks have Entered a New Phase

-MI5 Launches New Agency to Tackle State-Backed Attacks

-Why Cyber Awareness Training is an Ongoing Process

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

  • Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

  • Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

  • How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

  • 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

  • Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

  • Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

  • Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

  • BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

  • The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

  • Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

  • MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

  • Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

AML/CFT/Sanctions

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 March 2023

Black Arrow Cyber Threat Briefing 10 March 2023:

-Business Email Compromise Attacks Can Take Just Hours

-Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

-Just 10% of Firms Can Resolve Cloud Threats in an Hour

-MSPs in the Crosshair of Ransomware Gangs

-Stolen Credentials Increasingly Empower the Cyber Crime Underground

-It’s Time to Assess the Potential Dangers of an Increasingly Connected World

-Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

-Developers Leaked 10m Credentials Including Passwords in 2022

-Cyber Threat Detections Surges 55% In 2022

-European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

-Employees Are Feeding Sensitive Business Data to ChatGPT

-Is Ransomware Declining? Not So Fast Experts Say

-Preventing Corporate Data Breaches Starts With Remembering That Leaks Have Real Victims

-Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

-Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Business Email Compromise Attacks Can Take Just Hours

Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.

https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.

https://www.itsecurityguru.org/2023/03/08/research-reveals-password-still-the-most-common-term-used-by-hackers-to-breach-enterprise-networks/

Just 10% of Firms Can Resolve Cloud Threats in an Hour

Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/

MSPs in the Crosshairs of Ransomware Gangs

Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.

https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/

Stolen Credentials Increasingly Empower the Cyber Crime Underground

Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.

https://www.csoonline.com/article/3690409/stolen-credentials-increasingly-empower-the-cybercrime-underground.html#tk.rss_news

It’s Time to Assess the Potential Dangers of an Increasingly Connected World

As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.

https://www.imf.org/en/Blogs/Articles/2023/03/02/mounting-cyber-threats-mean-financial-firms-urgently-need-better-safeguards

Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022

Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.

https://www.darkreading.com/application-security/inside-threat-developers-leaked-10m-credentials-passwords-2022

Cyber Threat Detections Surges 55% In 2022

Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.

https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/

European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.

https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6

Employees Are Feeding Sensitive Business Data to ChatGPT

1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.

https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears

Is Ransomware Declining? Not So Fast Experts Say

Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).

https://www.techtarget.com/searchsecurity/news/365532201/Is-ransomware-declining-Not-so-fast-experts-say

Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims

The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.

https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/

Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.

https://www.zdnet.com/article/faced-with-likelihood-of-ransomware-attacks-businesses-still-choosing-to-pay-up/

Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.

https://www.theglobeandmail.com/business/careers/article-experts-see-growing-need-for-cybersecurity-workers-as-one-in-six-jobs/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Asset Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 February 2023

Black Arrow Cyber Threat Briefing 10 February 2023:

-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian

-Fraud Set to Be Upgraded as a Threat to National Security

-98% of Attacks are Not Reported by Employees to their Employers

-UK Second Most Targeted Nation Behind America for Ransomware

-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

-An Email Attack Can End Up Costing You Over $1 Million

-Cyber Crime Shows No Signs of Slowing Down

-Surge of Swatting Attacks Targets Corporate Executive and Board Members

-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

-PayPal and Twitter Abused in Turkey Relief Donation Scams

-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

  • Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

  • 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

  • UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

  • Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

  • An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

  • Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

  • Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

  • Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

  • Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

  • Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

  • PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

  • Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Malvertising

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 January 2023

Black Arrow Cyber Threat Briefing 20 January 2023:

-Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

-Cost of Data Breaches to Global Businesses at Five-Year High

-European Data Protection Authorities Issue Record €2.92 Billion In GDPR Fines, an Increase of 168%

-PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

-Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

-Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

-EU Cyber Resilience Regulation Could Translate into Millions in Fines

-Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

-New Report Reveals CISOs Rising Influence

-ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

-Mailchimp Discloses a New Security Breach, the Second One in 6 Months

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.

"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."

Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.

"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."

https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/

  • Cost of Data Breaches to Global Businesses at Five-Year High

Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:

  • Since 2018 the median IT budgets for cyber security more than tripled.

  • Between 2020 and 2022 cyber-attacks increased by over a quarter.

  • Businesses are increasing their cyber security budgets year-on-year.

In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).

Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.

Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.

https://www.itsecurityguru.org/2023/01/18/cost-of-data-breaches-to-global-businesses-at-five-year-high/

  • European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.

Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).

The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.

https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_news

  • PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."

PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.

According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

  • Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.

Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.

A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”

Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.

Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.

https://www.telegraph.co.uk/business/2023/01/13/royal-mail-boss-face-mps-questions-russian-ransomware-attack/

  • Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.

In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.

As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.

Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.

It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.

As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.

Remember always that cyber security should be a non-negotiable feature of all business transactions.

https://informationsecuritybuzz.com/third-party-risk-management-why-2023-could-be-the-perfect-time-to-overhaul-your-tprm-program/

  • EU Cyber Resilience Regulation Could Translate into Millions in Fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.

According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.

“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.

The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.

Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.

https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/

  • Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.

Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”

They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.

Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.

More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.

https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

  • New Report Reveals CISOs Rising Influence

Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence

  • ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.

One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.

Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.

ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.

https://www.calcalistech.com/ctechnews/article/sj0lfp11oi

  • Mailchimp Discloses a New Security Breach, the Second One in 6 Months

The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.

Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”

The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.

https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – North Korea

Nation State Actors – Iran

Nation State Actors – Misc


Vulnerability Management

Vulnerabilities



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 13 January 2023

Black Arrow Cyber Threat Briefing 13 January 2023:

-Quarter of UK SMBs Hit by Ransomware in 2022

-Global Cyber Attack Volume Surges 38% in 2022

-1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data

-AI-Generated Phishing Attacks Are Becoming More Convincing

-Customer and Employee Data the Top Prize for Hackers

-Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services

-The Guardian Confirms Personal Information Compromised in Ransomware Attack

-Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans

-The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize

-Corrupted File to Blame for Computer Glitch which Grounded Every US Flight

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Quarter of UK SMBs Hit by Ransomware in 2022

Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from anti-virus provider Avast. The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.

More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance. They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.

Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost. More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).

Avast argued that SMBs are among the groups most vulnerable to cyber-threats as they often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are SMB’s lacking in their defence, but they’re also slower and less able to react to incidents.

https://www.infosecurity-magazine.com/news/quarter-of-uk-smbs-hit-ransomware/

  • Global Cyber Attack Volume Surges 38% in 2022

The number of cyber attacks recorded last year was nearly two-fifths (38%) greater than the total volume observed in 2021, according to Check Point.

The security vendor claimed the increase was largely due to a surge in attacks on healthcare organisations, which saw the largest year-on-year (YoY) increase (74%), and the activities of smaller, more agile hacking groups.

Overall, attacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organisation. The average weekly figures for the year were highest for education sector organisations (2314), government and military (1661) and healthcare (1463).

Threat actors appear to have capitalised on gaps in security created by the shift to remote working. The ransomware ecosystem is continuing to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement. Hackers are also now increasingly widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.

It is predicted that AI tools like ChatGPT would help to fuel a continued surge in attacks in 2023 by making it quicker and easier for bad actors to generate malicious code and emails.

Recorded cyber-attacks on US organisations grew 57% YoY in 2022, while the figure was even higher in the UK (77%). This chimes with data from UK ISP Beaming, which found that 2022 was the busiest year on record for attacks. It recorded 687,489 attempts to breach UK businesses in 2022 – the equivalent of one attack every 46 seconds.

https://www.infosecurity-magazine.com/news/global-cyberattack-volume-surges/

  • 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data

New research from cyber security provider Hornetsecurity has found that 33% of companies are not providing any cyber security awareness training to users who work remotely.

The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely. The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe.

Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk.

The independent survey, which quizzed 925 IT professionals from a range of business types and sizes globally, highlighted the security management challenges and employee cyber security risk when working remotely. The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cyber security or how to reduce the risk of a cyber-attack or breach.

https://www.darkreading.com/vulnerabilities-threats/1-in-3-organizations-do-not-provide-any-cybersecurity-training-to-remote-workers-despite-a-majority-of-employees-having-access-to-critical-data

  • AI-Generated Phishing Attacks Are Becoming More Convincing

It's time for you and your colleagues to become more sceptical about what you read.

That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harass, and spread fake news.

Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. Amongst the use cases explored by the research were the use of GPT-3 models to create:

  • Phishing content – emails or messages designed to trick a user into opening a malicious attachment or visiting a malicious link

  • Social opposition – social media messages designed to troll and harass individuals or to cause brand damage

  • Social validation – social media messages designed to advertise or sell, or to legitimise a scam

  • Fake news – research into how well GPT-3 can generate convincing fake news articles of events that weren’t part of its training set

All of these could, of course, be useful to cyber criminals hell-bent on scamming the unwary or spreading unrest.

https://www.tripwire.com/state-of-security/ai-generated-phishing-attacks-are-becoming-more-convincing

  • Customer and Employee Data the Top Prize for Hackers

The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from cyber security solution provider Imperva.

