Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Security Industry Still Fighting to Recruit and Retain Talent

Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.

https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/

• How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.

Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.

https://www.reuters.com/technology/how-moveit-breach-shows-hackers-interest-corporate-file-transfer-tools-2023-06-16/

• Attackers Discovering Exposed Cloud Assets within Minutes

The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.

https://www.techtarget.com/searchsecurity/news/366542352/Attackers-discovering-exposed-cloud-assets-within-minutes

https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface

• Majority of Users Neglect Best Password Practices

The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.

https://www.infosecurity-magazine.com/news/users-neglect-best-password/

• One in Three Workers Susceptible to Phishing

More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.

Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.

https://www.infosecurity-magazine.com/news/one-in-three-phishing/

• Ransomware Misconceptions Abound, to the Benefit of Attackers

There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.

Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.

https://www.darkreading.com/vulnerabilities-threats/ransomware-misconceptions-abound-to-the-benefit-of-attackers

• Threat Actors Scale and Commoditise Uncommon Tools and Techniques

Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.

Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.

https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2023-human-factor-report-threat-actors-scale-and-commoditise

• Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.

https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/

• Security Budget Hikes are Missing the Mark, CISOs Say

Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.

The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.

https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html

https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/

• Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.

Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.

https://informationsecuritybuzz.com/understanding-cyber-resilience-building-a-holistic-approach-to-cybersecurity/

• Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally

A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.

Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.

https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally

• Financial Firms to Build Resilience in Face of Growing Cyber-Threats

Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.

Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.

https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/

• Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.

https://www.securityweek.com/fulfilling-expected-sec-requirements-for-cybersecurity-expertise-at-board-level/

Governance, Risk and Compliance

• Why assessing third parties for security risk is still an unsolved problem | CSO Online

• How DORA Will Force Financial Firms to Adopt Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating the Complex World of Cyber security Compliance - MSSP Alert

• Security budget hikes are missing the mark, CISOs say | CSO Online

• Understanding Cyber Resilience: Building A Holistic Approach To Cyber security (informationsecuritybuzz.com)

• How to Weather the Coming Cyber security Storm - Infosecurity Magazine (infosecurity-magazine.com)

• Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)

• Increased spending doesn't translate to improved cyber security posture - Help Net Security

• Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)

• CISOs’ New Stressors Brought on by Digitalization: Report - SecurityWeek

• Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek

• Decrypting Cyber Risk Quantification (trendmicro.com)

• From details to big picture: how to improve security effectiveness | CIO

• IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters

• Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cyber crime group C10p (afr.com)

• Ransomware Misconceptions Abound, to the Benefit of Attackers (darkreading.com)

• US Offers $10m Reward For MOVEit Attackers - Infosecurity Magazine (infosecurity-magazine.com)

• Data leak at Australian law firm spooks government, business • The Register

• Moveit hack: attack on BBC and BA offers glimpse into the future of cyber crime (theconversation.com)

• Fresh Ransomware Gangs Emerge As Market Leaders Decline (darkreading.com)

• Emerging Ransomware Group 8Base Doxxes SMBs Globally (darkreading.com)

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

• Rorschach Ransomware: What You Need to Know (darkreading.com)

• Ransomware is only getting faster: Six steps to a stronger defence (bleepingcomputer.com)

• Ransomware gang preys on cancer centers, triggers alert | SC Media (scmagazine.com)

• Ransomware attacks pose communications dilemmas for local governments | CSO Online

• LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems (darkreading.com)

Ransomware Victims

• MOVEit victim list | KonBriefing.com

• PwC and EY impacted by MOVEit cyber attack (cshub.com)

• Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek

• Hackers threaten to release photos of Beverly Hills plastic surgery patients (bitdefender.com)

• Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack - SecurityWeek

• BlackCat gang threatens to leak plastic surgery photos • The Register

• Reddit confirms BlackCat ransomware gang stole its data • The Register

• Adur and Worthing Councils investigating after contractor data breach | The Argus

• Iowa’s largest school district confirms ransomware attack, data theft (bleepingcomputer.com)

• Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)

• MOVEit cyber attack: US Energy Department gets two ransom notices as MOVEit hack claims more victims - The Economic Times (indiatimes.com)

• USDA is investigating a 'possible data breach' related to global Russian cyber criminal hack | CNN

• Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks (darkreading.com)

• MOVEit Vulnerability Breaches Targeted Fed Agencies (trendmicro.com)

Phishing & Email Based Attacks

• One in Three UK&I Workers Susceptible to Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime: what does psychology have to do with phishing? – podcast | Science | The Guardian

• Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System (darkreading.com)

• UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)

• Insurance companies neglect basic email security - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• The Simplest Social Engineering Hack Of Them All | Hackaday

• Attackers Create Synthetic Security Researchers to Steal IP (darkreading.com)

Artificial Intelligence

• Civil servants told not to share state secrets with ChatGPT, leaked guidance reveals (telegraph.co.uk)

• How generative AI is creating new classes of security threats | VentureBeat

• Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)

• ‘With hackers adopting AI, it’s a cat-and-mouse game’ | Mint (livemint.com)

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco - SecurityWeek

• The next wave of cyber threats: Defending your company against cyber criminals empowered by generative AI | VentureBeat

• Google Tells Employees to Stay Away from Its Bard Chatbot (gizmodo.com)

Malware

• Experts Uncover Year-Long Cyber Attack on IT Firm Utilising Custom Malware RDStealer (thehackernews.com)

• Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)

• Hackers use fake OnlyFans pics to drop info-stealing malware (bleepingcomputer.com)

• Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems (thehackernews.com)

• Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months (darkreading.com)

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• To kill BlackLotus malware, patching is a good start, but... • The Register

• Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)

• APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)

• ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)

• Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)

• USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)

• NSA shares tips on blocking BlackLotus UEFI malware attacks (bleepingcomputer.com)

• Chinese malware accidentally infects networked storage • The Register

• ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)

Mobile

• New Version of Android GravityRAT Spyware Targets WhatsApp Backups - Infosecurity Magazine (infosecurity-magazine.com)

• SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)

• Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)

• This Android app with over 50,000 installs steals your files and microphone recordings — what to do | Tom's Guide (tomsguide.com)

• Android spyware camouflaged as VPN, chat apps on Google Play (bleepingcomputer.com)

Botnets

• Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online

• New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (telegraph.co.uk)

• New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)

• Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times

• From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)

Internet of Things – IoT

• Thousands left vulnerable after severe weakness is discovered in home security system's mobile app | TechSpot

• Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online

• Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)

• Security for embedded devices is ignored by too many companies, expert says | Fierce Electronics

• Our cities are becoming increasingly automated—and we’re not ready (fastcompany.com)

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

• Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)

Data Breaches/Leaks

• Data leak at Australian law firm spooks government, business • The Register

• Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek

• 3CX data exposed, third-party to blame - Security Affairs

• Mondelez says crooks stole staff data in security breach • The Register

• UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)

• Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 - The Economic Times (indiatimes.com)

• SSD missing from SAP datacenter turns up on eBay • The Register

• Millions of UK University Credentials Found on Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

• Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Darknet Parliament is now a thing | Cybernews

• Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)

• Moveit hack: attack on BBC and BA offers glimpse into the future of cyber crime (theconversation.com)

• Cyber attackers Got More Creative Post-Pandemic, Proofpoint Study Finds - MSSP Alert

• The Great Exodus to Telegram: A Tour of the New Cyber crime Underground (bleepingcomputer.com)

• Cyber crime Doesn't Take a Vacation (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)

• Blockchain security: Everything you should know for safe use | TechTarget

• From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)

Insider Risk and Insider Threats

• Cost-of-Living Crisis increasing chances of Insider threats - IT Security Guru

• Preventing breaches through cyber awareness: How every federal employee contributes to cyber security | Federal News Network

Fraud, Scams & Financial Crime

• Influencers in firing line as France tackles scams - BBC News

• Keep Job Scams From Hurting Your Organisation (darkreading.com)

