Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 01 December 2023
Black Arrow Cyber Threat Intelligence Briefing 01 December 2023:
-Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack
-Approach Cyber Security Awareness Training by Engaging People at All Levels
-Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
-Ransomware Attacks Surge 81% in October as New Threat Actors Emerge
-Hacked Microsoft Word Documents Being Used to Trick Windows Users
-Mitigating Deepfake Threats in The Corporate World
-Black Basta Ransomware Made Over $100 Million From Extortion Alone
-Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation
-Booking.com Customers Scammed in Novel Social Engineering Campaign
-Stop Panic Buying Your Security Products and Start Prioritising
-A Fifth of UK SMBs Unable to Spot Scams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Strategic Cyber Stories of the Last Week
Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack
An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.
This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.
Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]
Approach Cyber Security Awareness Training by Engaging People at All Levels
In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.
However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.
Source: [CPO Magazine]
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.
The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.
Sources: [Business Wire] [Silicon UK]
Ransomware Attacks Surge 81% in October as New Threat Actors Emerge
The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.
Source: [Security Brief]
Hacked Microsoft Word Documents Being Used to Trick Windows Users
Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.
Source: [TechRadar]
Mitigating Deepfake Threats in The Corporate World
Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.
Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.
Source: [MSSP Alert]
Black Basta Ransomware Made Over $100 Million From Extortion Alone
The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.
Source: [Bleeping Computer]
Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation
In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.
Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.
Source: [TechRadar]
Booking.com Customers Scammed in Novel Social Engineering Campaign
According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.
Source: [Infosecurity Magazine]
Stop Panic Buying Your Security Products and Start Prioritising
In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.
Source: [Help Net Security]
A Fifth of UK SMBs Unable to Spot Scams
New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire
When does it make sense to pay the ransom? | SC Media (scmagazine.com)
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)
Enterprises prepare for the inevitable cyber attack - Help Net Security
Board Support Critical For Cyber Security Defence | Silicon UK
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Long recovery times after cyber attacks could annihilate your organisation | TechRadar
The Role of the CISO in Digital Transformation (darkreading.com)
Stop panic buying your security products and start prioritizing - Help Net Security
Bridging the risk exposure gap with strategies for internal auditors - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)
Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)
Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)
Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)
How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)
When does it make sense to pay the ransom? | SC Media (scmagazine.com)
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)
Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)
Ransomware Victims
Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette
Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International
Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)
Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)
London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)
British Library contacts users after Rhysida leaks data • The Register
Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News
Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)
GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)
English council spent £1.1 million recovering from ransomware attack (therecord.media)
Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)
Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)
New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd
Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian
Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)
DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)
Top instant money provider service hacked, over a million users possibly affected | TechRadar
Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)
Phishing & Email Based Attacks
Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)
AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)
Organisations can't ignore the surge in malicious web links - Help Net Security
How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)
What custom GPTs mean for the future of phishing - Help Net Security
A reality check on email security threats in healthcare (securitybrief.co.nz)
Artificial Intelligence
Released: AI security guidelines backed by 18 countries - Help Net Security
4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)
CISA and NCSC lead efforts to raise AI security standards • The Register
Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security
AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)
A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online
Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)
Securing generative AI across the technology stack | TechCrunch
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)
What custom GPTs mean for the future of phishing - Help Net Security
8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)
Malware
Implications of “malware free” attacks on SMBs (databreaches.net)
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News
Hacked Microsoft Word documents being used to trick Windows users | TechRadar
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)
LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)
Mobile
NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Cyber pros avoid smart devices: there is a good reason | Cybernews
IoT Security Labeling Improving, But More Collaboration Needed - EE Times
Data Breaches/Leaks
App used by hundreds of schools leaking children's data (securityaffairs.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
Gulf Air exposed to data breach, 'vital operations not affected' | Reuters
General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica
DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)
Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
Leader of Killnet 'unmasked' by Russian state media • The Register
A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)
Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register
How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)
Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch
US imprisons Ukrainian SSNDOB administrator for 8 years • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)
US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)
Insurance
Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)
Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)
Supply Chain and Third Parties
Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)
Telecom Industry Association Advances Supply Chain Security | MSSP Alert
Cloud/SaaS
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News
Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)
Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar
Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)
Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)
Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon
Social Media
Training, Education and Awareness
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
8 Cyber Security Topics to Include in Your Training Program | Proofpoint US
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Regulations, Fines and Legislation
European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)
Released: AI security guidelines backed by 18 countries - Help Net Security
EU considers widening scope of cyber security regulation (finextra.com)
Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)
5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security
False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Information overload puts cyber security at risk (betanews.com)
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
More than half admit to ignoring cyber security alerts (itsecuritywire.com)
Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)
Unhappy network professionals juggling more with less - Help Net Security
Law Enforcement Action and Take Downs
Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)
CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle
Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week
New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)
Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Russia
Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO
North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)
Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)
Leader of Killnet 'unmasked' by Russian state media • The Register
Iran
Pennsylvania water facility hit by Iran-linked hackers | CyberScoop
North Texas water utility serving 2 million hit with cyber attack (therecord.media)
Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium
North Korea
North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar
North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)
US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)
Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week
Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)
Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro
Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security
Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)
Tools and Controls
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
8 Cyber Security Topics to Include in Your Training Program | Proofpoint US
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Long recovery times after cyber attacks could annihilate your organisation | TechRadar
Stop panic buying your security products and start prioritizing - Help Net Security
Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News
Building cyber resilience for tomorrow’s threats - Help Net Security
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)
AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)
Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)
What cyber security pros can learn from first responders (securityintelligence.com)
Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert
Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security
Researcher flags OpenCart security issue, founder rages • The Register
Bridging the risk exposure gap with strategies for internal auditors - Help Net Security
Reports Published in the Last Week
Other News
Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360
Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)
Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week