The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report “More Lessons Learned from Analysing 100 Data Breaches”.

Their analysis found that theft of credit card information and password details dropped by 64% compared to 2021. The decline in stolen credit card and password data pointing to the uptake of basic security tactics like multi-factor authentication (MFA). However, in the long term, PII data is the most valuable data to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponised by hackers.

The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.

It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate. A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.

https://www.infosecurity-magazine.com/news/customer-employee-data-hackers/

  • Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services

Royal Mail experienced “severe service disruption” to its international export services following a ransomware attack, the company has announced. A statement said it was temporarily unable to despatch export items including letters and parcels to overseas destinations.

Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue” and advising that “Some customers may experience delay or disruption to items already shipped for export.”

The attack was later attributed to LockBit, a prolific ransomware gang with close ties to Russia. Both the NCSC and the NCA were involved in responding to the incident.

https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html

  • The Guardian Confirms Personal Information Compromised in Ransomware Attack

British news organisation The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.

The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.

Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case. In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyber attack was likely the result of phishing.

They also announced that the personal information of UK staff members was compromised in the attack, but said that reader data and the information of US and Australia staff was not impacted. “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely,” the Guardian representatives said. While the attack forced the Guardian staff to work from home, online publishing has been unaffected, and production of daily newspapers has continued as well.

“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” the Guardian said.

The company continues to work on recovery and estimates that critical systems would be restored in the next two weeks. Staff, however, will continue to work from home until at least early February. “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries,” the Guardian said.

https://www.securityweek.com/guardian-confirms-personal-information-compromised-ransomware-attack

  • Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans

Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom.

Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers."

The UK hack may have turned up even more confidential information than the Los Angeles school system breach last year. As the BBC reported on Jan. 6, "One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions."

Some prominent school cyber attacks in the US include public school districts in Chicago, Baltimore, and Los Angeles. A new study from digital learning platform Clever claims that one in four schools experienced a cyber-incident over the past year, and according to a new report from security software vendor Emsisoft, at least 45 school districts and 44 higher learning institutions suffered ransomware attacks in 2022.

Schools are an attractive target as they are typically data-rich and resource-poor. Without proper resources in terms of dedicated staffing and the necessary tools and training to protect against cyber-attacks, schools can be a soft target. Many of the 14 schools hit by this latest leak are colleges and universities, but primary and secondary schools were also hit, according to the BBC's list.

https://www.darkreading.com/attacks-breaches/vice-society-releases-info-stolen-uk-schools-passport-scans

  • The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize

Cyber security experts say 2022 may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Criminal groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when they realise that it works to do damage or to get people to pay. Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked.

What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. There have already been large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.

In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cyber security from the beginning.

https://www.cnbc.com/2023/01/09/the-dark-webs-criminal-minds-see-iot-as-the-next-big-hacking-prize.html

  • Corrupted File to Blame for Computer Glitch which Grounded Every US Flight

A corrupted file has been blamed for a glitch on the Federal Aviation Administration's computer system which saw every flight grounded across the US.

All outbound flights were grounded until around 9am Eastern Time (2pm GMT) on Wednesday as the FAA worked to restore its Notice to Air Missions (NOTAM) system, which alerts pilots of potential hazards along a flight route.

On Wednesday 4,948 flights within, into or out of the US had been delayed, according to flight tracker FlightAware.com, while 868 had been cancelled. Most delays were concentrated along the East Coast. Normal air traffic operations resumed gradually across the US following the outage to the NOTAM system that provides safety information to flight crews.