• Job Seekers, Look Out for Job Scams (darkreading.com)

Impersonation Attacks

• Attackers Create Synthetic Security Researchers to Steal IP (darkreading.com)

AML/CFT/Sanctions

• EU agrees new sanctions against Russia, targeting Chinese companies suspected of circumvention | Euronews

Dark Web

• Darknet Parliament is now a thing | Cybernews

• Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)

• Millions of UK University Credentials Found on Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Capita faces first legal Letter of Claim over mega breach • The Register

• Why assessing third parties for security risk is still an unsolved problem | CSO Online

• 3CX data exposed, third-party to blame - Security Affairs

• Mondelez says crooks stole staff data in security breach • The Register

• Untangling the web of supply chain security with Tony Turner - Help Net Security

Software Supply Chain

• CISA SBOM standards efforts stymied by confusion, inertia | TechTarget

Cloud/SaaS

• Growing SaaS Usage Means Larger Attack Surface (darkreading.com)

• Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters

• A new threat to financial stability lurks in the cloud | Financial Times (ft.com)

• Cloud CISO Perspectives: Early June 2023 | Google Cloud Blog

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

• Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)

• Attackers discovering exposed cloud assets within minutes | TechTarget

• Cloud-native security hinges on open source - Help Net Security

• Hybrid Microsoft network/cloud legacy settings may impact your future security posture | CSO Online

• US cyber ambassador says China can win on AI, cloud • The Register

Hybrid/Remote Working

• Home working puts confidential data at risk, GCHQ warns law firms (telegraph.co.uk)

Shadow IT

• Ending the ‘forever war’ against shadow IT | CIO

Identity and Access Management

• The future of passwords and authentication - Help Net Security

Encryption

• Intel to start shipping a quantum processor | Ars Technica

• Quantum hacking alert: Critical vulnerabilities found in quantum key distribution (techxplore.com)

• The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica

• Physics - Long-Range Quantum Cryptography Gets Simpler (aps.org)

API

• Why API Security Could Be the Next Big Thing in Cyber - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• Beware bad passwords as attackers co-opt Linux servers into cyber crime – Naked Security (sophos.com)

• Cloud-native security hinges on open source - Help Net Security

• ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Majority of Users Neglect Best Password Practices: Keeper Security - Infosecurity Magazine (infosecurity-magazine.com)

• Forging a Path to Account Takeover: Copy Password Reset Link Vulnerability worth $$$$. | by Manav Bankatwala | Jun, 2023 | InfoSec Write-ups (infosecwriteups.com)

• The future of passwords and authentication - Help Net Security

• These are the most hacked passwords. Is yours on the list? | ZDNET

• Beware bad passwords as attackers co-opt Linux servers into cyber crime – Naked Security (sophos.com)

Social Media

• Influencers in firing line as France tackles scams - BBC News

• Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)

Training, Education and Awareness

• Preventing breaches through cyber awareness: How every federal employee contributes to cyber security | Federal News Network

• Security Training Fail Impacting Digital Transformation - Infosecurity Magazine (infosecurity-magazine.com)

• Security Training Needs to Nudge, Not Nag - Infosecurity Magazine (infosecurity-magazine.com)

Digital Transformation

• Security Training Fail Impacting Digital Transformation - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Bill allowing CISA to assist foreign governments passes Senate committee | SC Media (scmagazine.com)

• Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek

Models, Frameworks and Standards

• The significance of CIS Control mapping in the 2023 Verizon DBIR - Help Net Security

• What is PCI Compliance? 12 Requirements and More Explained | Definition from TechTarget

Secure Disposal

• SSD missing from SAP datacenter turns up on eBay • The Register

Data Protection

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Consumer Data: The Risk and Reward for Manufacturing Companies (darkreading.com)

• IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• 8 notable entry-level cyber security career and skills initiatives in 2023 | CSO Online

• UK military is struggling to recruit tech experts, says report | Financial Times (ft.com)

• Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)