Implications of “malware free” attacks on SMBs (databreaches.net)
Reading Borough Council apologises for dodgy infosec advice • The Register
Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce
Paris water agency targeted in cyber attack - Emerging Risks Media Ltd
Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)
No plain sailing: modern pirates hack superyachts' cyber security | Euronews
Hackers Hijack Industrial Control System at US Water Utility - Security Week
Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)
CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)
New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 October 2022
Black Arrow Cyber Threat Briefing 28 October 2022:
-‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
-Ransomware Threat Shifts from US to EMEA and APAC
-Phishing Attacks Increase by Over 31% In Third Quarter
-UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
-HR Departments Play a Key Role in Cyber Security
-The Long-Term Psychological Effects of Ransomware Attacks
-7 Hidden Social Media Cyber Risks for Enterprises
-54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
-Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before it’s Too Late
-Enterprise Ransomware Preparedness Improving but Still Lacking
-Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
-How The "pizza123" Password Could Take Down an Organisation
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.
The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.
The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.
John Edwards, UK Information Commissioner, said:
“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.
“Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”
Ransomware Threat Shifts from US to EMEA and APAC
The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.
The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.
Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).
The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.
https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/
Phishing Attacks Increase by Over 31% In Third Quarter
Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.
Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.
According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.
As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.
While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.
The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.
As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.
UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.
UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.
According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.
Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.
Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.
https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html
HR Departments Play a Key Role in Cyber Security
A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.
Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.
Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.
Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.
To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.
https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity
The Long-Term Psychological Effects of Ransomware Attacks
Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.
The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.
They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.
Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.
Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”
One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.
A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”
https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/
7 Hidden Social Media Cyber Risks for Enterprises
Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.
According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.
And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.
With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.
Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.
https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.
An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.
Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.
The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.
41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.
Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.
Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late
According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.
One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.
The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.
Enterprise Ransomware Preparedness Improving but Still Lacking
The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.
Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.
The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.
With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:
network security (43%)
backup infrastructure security (40%)
endpoint security (39%)
email security (36%)
data encryption (36%)
Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.
Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.
If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.
But why now? And who is responsible for this latest wave of cyber attacks?
In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.
Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.
Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.
Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.
How The "pizza123" Password Could Take Down an Organisation
Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.
The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.
The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.
After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.
Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.
People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.
Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.
Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.
Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.
Threats
Ransomware and Extortion
SonicWall: Ransomware down this year, but there’s a catch • The Register
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)
How to detect Windows worm that now distributes ransomware • The Register
Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)
BlackByte ransomware affiliate also steals victims' data • The Register
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
CISA warns of ransomware attacks on healthcare providers (techtarget.com)
Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)
Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)
Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)
Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)
Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)
Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)
Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Social engineering attacks anybody could fall victim to - Help Net Security
Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com
Malware
Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)
Types of cloud malware and how to defend against them (techtarget.com)
Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)
Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)
Mobile
Internet of Things – IoT
IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)
IoT security strategy from enterprises using connected devices | Network World
Your CCTV devices can be hacked and weaponized - Help Net Security
Data Breaches/Leaks
Thomson Reuters leaked at least 3TB of sensitive data | Cybernews
See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)
Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)
Organised Crime & Criminal Actors
Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)
Interpol says metaverse opens up new world of cyber crime | Reuters
From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register
Cryptomining campaign abused free GitHub account trials (techtarget.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)
LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)
Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)
Insurance
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)
Dark Web
Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)
Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)
British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs
Software Supply Chain
How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
Consumer behaviours are the root of open source risk - Help Net Security
Denial of Service DoS/DDoS
Key observations on DDoS attacks in H1 2022 - Help Net Security
Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica
Cloud/SaaS
Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)
Top Cloud Security Challenges & How to Beat Them (trendmicro.com)
Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)
Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)
Hybrid Working
Balancing remote work privacy vs. productivity monitoring (techtarget.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
Attack Surface Management
Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)
Asset risk management: Getting the basics right - Help Net Security
Encryption
New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)
API
Open Source
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why it's time to expire mandatory password expiration policies (techtarget.com)
Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica
Biometrics
Social Media
LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)
LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)
Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)
Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)
Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Data Protection
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)
Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Russia says Starlink satellites could become military target • The Register
Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
Nation State Actors – China
Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert
Federal bans don't stop US states from buying Chinese kit • The Register
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerabilities
OpenSSL to fix the second critical flaw ever - Security Affairs
Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)
ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)
Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)
Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)
Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com
Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security
Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com
VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs
VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com
Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs
Other News
Cyber Security Risks & Stats This Spooky Season (darkreading.com)
Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)
Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)
Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security
Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)
Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)
Why dark data is a growing danger for corporations - Help Net Security
Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.