A corrupted file affected both the primary and the backup systems, a senior government official told NBC News on Wednesday night, adding that officials continue to investigate. Whilst Government officials said there was no evidence of a cyber attack, it shows the real world impacts that an outage or corrupted file can cause.

https://news.sky.com/story/all-flights-across-us-grounded-due-to-faa-computer-system-glitch-us-media-12784252


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – Iran

Nation State Actors – Misc


Vulnerability Management

Applications Five Years or Older Likely to have Security Flaws - Infosecurity Magazine (infosecurity-magazine.com)

Patch Where it Hurts: Effective Vulnerability Management in 2023 (thehackernews.com)

70% of apps contain at least one security flaw after 5 years in production - Help Net Security

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

Does a hybrid model for vulnerability management make sense? • Graham Cluley

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 06 January 2023

Black Arrow Cyber Threat Briefing 06 January 2023:

-Cyber War in Ukraine, Ransomware Fears Drive Surge in Demand for Threat Intelligence Tools

-Cyber Premiums Holding Firms to Ransom

-Ransomware Ecosystem Becoming More Diverse For 2023

-Attackers Evolve Strategies to Outmanoeuvre Security Teams

-Building a Security-First Culture: The Key to Cyber Success

-Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue

-First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)

-Data of 235 Million Twitter Users Leaked Online

-16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, Infrastructure

-Ransomware Gang Apologizes, Gives SickKids Hospital Free Decryptor

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber War in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools

Amid the heightened fear of ransomware in 2022, threat intelligence emerged as a core requirement of doing business in a world gone mad.

A sizable amount of interest in the historically tech-centric discipline was fuelled in part by fear of cyber attacks tied to the war between Russia and Ukraine. In one example, the Ukrainian government warned the world that the Russian military was planning for multi-pronged attacks targeting the energy sector. Other nation-state cyber attack operations also contributed to the demand, including one June 2022 incident were Iran’s Cobalt Mirage exploited PowerShell vulnerabilities to launch ransomware attacks.

And of course, headlines of data breaches tied to vulnerabilities that organisations did not even know existed within their networks caught the attention not just of security teams, but the C-Suite and corporate board. A misconfigured Microsoft server, for example, wound up exposing years of sensitive data for tens of thousands of its customers, including personally identifiable information, user data, product and project details and intellectual property.

Indeed, according to 183 security pros surveyed by CyberRisk Alliance Business Intelligence in June 2022, threat intelligence has become critical in arming their security operations centres (SOCs) and incident response teams with operational data to help them make timely, informed decisions to prevent system downtime, thwart the theft of confidential data, and protect intellectual property.

Threat intelligence has emerged as a useful tool for educating executives. Many also credited threat intelligence for helping them protect their company and customer data — and potentially saving their organisation's reputation.

https://www.scmagazine.com/resource/threat-intelligence/2022-year-in-review-threat-intelligence-tools

  • Cyber Premiums Holding Firms to Ransom

Soaring premiums for cyber security insurance are leaving businesses struggling to pay other bills, a key industry player has warned.

Mactavish, which buys insurance policies on behalf of companies, said that more than half of big businesses that had bought cyber security insurance had been forced to make cuts elsewhere to pay for it.

In a survey of 200 companies with a turnover above £10 million, Mactavish found that businesses were reducing office costs and staff bonuses and were cutting other types of insurance to meet the higher payments.

Last month Marsh, an insurance broker, revealed that costs for cyber insurance had increased by an average of 66 per cent in the third quarter compared with last year.

Meanwhile, the risk to businesses from hackers continues to rise. A government report on digital threats, published this month, showed the proportion of businesses experiencing cyber security incidents at least monthly had increased from 53 per cent to 60 per cent in the past year. Uber, Cisco and InterContinental Hotels Group were among high-profile targets this year.

https://www.thetimes.co.uk/article/cyber-safety-premiums-hold-firms-to-ransom-tnrsz3vs2

  • Ransomware Ecosystem Becoming More Diverse for 2023

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratisation of ransomware is bad news for organisations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms.

Since 2019 the ransomware landscape has been dominated by big and professionalised ransomware operations that constantly made the news headlines and even looked for media attention to gain legitimacy with potential victims. We've seen ransomware groups with spokespeople who offered interviews to journalists or issued "press releases" on Twitter and their data leak websites in response to big breaches.

The DarkSide attack against Colonial Pipeline that led to a major fuel supply disruption along the US East Coast in 2021 highlighted the risk that ransomware attacks can have against critical infrastructure and led to increased efforts to combat this threat at the highest levels of government. This heightened attention from law enforcement made the owners of underground cyber crime forums reconsider their relationship with ransomware groups, with some forums banning the advertising of such threats. DarkSide ceased operations soon thereafter and was followed later in the year by REvil, also known as Sodinokibi, whose creators were indicted and one was even arrested. REvil was one of the most successful ransomware groups since 2019.

