Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Group Targeting MSPs Worldwide in New Campaign

Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.

The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.

Source [Dark Reading]

As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable

Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.

Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.

This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.

Sources [WWD] [InfoSecurity Magazine] [CRN]

Business Email Compromise Attack Costs Far Exceeding Ransomware Losses

Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.

Source [ITPro]

Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible

According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.

A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.

With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.

Sources [Tech Radar] [Makeuseof]

Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations

In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.

Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.

Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]

LinkedIn Suffers Significant Wave of Account Hacks

LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.

With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.

Source [Dark Reading]

High Net-Worth Families are at Risk of Cyber Crime

A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.

A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.

Source [Campdenfb]

Cyber Attack Rule Raises Insurance Risks for Corporate Officers

The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.

Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.

Whilst this is only in the US at the moment, other developed nations are likely to follow suit.

Source [Bloomberg Law]

PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously

The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.

The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.

Source [The Guardian]

The Imperative of Cyber Preparedness: The Power of Tabletop Exercises

Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.

A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.

Source [JDSupra]

Why Are Phones a Cyber Security Weak Spot?

Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.

Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.

Source [Tech Shout]

Governance, Risk and Compliance

• Hedge Fund Cyber security Trends Report says Majority Firms Report a Surge in Cyber Attacks - ITSecurityWire

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• 1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru

• Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• The Imperative of Cyber Preparedness: The Power of Tabletop Exercises | Bradley Arant Boult Cummings LLP - JDSupra

• Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)

• Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• 4 reasons to understand technology risks when buying a business (businessplus.ie)

• What did you say? Boards tackle corporate jargon | Fortune

• Boards Don't Want Security Promises — They Want Action (darkreading.com)

• Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)

• How threats to mid-sized businesses impact us all - Help Net Security

• 7 Reasons People Don't Understand What You Tell Them (darkreading.com)

• 6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Threats

Ransomware, Extortion and Destructive Attacks

• Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)

• Ransomware Surges With 1500 Confirmed Victims This Year - Infosecurity Magazine (infosecurity-magazine.com)

• 'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)

• As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN

• Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)

• Companies are finding it harder to detect ransomware | TechRadar

• Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)

• Ransomware: To pay or not to pay - Help Net Security

• Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW

• 'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• It's time for companies to double down on cyber security measures as ransomware attacks rise, say experts | CBC News

• Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek

• Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)

• Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the US and IT Integrator in Latin America (databreaches.net)

• Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)

• 3 strategies that can help stop ransomware before it becomes a crisis | CSO Online

• Latitude Financial takes profit hit from major cyber attack | The West Australian

• MOVEit cyber attack ignites worry about retirement plan fiduciary responsibility | Pensions & Investments (pionline.com)

• Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)

• Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)

• HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED

• Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)

• How to Create a Ransomware Incident Response Plan (techtarget.com)

Ransomware Victims

• Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)

• Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)

• Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• LockBit claims seven new victims in ransomware spree (techmonitor.ai)

• Cyber attack strikes Prince George's County schools, district says - The Washington Post

• Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Inside Housing - News - Hackney to procure new IT system after cyber attack

• Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)

• Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)

• Alberta dental benefits administrator hit by cyber attack | Edmonton Sun

Phishing & Email Based Attacks

• Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)

• If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)

• Business email compromise attack costs far exceeding ransomware losses | ITPro

• Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine

• Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)

• Email – The System Running Since 71’ - SecurityWeek

• 3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)

• Most consumers can't spot phishing scams | TechRadar

• Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)

• Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)

• What Is a Blank Image Phishing Scam? (makeuseof.com)

• Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

• Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE

• Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)

• 30% of phishing threats involve newly registered domains - Help Net Security

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)

BEC – Business Email Compromise

• Business email compromise attack costs far exceeding ransomware losses | ITPro

Artificial Intelligence

• Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt

• 66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices - IT Security Guru

• ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)

• AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)

• New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru

• Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine

• Navigating generative AI risks and regulatory challenges - Help Net Security

• Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger

• Top 10 AI Security Risks According to OWASP (trendmicro.com)

• AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)

• Cyber security practitioners' generative AI dilemma (iapp.org)

• People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

2FA/MFA

• How to prevent multifactor authentication fatigue attacks - SiliconANGLE

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

Malware

• Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)

• Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• Malware could be hiding on your Mac thanks to faults in Apple’s Background Task Manager | Tom's Guide (tomsguide.com)

• An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED

• Macs are getting compromised to act as proxy exit nodes - Help Net Security

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealers-Security Affairs

• Malware Dwell Time: Everything You Need to Know (makeuseof.com)

• Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)

