Black Arrow Cyber Threat Briefing 26 January 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.

Sources: [Help Net Security] [Security Boulevard]

94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

A recent study found that while 94% of CISOs are concerned with third-party cyber security threats,  including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.

Sources: [Dark Reading]

Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.

Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]

81% of Security Professionals Say Phishing Is Top Threat

A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.

Sources: [ITPro] [Beta News] [Security Magazine]

Ransomware Attacks Cause Significant Psychological Harm

One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.

Sources: [The Record Media] [TechRadar]

Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.

Sources: [ITPro] [Business Wire] [Security Magazine]

NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.

Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]

Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.

One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations;  in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.

Sources: [ITPro] [Help Net Security] [ITPro]

Historic Data Leak Reveals 26 billion Records: Check What is Exposed

In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com

Source: [Security Affairs]

Boardroom Cyber Expertise Comes Under Scrutiny

Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.

Source: [Security Intelligence]

“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.

These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.

Source: [The Currency]

Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.

Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]

Governance, Risk and Compliance

• Treat cyber risk like financial or legal issue, says UK government | Computer Weekly

• New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda - Infosecurity Magazine (infosecurity-magazine.com)

• Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)

• Organisations face devastating financial consequences from cyber attacks (betanews.com)

• Cyber attacks more than doubled in 2023, so why are so many firms still not taking security seriously? | ITPro

• Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)

• Boardroom cyber expertise comes under scrutiny (securityintelligence.com)

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• 10 must-have security tips for digital nomads | Computerworld

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• The cost of cyber crime to reach over $12tn by 2025

• Why cyber attacks mustn’t be kept secret - Help Net Security

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• The best cyber defence needs more than tech - eCampus News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)

• Impact of Ransomware attacks take mental health toll on small business owners, report says (therecord.media)

• UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)

• Britons must 'strengthen defences' against growing threat of AI-assisted ransomware, cyber security chief warns | UK News | Sky News

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Ransomware recovery – the need for speed | TechRadar

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Organisations invest more in data protection but recover less - Help Net Security

• Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)

• Hackers target TeamViewer to try and get access to your company's network | TechRadar

• Ransomware Victims

• Major US, UK Water Companies Hit by Ransomware - SecurityWeek

• Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg

• Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)

• Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)

• loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)

• Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek

• Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)

• Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)

• Cyber attack in Merseyside as 'immediate steps taken' (msn.com)

• Housing association confirms 'cyber security incident' but can't confirm if tenants' data was lost | Shropshire Star

Phishing & Email Based Attacks

• Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks | ITPro

• 81 percent of security pros say phishing is the top threat (betanews.com)

• Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• Organisations need to switch gears in their approach to email security - Help Net Security

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security

• Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

• Is This a Phishing Email? 8 Warning Signs to Look Out For

• PHP-less phishing kits that can run on any website | Netcraft

• New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire

Artificial Intelligence

• AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger

• The near-term impact of AI on the cyber threat - NCSC.GOV.UK

• NCSC: AI to boost nation-states’ malware potency • The Register

• AI’s Efficacy is Limitless in Cyber Crime | MSSP Alert

• Top 4 LLM threats to the enterprise | CSO Online

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Battling Misinformation During Election Season (darkreading.com)

• Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Researchers Map AI Threat Landscape, Risks (darkreading.com)

• Misinformation and irresponsible AI: Experts forecast how technology may shape our near future (techxplore.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• More than 1 in 4 Organisations Banned Use of GenAI Over Privacy and Data Security Risks - New Cisco Study (prnewswire.com)

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

Malware

• NCSC: AI to boost nation-states’ malware potency • The Register

• MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• 'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)

• Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security

• SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Mobile

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)

• New method to safeguard against mobile account takeovers - Help Net Security

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News

Denial of Service/DoS/DDOS

• Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS pressure (therecord.media)

Internet of Things – IoT

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Data Breaches/Leaks

• Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)

• Data of 15 million Trello users scraped and offered for sale - Help Net Security

• Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Healthtech firm's cyber attack victim list keeps growing - Digital Journal

• VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek

• Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)

• loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• The growing threat of data breaches in the age of AI and data privacy | TechRadar

• Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

Organised Crime & Criminal Actors

• Winter is coming and so are the hackers (betanews.com)

• Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’

• Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471

• 'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)

• The cost of cyber crime to reach over $12tn by 2025

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• The sophistication of cyber criminals intensifies with emerging strategies for cashing in or causing chaos - IT Security Guru

