Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• ‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

John Edwards, UK Information Commissioner, said:

 “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.

 “Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.

 “Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/

• Ransomware Threat Shifts from US to EMEA and APAC

The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.

The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.

Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).

The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.

https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/

• Phishing Attacks Increase by Over 31% In Third Quarter

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.

Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.

According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.

As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.

While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.

The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.

As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.

https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_news

• UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.

UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.

According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.

Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.

Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.

https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html

• HR Departments Play a Key Role in Cyber Security

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity

• The Long-Term Psychological Effects of Ransomware Attacks

Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.

The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.

They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.

Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.

Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”

One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.

A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”

https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/

• 7 Hidden Social Media Cyber Risks for Enterprises

Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.

According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.

And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.

With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.

Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.

https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises

• 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.

41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

https://www.darkreading.com/careers-and-people/54-of-staff-would-reconsider-working-for-a-firm-that-had-experienced-a-cyber-breach-research-finds

• Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late

According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.

One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.

The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.

https://www.itsecurityguru.org/2022/10/28/evolve-as-fast-as-the-cybercriminals-protect-your-business-now-before-its-too-late/

• Enterprise Ransomware Preparedness Improving but Still Lacking

The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.

With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

• network security (43%)

• backup infrastructure security (40%)

• endpoint security (39%)

• email security (36%)

• data encryption (36%)

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

https://www.techtarget.com/searchsecurity/feature/Enterprise-ransomware-preparedness-improving-but-still-lacking

• Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.

If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.

Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.

Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.

https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015

• How The "pizza123" Password Could Take Down an Organisation

Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.

The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.

The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.

Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.

People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.

Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.

Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.

Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.

https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/

Threats

Ransomware and Extortion

• SonicWall: Ransomware down this year, but there’s a catch • The Register

• Medibank cyber-attack: should the health insurer pay a ransom for its customers’ data? | Health | The Guardian

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)

• How to detect Windows worm that now distributes ransomware • The Register

• Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)

• BlackByte ransomware affiliate also steals victims' data • The Register

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

• CISA warns of ransomware attacks on healthcare providers (techtarget.com)

• Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom | SecurityWeek.Com

• Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)

• Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)

• Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)

• Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)

• Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)

• Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)

• Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)

• Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)

Phishing & Email Based Attacks

• DHL Replaces LinkedIn As Most Imitated Brand in Phishing Attempts - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering attacks anybody could fall victim to - Help Net Security

• Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com

Malware

• Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)

• Types of cloud malware and how to defend against them (techtarget.com)

• Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands Of Fake PoC Exploits In GitHub Repositories Deliver Malware – (informationsecuritybuzz.com)

• Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)

• Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)

Mobile

• Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (thehackernews.com)

• These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets (thehackernews.com)

• Android Hacking Warning As Criminals Target TikTok And PayPal For (informationsecuritybuzz.com)

Internet of Things – IoT

• IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)

• IoT security strategy from enterprises using connected devices | Network World

• Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC | CSO Online

• Your CCTV devices can be hacked and weaponized - Help Net Security

• Critical Flaws in Abode Home Security Kit Allow Hackers to Hijack, Disable Cameras | SecurityWeek.Com

Data Breaches/Leaks

• Thomson Reuters leaked at least 3TB of sensitive data | Cybernews

• See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)

• Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)

• Seven months after it found out, FamilySearch tells users their personal data has been breached • Graham Cluley

• Bed Bath & Beyond reviewing possible data breach | Reuters

Organised Crime & Criminal Actors

• Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)

• Interpol says metaverse opens up new world of cyber crime | Reuters

• From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Researchers uncover cryptojacking campaign targeting Docker, Kubernetes cloud servers | SC Media (scmagazine.com)

• Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register

• Cryptomining campaign abused free GitHub account trials (techtarget.com)

Insider Risk and Insider Threats

• New York Post hacked? No, the culprit is an employee - Security Affairs

Fraud, Scams & Financial Crime

• UK Anti-fraud Efforts Failing (informationsecuritybuzz.com)

• Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)

• Economic strife fuels cyber anxiety - Help Net Security

• LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)

• Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)

Insurance

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)

Dark Web

• Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)

• Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)

• Dark Web Forum Busts Come Days Apart (darkreading.com)

• British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs

Software Supply Chain

• Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (informationsecuritybuzz.com)

• How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• Consumer behaviours are the root of open source risk - Help Net Security

Denial of Service DoS/DDoS

• Key observations on DDoS attacks in H1 2022 - Help Net Security

• Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica

Cloud/SaaS

• Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)

• It’s time to prioritize SaaS security | InfoWorld

• Top Cloud Security Challenges & How to Beat Them (trendmicro.com)

• Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)

• Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

• Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)

Hybrid Working

• Balancing remote work privacy vs. productivity monitoring (techtarget.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Asset risk management: Getting the basics right - Help Net Security

Encryption

• New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)

• Can a new form of cryptography solve the internet’s privacy problem? | Data protection | The Guardian

API

• Thousands Of Publicly Exposed API Tokens Could Threaten Software Integrity (informationsecuritybuzz.com)

• Key API Security Principles And How To Implement Them (informationsecuritybuzz.com)

Open Source

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why it's time to expire mandatory password expiration policies (techtarget.com)

• Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica

Biometrics

• ICO Warns of "Immature" Biometric Tech - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)

• LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)

• Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)

• Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)

• Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos (bitdefender.com)

Regulations, Fines and Legislation

• UK Construction Biz Fined £4.4m for Serious Security Failings - Infosecurity Magazine (infosecurity-magazine.com)

• Australia Flags New Corporate Penalties for Privacy Breaches | SecurityWeek.Com

Data Protection

• What consumers expect from organisations that handle their personal data - Help Net Security

Law Enforcement Action and Take Downs

• Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too | ZDNET

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)

• Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)

• Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com

• Norway arrests man accused of being Russian spy - BBC News

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

Nation State Actors – Russia

• Russia says Starlink satellites could become military target • The Register

• Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

Nation State Actors – China

• Chinese spy duo charged in Huawei case as US condemns ‘egregious’ interference | China | The Guardian

• Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert

• Federal bans don't stop US states from buying Chinese kit • The Register

• Chinese Spies Indicted for Coercing Nationals Living in US to Return as Agents of the PRC - MSSP Alert

Nation State Actors – North Korea

• Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (thehackernews.com)

Nation State Actors – Iran

• Iranian government blames 'foreign country' for hack-and-leak of nuclear information - CyberScoop

Vulnerability Management

• Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they're exploited (bleepingcomputer.com)

• Protecting organisations by understanding end-of-life software risks - Help Net Security

Vulnerabilities

• OpenSSL to fix the second critical flaw ever - Security Affairs

• Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)

• Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)

• Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig (portswigger.net)

• Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)

• Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)

• 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)

• Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)

• Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)

• Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com

• Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security

• Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com

• VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs

• VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com

• Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs

Reports Published in the Last Week

• Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% (vadesecure.com)

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament

Other News

• Cyber Security Risks & Stats This Spooky Season (darkreading.com)

• Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)

• 8 hallmarks of a proactive security strategy | CSO Online

• Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)

• Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security

• Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)

• Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)

• Why dark data is a growing danger for corporations - Help Net Security

• Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Criminals Exploit Invasion of Ukraine

Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.

In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.

Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.

Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.

Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.

https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/

UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.

Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.

John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.

Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.

Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”

https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat

Phishing - Still a Problem, Despite All The Work

Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.

Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?

https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work

Phishing Attacks Hit All-Time High in December 2021

The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/

Ransomware Infections Top List of The Most Common Results of Phishing Attacks

A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.

Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.

Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.

https://www.techrepublic.com/article/ransomware-infections-top-list-of-the-most-common-results-of-phishing-attacks/

Social Media Phishing Attacks Are at An All Time High

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.