• The Quintessential Toolkit: Five Essential Skills For Advancing In The Cyber security Realm (informationsecuritybuzz.com)

• Cyber security Industry Still Fighting to Recruit and Retain Talent - Infosecurity Magazine (infosecurity-magazine.com)

• It’s Time to Think Creatively to Combat Skills Shortages - Infosecurity Magazine (infosecurity-magazine.com)

• Google announces $20 million investment for cyber clinics | CyberScoop

Law Enforcement Action and Take Downs

• Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)

• Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Naked Security (sophos.com)

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

Privacy, Surveillance and Mass Monitoring

• SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet Threatens Imminent SWIFT, World Banking Attacks (darkreading.com)

• A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine | WIRED

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• UK Pledges Millions in Cyber-Defence Aid to Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (telegraph.co.uk)

• Russia sent its reserve team to wipe Ukrainian hard drives • The Register

• Russian APT Group Caught Hacking Roundcube Email Servers - SecurityWeek

• Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)

• Russian APT28 hackers breach Ukrainian govt email servers (bleepingcomputer.com)

• Strategies for staying ahead of modern cyber warfare - CyberTalk

• German intelligence services point to increased hybrid security threats – EURACTIV.com

Nation State Actors

• Microsoft Pins Early June DDoS Attacks on Russian-linked Cyber Crew - MSSP Alert

• US DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors - SecurityWeek

• Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat - SecurityWeek

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

• USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)

• CISA orders govt agencies to patch bugs exploited by Russian hackers (bleepingcomputer.com)

• US Cyber Ambassador says China can win on AI, cloud • The Register

• Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

• State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments (thehackernews.com)

• The Israeli weapons and spyware falling into the hands of despots | Financial Times (ft.com)

• The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica

• Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

• Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)

• APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)

• ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)

• 20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (darkreading.com)

• Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)

• North Korean APT targets defectors, activists with infostealer malware | SC Media (scmagazine.com)

• RedEyes Group Targets Individuals with Wiretapping Malware - Infosecurity Magazine (infosecurity-magazine.com)

• US Justice Department Launches New National Security Cyber Section - Infosecurity Magazine (infosecurity-magazine.com)

• China-sponsored APT group targets government ministries in the Americas | CSO Online

• Chinese malware accidentally infects networked storage • The Register

• Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert

Vulnerability Management

• Guess what happened to this US agency that didn't patch? • The Register

• EU Council mulls pan-European platform to handle cyber vulnerabilities – EURACTIV.com

• The Benefits of Red Zone Threat Intelligence - SecurityWeek

Vulnerabilities

• VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com)

• Microsoft Teams Vulnerability: The GIFShell Attack (latesthackingnews.com)

• Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari (thehackernews.com)

• Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild (darkreading.com)

• Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices - Security Affairs

• Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)

• Chrome and Its Vulnerabilities - Is the Web Browser Safe to Use? - SecurityWeek

• Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites - SecurityWeek

• SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings (darkreading.com)

• VMware fixes vCenter Server bugs allowing code execution, auth bypass (bleepingcomputer.com)

• Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands (darkreading.com)

• Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

• Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks | TechTarget

• ASUS warns router customers: Patch now, or block all inbound requests – Naked Security (sophos.com)

• Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected - CPO Magazine

• Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)

• A (cautionary) tale of two patched bugs, both under exploit • The Register

• Millions of GitHub repos likely vulnerable to RepoJacking, researchers say (bleepingcomputer.com)

• Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users (bleepingcomputer.com)

• Gaps in Azure Service Fabric’s Security Call for User Vigilance (trendmicro.com)

Tools and Controls

• Getting Over the DNS Security Awareness Gap (darkreading.com)

• Zscaler CEO: Firewalls Are Going The Way Of The Mainframe | CRN

• The future of passwords and authentication - Help Net Security

• Understanding Cyber Resilience: Building A Holistic Approach To Cyber security (informationsecuritybuzz.com)

• Increased spending doesn't translate to improved cyber security posture - Help Net Security

• Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)