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber criminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated (therecord.media)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

Insider Risk and Insider Threats

• Majority of companies not prepared for insider threats (betanews.com)

• Amid Rising Insider Threats, Most Companies are Vulnerable and Lack the Strategies to Protect Themselves, New Research Finds | Business Wire

• Fighting insider threats is tricky but essential work - Help Net Security

Insurance

• Insurance industry responds to evolving risks with innovation and collaboration: Allianz - Reinsurance News

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

Supply Chain and Third Parties

• Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures (darkreading.com)

• From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)

• Bolstering global supply chains: Enhancing resilience, digital logistics, and national security harmony (techuk.org)

• Supply chain security: Responding to emerging cyber threats (techuk.org)

• CISOs' role in identifying tech components and managing supply chains - Help Net Security

• Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)

Cloud/SaaS

• On premises vs. cloud pros and cons, key differences | TechTarget

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Identity and Access Management

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

Encryption

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Passwords, Credential Stuffing & Brute Force Attacks

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• There's no excuse for having a weak password in 2024

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• 88% of organisations use passwords as primary authentication method | Security Magazine

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Social Media

• Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)

• Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

Malvertising

• Intro to Digital Fingerprints: Understanding, Manipulating, and Defending Against Online Tracking | HackerNoon

• Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Regulations, Fines and Legislation

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

• Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update

Models, Frameworks and Standards

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Prioritising CIS Controls for effective cyber security across organisations - Help Net Security

Careers, Working in Cyber and Information Security

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Why we need more continuous hands-on training and fewer cyber security certifications | SC Media (scmagazine.com)

Law Enforcement Action and Take Downs

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

Misinformation, Disinformation and Propaganda

• Battling Misinformation During Election Season (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• NCSC: AI to boost nation-states’ malware potency • The Register

China

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)

• Michael Rogers on China's Cyber Threat - The Wire China

• China’s feared spy agency steps out of the shadows

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

Russia

• Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)

• Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes | ITPro

• Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)

• HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft (engadget.com)

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)

• Massive cyber attack targets Ukrainian online bank (kyivindependent.com)

• Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• Ukrainian energy giant, postal service, transportation agencies hit by cyber attacks (therecord.media)

• Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)

Iran

• Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers (darkreading.com)

• With Iran's cyber attacks on rise since Gaza war, Israel looks to private industry - Al-Monitor: Independent, trusted coverage of the Middle East

North Korea

• North Korea's ScarCruft Attackers Gear Up to Target Cyber Security Pros (darkreading.com)

Vulnerability Management

• 45% of critical CVEs left unpatched in 2023 - Help Net Security

• Patch management: Why firms ignore vulnerabilities at their own risk | ITPro

• What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard

• Security vendors are accused of bending CVE assignment rules • The Register

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The effect of omission bias on vulnerability management - Help Net Security

• 52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)

Vulnerabilities

• Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)

• CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)

• Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)

• Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)

• Chrome 121 ships with security updates and new AI tools - gHacks Tech News

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek

• Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek

• Patch Your Fortra GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin (thehackernews.com)

• Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)

• Security vendors are accused of bending CVE assignment rules • The Register

• Mozilla Releases Security Updates for Thunderbird and Firefox | CISA

• 5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)

• Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)

Tools and Controls

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Ransomware recovery – the need for speed | TechRadar

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Password Manager Statistics 2024 (coolest-gadgets.com)

• How to Shine in Your Next Cyber Security Audit - Security Boulevard

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The 9 best incident response metrics and how to use them | TechTarget

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

• We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

• Emerging trends and strategies in digital forensics - Help Net Security

• Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Reports Published in the Last Week

• Cloudflare Releases 2024 API Security and Management Report (infoq.com)

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Other News

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Threat actors are exploiting web applications - Security Boulevard

• Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru

• Cyber Security Challenges at the World Economic Forum (govtech.com)

• Much-Needed Cyber Security Help for Hospitals May Have Strings Attached | Corporate Counsel (law.com)

• The Threat Landscape Is Always Changing: What to Expect in 2024  | Proofpoint US

• What is Lateral Movement in Cyber Security? - Security Boulevard

• Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine

• US continues to be leading cyber threat target | SC Media (scmagazine.com)

• Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)

• Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)

• Government Security Vulnerabilities Surge By 151%, Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.

The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.

https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9

• Social Engineering Drives BEC Losses to $50B Globally

Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.

Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.

https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally

• Creating A Cyber Conscious Culture—It Must Be Driven from the Top

Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.