Russia's invasion of Ukraine in February 2022 quickly put a strain on the relationship between many ransomware groups who had members and affiliates in both Russia and Ukraine, or other former USSR countries. Some groups, such as Conti, rushed to take sides in the war, threatening to attack Western infrastructure in support of Russia. This was a departure from the usual business-like apolitical approach in which ransomware gangs had run their operations and drew criticism from other competing groups.

This was also followed by a leak of internal communications that exposed many of Conti's operational secrets and caused uneasiness with its affiliates. Following a major attack against the Costa Rican government the US State Department put up a reward of $10 million for information related to the identity or location of Conti's leaders, which likely contributed to the group's decision to shut down operations in May.

Conti's disappearance led to a drop in ransomware activity for a couple of months, but it didn't last long as the void was quickly filled by other groups, some of them newly set up and suspected to be the creation of former members of Conti, REvil and other groups that ceased operations over the past two years.

https://www.csoonline.com/article/3684248/ransomware-ecosystem-becoming-more-diverse-for-2023.html#tk.rss_news

  • Attackers Evolve Strategies to Outmanoeuvre Security Teams

Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyber attacks in 2023, favoured over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to cyber security solution provider Titaniam.

The fast pace of change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers. To compete in the digital marketplace, large companies are adopting more cloud services, aggregating data, pushing code into production faster, and connecting applications and systems via APIs.

As a result, misconfigured services, unprotected databases, little-tested applications, and unknown and unsecured APIs abound, all of which can be exploited by attackers.

The top four threats in 2022 were malware (30%), ransomware and extortion (27%), insider threats (26%), and phishing (17%).

The study found that enterprises expected malware (40%) to be their biggest challenge in 2023, followed by insider threats (26%), ransomware and related extortion (21%), and phishing (16%).

Malware, however, has more enterprises worried for 2023 than it did for 2022. It is important to note that these threats can overlap, where insiders can have a hand in ransomware attacks, phishing can be a source of malware, etc.

Attackers are evolving their strategies to surprise and outmanoeuvre security teams, which have hardened ransomware defences and improved phishing detection. They’re using new malware, such as loaders, infostealers, and wipers to accelerate attacks, steal sensitive data and create mayhem.

They’re also buying and stealing employee credentials to walk in through the front door of corporate networks.

https://www.helpnetsecurity.com/2023/01/04/attackers-evolve-strategies-outmaneuver-security-teams/

  • Building a Security-First Culture: The Key to Cyber Success

Everyone has heard a car alarm go off in the middle of the night, but how often does that notification actually lead to action? Most people will hear the alarm, glance in its direction and then hope the owner will quickly remedy the situation.

Cars alarms often fail because they go off too often, leading to apathy and annoyance instead of being a cause for emergency. For many, cyber security has also become this way. While we see an increase in the noise surrounding the need for organisations to improve the security skillset and knowledge base of employees, there continues to be little proactive action on this front. Most organisations only provide employees with elementary-grade security training, often during their initial onboarding process or as part of a standard training requirement.

At the same time, many organisations also make the grave mistake of leaving all of their security responsibilities and obligations in the hands of IT and security teams. Time and time again, this approach has proven to be highly ineffective, especially as cyber criminals refine their social engineering tactics and target user accounts to execute their attacks.

Alarmingly, recent research found that 30% of employees do not think that they play a role in maintaining their company’s cyber security posture. The same report also revealed that only 39% of employees say they are likely to report a security incident.

As traditional boundaries of access disintegrate and more employees obtain permissions to sensitive company data and systems to carry out their tasks, business leaders must change the mindset of their employees when it comes to the role they play in keeping the organisation safe from cyber crime. The key is developing an integrated cyber security strategy that incorporates all aspects—including all stakeholders—of the organisation. This should be a strategy that breaks down departmental barriers and creates a culture of security responsibility where every team member plays a part.

https://www.forbes.com/sites/forbestechcouncil/2023/01/03/building-a-security-first-culture-the-key-to-cyber-success/

  • Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue

Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalogue to help federal agencies and critical infrastructure organisations identify and remediate vulnerabilities that are actively being exploited. CISA added 548 new vulnerabilities to the catalogue across 58 updates from January to end of November 2022, according to cyber security solution provider Grey Noise in its first-ever "GreyNoise Mass Exploits Report."

Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalogue's existence.

Actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalogue in 2022, Grey Noise found. Seventy-seven percent of the updates to the KEV catalogue were older vulnerabilities dating back to before 2022. Many of these vulnerabilities have been around for two decades.