• Security investments that help companies navigate the macroeconomic climate - Help Net Security

• The Benefits of Red Zone Threat Intelligence - SecurityWeek

Reports Published in the Last Week

• Proofpoint’s 2023 Human Factor Report: Threat Actors Scale and Commoditise Uncommon Tools and Techniques | Proofpoint UK

• Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert

• The Threat Report: June 2023 | Trellix

• Navigating The Cyber Threat Landscape: Key Insights From Trellix ARC's Q1 2023 Report (informationsecuritybuzz.com)

Other News

• Boris Johnson’s notebooks cause national security alarm (thetimes.co.uk)

• ‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber attack, warn campaigners | Cyber crime | The Guardian

• Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation - SecurityWeek

• Cyber attacks on OT, ICS Lay Groundwork for Kinetic Warfare (darkreading.com)

• Why CISOs should be concerned about space-based attacks | CSO Online

• Legal firms urged to strengthen cyber defences with latest... - NCSC.GOV.UK

• 6 Attack Surfaces You Must Protect (darkreading.com)

• GCHQ’s top hacker James Babbage quits to join NCA in blow to UK cyber force (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.

The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.

https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9

• Social Engineering Drives BEC Losses to $50B Globally

Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.

Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.

https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally

• Creating A Cyber Conscious Culture—It Must Be Driven from the Top

Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.

The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.

https://www.forbes.com/sites/forbestechcouncil/2023/06/12/creating-a-cyber-conscious-culture-it-must-be-driven-from-the-top/sh=6a0bb36426cc

• Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?

From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.

https://www.csoonline.com/article/3698517/artificial-intelligence-is-coming-to-windows-are-your-security-policy-settings-ready.html

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.

More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.

Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.

https://www.msspalert.com/cybersecurity-research/cyber-crooks-targeting-employees-organizations-fight-back-with-training-programs/

• Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.

A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.

https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

• Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour

A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.

Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.

The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.

https://www.itsecurityguru.org/2023/06/15/it-security-guru-study-shows-over-one-in-ten-brits-are-willing-to-engage-in-illegal-or-illicit-online-behaviour-as-the-cost-of-living-crisis-worsens 

https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/

• Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.

https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

https://www.csoonline.com/article/3699122/microsoft-office-365-aitm-phishing-reveals-signs-of-much-larger-bec-campaign.html

• Europol Warns of Metaverse and AI Terror Threat

New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.

Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.

https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/

• What is AI, and is it Dangerous?

Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.

Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.

https://www.bbc.co.uk/news/technology-65855333

https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html

• Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.

Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.

https://www.csoonline.com/article/3698297/cyber-liability-insurance-vs-data-breach-insurance-whats-the-difference.html

• Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.

This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.

https://news.clearancejobs.com/2023/06/07/exploring-the-dark-web-hitman-for-hire-and-the-realities-of-online-activities/

Governance, Risk and Compliance

• Creating A Cyber-Conscious Culture—It Must Be Driven From The Top (forbes.com)

• Most businesses vulnerable to attacks on the cyber battlefield - The Globe and Mail

• 10 Important Security Tasks You Shouldn't Skip (darkreading.com)

• Just 14% of CISOs possess desired traits for cyber security-expert board positions: Report  | VentureBeat

• Enhancing security team capabilities in tough economic times - Help Net Security

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• How the modern CIO grapples with legacy IT | CIO

• Cyber debt levels reach tipping point - Help Net Security

• Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals (thehackernews.com)

• Lax security measures, sophisticated hackers reason for rise in cyber breaches (ewn.co.za)

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

• Red teaming can be the ground truth for CISOs and execs - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• CL0P Ransomware Gang Hits Multiple Governments, Businesses in Wide-Scale Attack - MSSP Alert

• Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch

• Cyber extortion hits all-time high - Help Net Security

• How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)

• Researchers Report First Instance of Automated SaaS Ransomware Extortion (darkreading.com)

• Why Critical Infrastructure Remains a Ransomware Target (darkreading.com)