• Security Researchers Publish Gigabud Banking Malware Analysis - Infosecurity Magazine (infosecurity-magazine.com)

• Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)

• Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag

• New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

• Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)

• Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | Cyber scoop

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Turns out AI probably isn't very good at writing malware • The Register

• Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)

Mobile

• Why Are Phones A Cyber security Weak Spot? - TechShout

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)

• 3 Mobile or Client-Side Security Myths Debunked (darkreading.com)

• Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)

• Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)

• FBI warns of money-stealing fake beta-release mobile apps • The Register

• Three reasons why your smartphone needs security protection (securitybrief.co.nz)

• Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)

• This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch

Botnets

• Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)

• Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)

Denial of Service/DoS/DDOS

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (therecord.media)

Internet of Things – IoT

• Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)

• Is YOUR electric car vulnerable to hackers? How cyber criminals could steal personal data because of weak security at charging hubs and 'flaws' in vehicles' outdated software | Daily Mail Online

• Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)

Data Breaches/Leaks

• Electoral Commission had unpatched vulnerability on server • The Register

• PSNI and UK voter breaches show data security should be taken more seriously | Data and computer security | The Guardian

• UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)

• UK govt contractor MPD FM leaks employee passport data-Security Affairs

• Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)

• PSNI: Leaked Data Will be Used to Target Police Officers - Infosecurity Magazine (infosecurity-magazine.com)

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Over 100 Court Service agency workers warned of payslip security breach after cyber attack | BelfastTelegraph.co.uk

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• Alberta Dental Services Security Breach Exposes 1.47M Records - Infosecurity Magazine (infosecurity-magazine.com)

• The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)

• Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)

• Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch

• teiss - News - Ernst & Young says MOVEit Transfer hack impacted over 30,000 Bank of America customers

• Man arrested in Northern Ireland police data leak • The Register

• teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company

• Here’s what you need to do after your personal data is breached (telegraph.co.uk)

Organised Crime & Criminal Actors

• Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)

• Cyber security researchers become target of criminal hackers | Financial Times (ft.com)

• Credentials for cyber crime forums found on roughly 120K computers infected with info stealersSecurity Affairs

• Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)

• How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)

• Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

• File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• Web3 projects suffered from forty-two exploits within a week (coinpaper.com)

Insider Risk and Insider Threats

• The Data Behind Human Cyber Risk - GovInfoSecurity

Fraud, Scams & Financial Crime

• A Third of UK University Students Targeted By Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Former FTX CEO Sam Bankman-Fried sent to jail • The Register

• UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)

• “Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)

• Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)

• The road ahead for ecommerce fraud prevention - Help Net Security

• A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED

Insurance

• Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)

• Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)

• The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)

• Insurance Regulators ‎Continue to ‎Grapple With the Rapid Development ‎and ‎Use of Artificial ‎Intelligence | Locke Lord LLP - JDSupra

Dark Web

• Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)

Supply Chain and Third Parties

• Building Cyber security into the supply chain is essential as threats mount (att.com)

• Why the public sector still loves Capita (even though it got hacked) - Tech Monitor

• How to Ensure Cyber Resilience Across the Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)

• PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)

Software Supply Chain

• Study reveals staggering cost of vulnerable software supply chains - Plant & Works Engineering (pwemag.co.uk)

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

Cloud/SaaS

• 'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing

• Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly

• Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)

Containers

• Kubernetes clusters face widespread attacks across numerous organisations - Help Net Security

Encryption

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• WhatsApp is right to be angry about the UK’s encryption mess | The Spectator

• Google adds post-quantum encryption key protection to Chrome • The Register

API

• The Evolution of API: From Commerce to Cloud-Security Affairs

• How financial services cyber regulations are hotting up for API security (betanews.com)

Open Source

• Why a Software Bill of Materials Is Business-Critical - The Futurum Group

• Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 6 best practices to defend against corporate account takeover attacks | CSO Online

• What's the State of Credential theft in 2023? (thehackernews.com)

• Building a secure future without traditional passwords - Help Net Security

• Are browser-stored passwords secure? | Kaspersky official blog

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)

• AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)

Social Media

• LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News

• LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)

• 'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)

Malvertising

• Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser

• Malvertisers up their game against researchers (malwarebytes.com)

Training, Education and Awareness

• Tips on employee cyber security training, risks and how to manage them - Albany Business Review (bizjournals.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Sextortion suspects on trial after one victim dies • The Register

• Digital Safety Advice is Not Getting Through to Women - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Navigating generative AI risks and regulatory challenges - Help Net Security

• UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)

• ICO reprimands law firm over data breach that saw money stolen - Legal Futures

• Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra

• Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)