The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.

https://www.forbes.com/sites/forbestechcouncil/2023/06/12/creating-a-cyber-conscious-culture-it-must-be-driven-from-the-top/sh=6a0bb36426cc

• Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?

From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.

https://www.csoonline.com/article/3698517/artificial-intelligence-is-coming-to-windows-are-your-security-policy-settings-ready.html

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.

More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.

Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.

https://www.msspalert.com/cybersecurity-research/cyber-crooks-targeting-employees-organizations-fight-back-with-training-programs/

• Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.

A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.

https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

• Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour

A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.

Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.

The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.

https://www.itsecurityguru.org/2023/06/15/it-security-guru-study-shows-over-one-in-ten-brits-are-willing-to-engage-in-illegal-or-illicit-online-behaviour-as-the-cost-of-living-crisis-worsens 

https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/

• Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.

https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

https://www.csoonline.com/article/3699122/microsoft-office-365-aitm-phishing-reveals-signs-of-much-larger-bec-campaign.html

• Europol Warns of Metaverse and AI Terror Threat

New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.

Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.

https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/

• What is AI, and is it Dangerous?

Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.

Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.

https://www.bbc.co.uk/news/technology-65855333

https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html

• Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.

Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.

https://www.csoonline.com/article/3698297/cyber-liability-insurance-vs-data-breach-insurance-whats-the-difference.html

• Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.

This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.

https://news.clearancejobs.com/2023/06/07/exploring-the-dark-web-hitman-for-hire-and-the-realities-of-online-activities/

Governance, Risk and Compliance

• Creating A Cyber-Conscious Culture—It Must Be Driven From The Top (forbes.com)

• Most businesses vulnerable to attacks on the cyber battlefield - The Globe and Mail

• 10 Important Security Tasks You Shouldn't Skip (darkreading.com)

• Just 14% of CISOs possess desired traits for cyber security-expert board positions: Report  | VentureBeat

• Enhancing security team capabilities in tough economic times - Help Net Security

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• How the modern CIO grapples with legacy IT | CIO

• Cyber debt levels reach tipping point - Help Net Security

• Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals (thehackernews.com)

• Lax security measures, sophisticated hackers reason for rise in cyber breaches (ewn.co.za)

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

• Red teaming can be the ground truth for CISOs and execs - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• CL0P Ransomware Gang Hits Multiple Governments, Businesses in Wide-Scale Attack - MSSP Alert

• Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch

• Cyber extortion hits all-time high - Help Net Security

• How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)

• Researchers Report First Instance of Automated SaaS Ransomware Extortion (darkreading.com)

• Why Critical Infrastructure Remains a Ransomware Target (darkreading.com)

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• CISA: LockBit ransomware extorted $91 million in 1,700 US attacks (bleepingcomputer.com)

• Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)

• Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent (thehackernews.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)

• Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)

• Ransomware review: June 2023 (malwarebytes.com)

Ransomware Victims

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)

• Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (therecord.media)TfL warns 13,000 staff that it was raided by Russian hackers (telegraph.co.uk)

• Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)

• JBS’s cyber security was poor prior to 2021 ransomware attack, homeland security records show | Successful Farming (agriculture.com)

• An Illinois hospital links closure to ransomware attack (nbcnews.com)

• US energy department, other agencies hit in global hacking spree | Reuters

• iTWire - Financial services firm FIIG hit by cyber attack, ALPHV claims credit

• The University of Manchester hit by cyber security breach after detecting 'unauthorised activity' - Manchester Evening News

• Xplain data breach also impacted national Swiss railway FSS - Security Affairs

• Rhysida ransomware leaks documents stolen from Chilean Army (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign | CSO Online

• Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organisations (thehackernews.com)

• Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams (psypost.org)

• Log4J exploits may rise further as Microsoft continues war on phishing | ITPro

• Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam (darkreading.com)

• Massive phishing campaign uses 6,000 sites to impersonate 100 brands (bleepingcomputer.com)

BEC – Business Email Compromise

• Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants (thehackernews.com)

• Microsoft warns of multi-stage AiTM phishing and BEC attacks - Security Affairs

• Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)

Artificial Intelligence

• New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)

• Artificial intelligence is coming to Windows: Are your security policy settings ready? | CSO Online

• Europol Warns of Metaverse and AI Terror Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How Europe is Leading the World in the Push to Regulate AI - SecurityWeek

• AI is moving too fast to regulate, security minister warns (telegraph.co.uk)