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• CISA: LockBit ransomware extorted $91 million in 1,700 US attacks (bleepingcomputer.com)

• Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)

• Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent (thehackernews.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)

• Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)

• Ransomware review: June 2023 (malwarebytes.com)

Ransomware Victims

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)

• Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (therecord.media)TfL warns 13,000 staff that it was raided by Russian hackers (telegraph.co.uk)

• Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)

• JBS’s cyber security was poor prior to 2021 ransomware attack, homeland security records show | Successful Farming (agriculture.com)

• An Illinois hospital links closure to ransomware attack (nbcnews.com)

• US energy department, other agencies hit in global hacking spree | Reuters

• iTWire - Financial services firm FIIG hit by cyber attack, ALPHV claims credit

• The University of Manchester hit by cyber security breach after detecting 'unauthorised activity' - Manchester Evening News

• Xplain data breach also impacted national Swiss railway FSS - Security Affairs

• Rhysida ransomware leaks documents stolen from Chilean Army (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign | CSO Online

• Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organisations (thehackernews.com)

• Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams (psypost.org)

• Log4J exploits may rise further as Microsoft continues war on phishing | ITPro

• Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam (darkreading.com)

• Massive phishing campaign uses 6,000 sites to impersonate 100 brands (bleepingcomputer.com)

BEC – Business Email Compromise

• Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants (thehackernews.com)

• Microsoft warns of multi-stage AiTM phishing and BEC attacks - Security Affairs

• Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)

Artificial Intelligence

• New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)

• Artificial intelligence is coming to Windows: Are your security policy settings ready? | CSO Online

• Europol Warns of Metaverse and AI Terror Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How Europe is Leading the World in the Push to Regulate AI - SecurityWeek

• AI is moving too fast to regulate, security minister warns (telegraph.co.uk)

• AI to render humans 'second most intelligent creations' | ITWeb

• LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs

• What is AI, is it dangerous and what jobs are at risk? - BBC News

• The perils of open-source AI | Financial Times (ft.com)

• Calculations Suggest It'll Be Impossible to Control a Super-Intelligent AI : ScienceAlert

2FA/MFA

• Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert

• Small organisations outpace large enterprises in MFA adoption - Help Net Security

Malware

• New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies (thehackernews.com)

• Cyber criminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable (thehackernews.com)

• New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)

• Pirated Windows 10 ISOs install clipper malware via EFI partitions (bleepingcomputer.com)

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)

• Gozi banking malware “IT chief” finally jailed after more than 10 years – Naked Security (sophos.com)

• LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs

• New ‘Shampoo’ Chromeloader malware pushed via fake warez sites (bleepingcomputer.com)

• Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)

• Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits - SecurityWeek

• Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities (thehackernews.com)

Mobile

• How Popular Messaging Tools Instill a False Sense of Security (darkreading.com)

Denial of Service/DoS/DDOS

• Microsoft’s Azure portal down following new claims of DDoS attacks (bleepingcomputer.com)

• DOS Attacks Dominate, but System Intrusions Cause Most Pain (darkreading.com)

• Swiss government warns of ongoing DDoS attacks, data leak (bleepingcomputer.com)

• IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)

• 10 Different Types of DDoS Attacks and How to Prevent Them (geekflare.com)

• Exclusive: Inside FXStreet's DDoS Attack (financemagnates.com)

Internet of Things – IoT

• Why attackers love to target IoT devices | VentureBeat

• IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)

• How secure is your vehicle with digital key technology? - Help Net Security

• Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers | Hackaday

Data Breaches/Leaks

• Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch

• HSE hit by second 'international scale criminal' cyber attack as they monitor dark web for stolen data - Irish Mirror Online

• New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)

• Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat

• Xplain data breach also impacted national Swiss railway FSS - Security Affairs

• Examining the long-term effects of data privacy violations - Help Net Security

• A Massive Vaccine Database Leak Exposes IDs of Millions of Indians | WIRED

• Swiss Fear Government Data Stolen in Cyber attack - SecurityWeek

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Have I Been Pwned warns of new Zacks data breach impacting 8 million (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The Complexities of Hacking: Exploring the thin line between cyber crime and ethical hacking | Euronews