As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.

Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.

https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/

Insurance Giant AON Hit by a Cyber Attack

Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.

AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.

AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.

In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.

AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.

The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.

In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

How Prepared Are Organisations to Face Email-Based Ransomware Attacks?

Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/

The Most Impersonated Brands in Phishing Attacks

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.

The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.

Key findings:

·         Financial services is the most impersonated industry

·         Microsoft is the most impersonated cloud brand and the top corporate brand

·         Facebook dominates social media phishing

·         35% of all phishing pages impersonated financial services brands

·         Mondays and Tuesdays are the top days for phishing

·         78% of phishing attacks occur on weekdays

·         Monday and Thursday are the top days for Facebook phishing

·         Thursday and Friday are the top days for Microsoft phishing

https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/

As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry

In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”

The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.

Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.

https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/

2022 May Be The Year Cyber Crime Returns Its Focus to Consumers

Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.

This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.

ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Kaspersky Neutral Stance in Doubt As It Shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/

Threats

Ransomware

• Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)

• Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register

• Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet

• Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica

• Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)

• Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine

Phishing & Email

• Unusual Sign-In Activity Mail Goes Phishing For Microsoft Account Holders | Malwarebytes Labs

Other Social Engineering

• 'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet

• Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)

Malware

• TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)

• Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)

Mobile

• How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security

• TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet

• This Nasty Android Malware Steals Your Passwords — What You Need To Know [Update] | Tom's Guide (tomsguide.com)

• SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)

• A New Money-Stealing Malware Makes Rounds On Google Play Store Posing As An Innocent App With Over 50,000 Downloads - NotebookCheck.net News

Data Breaches/Leaks

• Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)

• NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)

• 250,000-Plus Lawyer Disciplinary Records Leak • The Register

• Swiss Bank Requests Destruction of Documents - Infosecurity Magazine

Organised Crime & Criminal Actors

• Ukraine-Russia Cyber Warzone Splits Cyber Underground | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar

• Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Don’t Be Fooled Into Thinking You’re Too Smart To Be Scammed | News | The Sunday Times (thetimes.co.uk)

DoS/DDoS

• DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica

• DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet

• Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Nation State Actors

• Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant

• Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)

• Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru

• Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)

• Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com

• Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet

• Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica

• IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs

• Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)

• Cyber Attacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen | SecurityWeek.Com

• Chinese Malware Targeted Multiple Governments • The Register

• Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)

Passwords & Credential Stuffing

• Microsoft Accounts Targeted by Russian-Themed Credential Harvesting | Threatpost

Spyware, Espionage & Cyber Warfare

• Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters

• Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop

• How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review

• Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO

• Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet

• China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)

Vulnerabilities

• Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet

• Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com

• Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)

• New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)

• Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)

• New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)

• Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability - Information Security Buzz

Sector Specific

Financial Services Sector

• Banks Brace For Retaliatory Ransomware Attacks From Russia | Bitcoinist.com

Health/Medical/Pharma Sector

• Conti And Karma Actors Attack Healthcare Provider At Same Time Through ProxyShell exploits – Sophos News

• Over 100,000 Medical Infusion Pumps Vulnerable To Years Old Critical Bug (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Lack Of Visibility Plaguing ICS Environments - Help Net Security

Reports Published in the Last Week

• Vade Releases 2021 Phishers' Favourites Report (darkreading.com)

• Salt Security releases State of API Security Report - IT Security Guru

Other News

• Microsoft Teams Grows As Cyber Attack Vector - MSSP Alert

• Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz

• The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)

• Cyber Attackers Are Looking To Exploit People Who Want To Help Ukraine, Security Experts Warn | The Independent

• Multifactor Authentication Is Being Targeted by Hackers – The New Stack

• Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)

• Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz

• Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security

• Facebook, Twitter, Google Move To Intercept Russian Propaganda, Disinformation About Ukraine - CyberScoop

• Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)

• Open Source Security Fears Are Fading Away | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.