• How do we define “cyber worker”? The SEC’s rationale behind its new cyberincident disclosure rule. (thecyberwire.com)

• Why the “voluntary AI commitments” extracted by the White House are nowhere near enough - Help Net Security

• How financial services cyber regulations are hotting up for API security (betanews.com)

• A closer look at the new TSA oil and gas pipeline regulations - Help Net Security

• New York’s Department of Financial Services Moves to Further Bolster Cyber security Requirements | Jackson Lewis P.C. - JDSupra

Models, Frameworks and Standards

• Center for Internet Security announces secretive Microsoft partnership | StateScoop

• What's New in the NIST Cyber security Framework 2.0 (darkreading.com)

Data Protection

• Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Careers, Working in Cyber and Information Security

• 650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)

• Effectively upskilling cyber security professionals to help close the skills gap | CSO Online

• How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE

• Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)

• Vietnam admits massive shortage of infosec pros • The Register

• Heavy workloads driving IT professionals to resign - Help Net Security

• ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)

Law Enforcement Action and Take Downs

• Polish police arrest five in swoop on Cyber Crime site - TVN24

• How the FBI goes after DDoS cyber attackers | TechCrunch

• Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)

• LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams (databreaches.net)

• Sextortion suspects on trial after one victim dies • The Register

• Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)

• Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)

• Man arrested in Northern Ireland police data leak • The Register

• India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)

• Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)

Misinformation, Disinformation and Propaganda

• Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Foreign Office cyber attacks may have risked safety of civil servants and UK's allies, Tory MPs say (inews.co.uk)

• APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs

• Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)

• Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)

• Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley

• Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)

• Suspected spies for Russia held in major UK security investigation - BBC News

• Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian

China

• Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public (inews.co.uk)

• Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (thehackernews.com)

• DHS to Review Microsoft’s Security in Chinese Email Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)

• New Zealand says it is aware of China-linked intelligence activity in country | Reuters

• China teases imminent exposé of seismic US spying scheme • The Register

• Wide-ranging cyberespionage campaign by China's Ministry of State Security. Vulnerabilities in CPUs. MacOS threat trends. (thecyberwire.com)

• Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)

• 15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan

• China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says (therecord.media)

• US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch

• China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons (thehackernews.com)

Iran

• German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)

• Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)

• Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)

North Korea

• North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)

Misc/Other/Unknown

• APTs use of lesser-known TTPs are no less of a headache - Help Net Security

Vulnerability Management

• Electoral Commission had unpatched vulnerability on server • The Register

• Web app warning: 74% of apps with PII are vulnerable to a 'major exploit', report | SC Media (scmagazine.com)

Vulnerabilities

• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)

• CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)

• Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)

• Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations (thehackernews.com)

• Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)

• Magento shopping cart attack targets critical vulnerability • The Register

• New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)

• Data centers at risk due to flaws in power management software | CyberScoop

• Bugs in transportation app Moovit gave hackers free rides | TechCrunch

• Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability (thehackernews.com)

• Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News

• Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)

• AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar

• Windows 11 update install failures are reportedly happening again – and it’s breaking the built-in antivirus | TechRadar

• Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro

• Multiple Flaws Found in the Avada WordPress Theme and Plugin - Infosecurity Magazine (infosecurity-magazine.com)

• Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica

Tools and Controls

• What is Cyber security Monitoring? - MSSP Alert

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)

• AI-powered fraud detection: Strengthening security in fintech | The Financial Express

• Microsoft Teams Rooms on Windows to enhance security with meeting ID and passcode requirement - OnMSFT.com

• MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)

• Evaluate the risks and benefits of AI in cyber security | TechTarget

• How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)

• Lock Down APIs to Prevent Breaches (darkreading.com)

• How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)

• Building a secure future without traditional passwords - Help Net Security

• Passwordless is more than a buzzword among cyber security pros - Help Net Security

• SEC cyber security rules shape the future of incident management - Help Net Security

• AI a Top Risk and the Preferred Solution to Financial Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)

• Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam

• SASE and requirements of business | Professional Security

• Why You Need Continuous Network Monitoring? (thehackernews.com)

• CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE

• How poor cyber security policies disrupt business continuity - IT Security Guru

• Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert

Other News

• Cyber attacks against the UK Electoral Commission reveal an ongoing threat to democracy (techxplore.com)

• Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News

• Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)

• Government highlights cyber threat to health and social care | UKAuthority

• Why is the Education Sector a Target for Cyber Attacks? | UpGuard

• Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard

• What would an OT cyber attack really cost your organisation? | CSO Online

• Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)

• Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)

• Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)

• Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)

• Documentary shines spotlight on a central bank heist and threats from cyber criminals - BNN Bloomberg

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.