• When It Comes to Cyber crime, the Medium Makes Us Vulnerable - Centre for International Governance Innovation (cigionline.org)

• Cyber criminals return to business as usual in a post-pandemic world - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers steal $3 million by impersonating crypto news journalists (bleepingcomputer.com)

• Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme (thehackernews.com)

• New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)

• Cryptocurrency Attacks Quadrupled as Cyber criminals Cash In (darkreading.com)

• Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)

Insider Risk and Insider Threats

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Top 10 Risky Behaviours of Employees - IT Security Guru

• Insider Threat Vs Outsider Threat: Which Is Worse? (informationsecuritybuzz.com)

• Study shows over one in ten Brits are willing to engage in ‘illegal or illicit’ online behaviour as the Cost of Living crisis worsens - IT Security Guru

Fraud, Scams & Financial Crime

• Yet more direct calling fiends fined by UK's data watchdog • The Register

• Cost-of-Living Crisis Drives Insider Threat Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• New Study Takes a Deep Dive Into Lookalike Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• After Important Cyber Insurance Victory for Policyholders, Focus Turns to Insurers' Proposed Changes to War Exclusions | HUB | K&L Gates (klgates.com)

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• The insurance industry cyber crime report: recent attacks on insurance businesses | Insurance Business America (insurancebusinessmag.com)

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

Dark Web

• Exploring the Dark Web: Hitman for Hire and the Realities of Online Activities - ClearanceJobs

Supply Chain and Third Parties

• New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries (thehackernews.com)

Cloud/SaaS

• SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint - SecurityWeek

• New MOVEit Transfer critical flaws found after security audit, patch now (bleepingcomputer.com)

• Seven steps for using zero trust to protect your multicloud • The Register

• New cloud security guidance: it's all about the config - NCSC.GOV.UK

• Microsoft keeps quiet on talk of possible Azure DDoS attack • The Register

• New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries (thehackernews.com)

Encryption

• Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away | Ars Technica

Open Source

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Thoughts on scheduled password changes (don’t call them rotations!) – Naked Security (sophos.com)

• Microsoft misused our dark web data, says security vendor • The Register

• RDP honeypot targeted 3.5 million times in brute-force attacks (bleepingcomputer.com)

• Want to be hacked? Just make these password mistakes | Tom's Guide (tomsguide.com)

Training, Education and Awareness

• Top 10 Risky Behaviours of Employees - IT Security Guru

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

Digital Transformation

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

Regulations, Fines and Legislation

• AI is moving too fast to regulate, security minister warns (telegraph.co.uk)

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)

• Yet more direct calling fiends fined by UK's data watchdog • The Register

• How Europe is Leading the World in the Push to Regulate AI - SecurityWeek

• Feds extend deadline for software security attestations • The Register

Models, Frameworks and Standards

• 3 ways we've made the CIS Controls more automation-friendly - Help Net Security

• Use PCI DSS Checklist with Automation (trendmicro.com)

Data Protection

• UK and US Agree Deal to Facilitate Personal Data Flows - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• #InfosecurityEurope: Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Gozi banking malware “IT chief” finally jailed after more than 10 years – Naked Security (sophos.com)

• LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020 (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• Examining the long-term effects of data privacy violations - Help Net Security

• FBI: FISA Section 702 'absolutely critical' • The Register

• Strava heatmap feature can be abused to find home addresses (bleepingcomputer.com)

• US Intelligence Has Admitted Amassed Data on 'Nearly Everyone' (gizmodo.com)

• Feds Say Facial Recognition IDed Bosnian War Criminal Miljkovic (gizmodo.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Putin’s little cyber helpers turn their sights on the UK (telegraph.co.uk)

• Russia-Ukraine war sending shockwaves into cyber-ecosystem • The Register

• Ukrainian hackers take down service provider for Russian banks (bleepingcomputer.com)

• Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC - Security Affairs

• 'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware (darkreading.com)

• RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare (darkreading.com)

• Pro-Russian hackers step up attacks against Swiss targets, authorities say | Reuters

• Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)

• Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)

• Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)

• Pro-Russian Hackers Target Website of Europe’s Largest Port in Rotterdam - Bloomberg

• Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine - Security Affairs

• Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent (thehackernews.com)

• New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organisations (thehackernews.com)

• Russia-backed hackers unleash new USB-based malware on Ukraine’s military | Ars Technica

• Microsoft Names Russian Threat Actor "Cadet Blizzard" - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Iran's 'quantum processor' turned out to be a $600 dev board | PC Gamer

• China-based threat actors target UIDAI, AIIMS, ICMR: Govt advisory (moneycontrol.com)

• Subsea cables: how the US is pushing China out of the internet’s plumbing

• China's cyber now aimed at infrastructure, warns CISA boss

• Cyber security: Americans should prepare for cyber sabotage from Chinese hackers, US official warns - The Economic Times (indiatimes.com)

• Ukraine information sharing a model for countering China, top cyber official says | CyberScoop

• Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs (darkreading.com)

• North Korea created evil twin of South Korea's Naver.com • The Register

• Behind the Scenes Unveiling the Hidden Workings of Earth Preta (trendmicro.com)

• Gloucester: Russian hackers behind cyber-attack on council - BBC News

• Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT (darkreading.com)

• Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

• Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)

Vulnerability Management

• Why Detecting Behaviors Beats Zero-Days | Blumira

Vulnerabilities

• Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack (thehackernews.com)

• Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News

• Fortinet: Patched Critical Flaw May Have Been Exploited (darkreading.com)

• Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News

• CISA orders federal agencies to secure Internet-exposed network devices (bleepingcomputer.com)

• Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs (bleepingcomputer.com)

• Log4J exploits may rise further as Microsoft continues war on phishing | ITPro

• Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry (thehackernews.com)

• New Critical Google Chrome Payments Security Issue Confirmed (forbes.com)

• Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin (thehackernews.com)

• VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) - Help Net Security

• Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

• US energy department, other agencies hit in global hacking spree | Reuters

Tools and Controls

• The Complexities of Hacking: Exploring the thin line between cyber crime and ethical hacking | Euronews

• Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Reports Finds (darkreading.com)

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

• Red teaming can be the ground truth for CISOs and execs - Help Net Security

• How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)

• Secure Sign-in Trends Report | Okta

• What is Dark Web Monitoring and How Does It Work? | Trend Micro News

• New cloud security guidance: it's all about the config - NCSC.GOV.UK

• Why Now? The Rise of Attack Surface Management (thehackernews.com)

• Why Detecting Behaviours Beats Zero-Days | Blumira

• What Is Red Teaming and How Does It Work? (howtogeek.com)

• Exploring the All-Time Best Book for Ethical Hacking – Codelivly

• Beyond MFA: 3 steps to improve security and reduce customer authentication friction - Help Net Security

• Enhancing security team capabilities in tough economic times - Help Net Security

• Small organisations outpace large enterprises in MFA adoption - Help Net Security

• Cyber debt levels reach tipping point - Help Net Security

• MSSQL makes up 93% of all activity on honeypots tracking 10 databases | SC Media (scmagazine.com)

• Attack Surface Management Strategies (trendmicro.com)

• 5 best practices to ensure the security of third-party APIs | CSO Online

• Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert

Reports Published in the Last Week

• Secure Sign-in Trends Report | Okta

• Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat

Other News

• #InfosecurityEurope: What TechUK's New Plan Means for Cyber security - Infosecurity Magazine (infosecurity-magazine.com)

• A Tech Plan to "Build a Better Britain" - IT Security Guru

• German National Security Strategy leaves out cyber counter-attacks – EURACTIV.com

• Moving the Cyber Industry Forward Requires a Novel Approach (darkreading.com)

• (ISC)² and CIISec Release Guide to Inclusive Language in Cyber security - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.