Several of the vulnerabilities in the KEV catalogue are from products that have already entered end-of-life (EOL) and end-of-service-life (EOSL), according to an analysis by a team from cyber security solution provider Cyber Security Works. Even though Windows Server 2008 and Windows 7 are EOSL products, the KEV catalogue lists 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

Even though the catalogue was originally intended for critical infrastructure and public-sector organisations, it has become the authoritative source on which vulnerabilities are – or have been – exploited by attackers. This is key because the National Vulnerability Database (NVD) assigned Common Vulnerabilities and Exposures (CVE) identifiers for over 12,000 vulnerabilities in 2022, and it would be unwieldy for enterprise defenders to assess every single one to identify the ones relevant to their environments. Enterprise teams can use the catalogue's curated list of CVEs under active attack to create their priority lists.

https://www.darkreading.com/edge-threat-monitor/adobe-apple-cisco-microsoft-flaws-make-up-half-of-kev-catalog

  • First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)

In the past week, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. The company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organisations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.

It’s possible that some or all of these breaches are related. The Internet relies on a massive ecosystem of content delivery networks, authentication services, software development tool makers, and other companies. Threat actors frequently hack one company and use the data or access they obtain to breach that company's customers or partners. That was the case with the August breach of security provider Twilio. The same threat actor targeted 136 other companies. Something similar played out in the last days of 2020 when hackers compromised Solar Winds, gained control of its software build system, and used it to infect roughly 40 Solar Winds customers.

For now, people should brace themselves for additional disclosures from companies they rely on. Checking internal system logs for suspicious entries, turning on multifactor authentication, and patching network systems are always good ideas, but given the current events, those precautions should be expedited. It’s also worth checking logs for any contact with the IP address 54.145.167.181, which one security practitioner said was connected to the CircleCI breach.

https://arstechnica.com/information-technology/2023/01/first-lastpass-now-slack-and-circleci-the-hacks-go-on-and-will-likely-worsen/

  • Data of 235 Million Twitter Users Leaked Online

A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analysed it and confirmed the authenticity of many of the entries in the huge leaked archive.

In January 2022, a report claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data, and was present within the social media platforms application programming interface (API) from June 2021 until January 2022.

At the end of July 2022, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting the forementioned, now-fixed vulnerability in the popular social media platform. The scraped data was then put up for sale on various online cyber crime marketplaces. In August, Twitter confirmed that the data breach was caused by a now-patched zero-day flaw.

In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it. The seller claimed the database is private, and he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of special usernames.

https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html

  • 16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, and Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.

Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personally identifiable information (PII) belonging to customers and employees, and account takeover, among others. The hacks targeted telematic systems, automotive APIs, and infrastructure.

Impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. The vulnerabilities were identified over the course of 2022. Car manufacturers were informed about the security holes and they released patches.

According to the researchers, they were able to send commands to Acura, Genesis, Honda, Hyundai, Kia, Infiniti, Nissan, and Porsche vehicles.

Using only the VIN (vehicle identification number), which is typically visible on the windshield, the researchers were able to start/stop the engine, remotely lock/unlock the vehicle, flash headlights, honk vehicles, and retrieve the precise location of Acura, Honda, Kia, Infiniti, and Nissan cars.

They could also lock users out of remote vehicle management and could change car ownership.

https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure

  • Ransomware Gang Apologises, and Gives SickKids Hospital Free Decrypter

The LockBit ransomware gang has released a free decrypter for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organisation. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.

On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.

On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. Two days after SickKids' latest announcement, the LockBit ransomware gang apologised for the attack on the hospital and released a decrypter for free.

“We formally apologise for the attack on sikkids.ca and give back the decrypter for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate programme," stated the ransomware gang.

https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Encryption

API

Open Source

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Secure Disposal

Backup and Recovery

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine






Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Informational 05/01/2023 – Twitter Data Leak

Black Arrow Cyber Informational 05/01/2023 – Twitter Data Leak

Executive Summary

A data leak containing the email addresses for over 200 million Twitter users has been published on a popular hacking forum for free. The leak appears to be the same as the one reported in December 2022, with a number of experts confirming the authenticity of entries in the leak.

What’s the risk to me or my business?

The leak contains details of Twitter users and their email addresses, which could be used by threat actors to conduct phishing attacks against accounts.

What can I do?

Although no immediate response is required, Black Arrow recommends that any individual or organisation which has used twitter remains vigilant and on the lookout for potential phishing attacks

Further information on the data leak be found here: https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatintelligence #cybersecurity

Read More