• AI to render humans 'second most intelligent creations' | ITWeb

• LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs

• What is AI, is it dangerous and what jobs are at risk? - BBC News

• The perils of open-source AI | Financial Times (ft.com)

• Calculations Suggest It'll Be Impossible to Control a Super-Intelligent AI : ScienceAlert

2FA/MFA

• Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert

• Small organisations outpace large enterprises in MFA adoption - Help Net Security

Malware

• New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies (thehackernews.com)

• Cyber criminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable (thehackernews.com)

• New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)

• Pirated Windows 10 ISOs install clipper malware via EFI partitions (bleepingcomputer.com)

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)

• Gozi banking malware “IT chief” finally jailed after more than 10 years – Naked Security (sophos.com)

• LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs

• New ‘Shampoo’ Chromeloader malware pushed via fake warez sites (bleepingcomputer.com)

• Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)

• Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits - SecurityWeek

• Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities (thehackernews.com)

Mobile

• How Popular Messaging Tools Instill a False Sense of Security (darkreading.com)

Denial of Service/DoS/DDOS

• Microsoft’s Azure portal down following new claims of DDoS attacks (bleepingcomputer.com)

• DOS Attacks Dominate, but System Intrusions Cause Most Pain (darkreading.com)

• Swiss government warns of ongoing DDoS attacks, data leak (bleepingcomputer.com)

• IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)

• 10 Different Types of DDoS Attacks and How to Prevent Them (geekflare.com)

• Exclusive: Inside FXStreet's DDoS Attack (financemagnates.com)

Internet of Things – IoT

• Why attackers love to target IoT devices | VentureBeat

• IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)

• How secure is your vehicle with digital key technology? - Help Net Security

• Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers | Hackaday

Data Breaches/Leaks

• Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch

• HSE hit by second 'international scale criminal' cyber attack as they monitor dark web for stolen data - Irish Mirror Online

• New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)

• Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat

• Xplain data breach also impacted national Swiss railway FSS - Security Affairs

• Examining the long-term effects of data privacy violations - Help Net Security

• A Massive Vaccine Database Leak Exposes IDs of Millions of Indians | WIRED

• Swiss Fear Government Data Stolen in Cyber attack - SecurityWeek

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Have I Been Pwned warns of new Zacks data breach impacting 8 million (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The Complexities of Hacking: Exploring the thin line between cyber crime and ethical hacking | Euronews

• When It Comes to Cyber crime, the Medium Makes Us Vulnerable - Centre for International Governance Innovation (cigionline.org)

• Cyber criminals return to business as usual in a post-pandemic world - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers steal $3 million by impersonating crypto news journalists (bleepingcomputer.com)

• Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme (thehackernews.com)

• New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)

• Cryptocurrency Attacks Quadrupled as Cyber criminals Cash In (darkreading.com)

• Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)

Insider Risk and Insider Threats

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Top 10 Risky Behaviours of Employees - IT Security Guru

• Insider Threat Vs Outsider Threat: Which Is Worse? (informationsecuritybuzz.com)

• Study shows over one in ten Brits are willing to engage in ‘illegal or illicit’ online behaviour as the Cost of Living crisis worsens - IT Security Guru

Fraud, Scams & Financial Crime

• Yet more direct calling fiends fined by UK's data watchdog • The Register

• Cost-of-Living Crisis Drives Insider Threat Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• New Study Takes a Deep Dive Into Lookalike Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• After Important Cyber Insurance Victory for Policyholders, Focus Turns to Insurers' Proposed Changes to War Exclusions | HUB | K&L Gates (klgates.com)

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• The insurance industry cyber crime report: recent attacks on insurance businesses | Insurance Business America (insurancebusinessmag.com)

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

Dark Web

• Exploring the Dark Web: Hitman for Hire and the Realities of Online Activities - ClearanceJobs

Supply Chain and Third Parties

• New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries (thehackernews.com)

Cloud/SaaS

• SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint - SecurityWeek

• New MOVEit Transfer critical flaws found after security audit, patch now (bleepingcomputer.com)

• Seven steps for using zero trust to protect your multicloud • The Register

• New cloud security guidance: it's all about the config - NCSC.GOV.UK

• Microsoft keeps quiet on talk of possible Azure DDoS attack • The Register

• New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries (thehackernews.com)

Encryption

• Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away | Ars Technica

Open Source

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Thoughts on scheduled password changes (don’t call them rotations!) – Naked Security (sophos.com)

• Microsoft misused our dark web data, says security vendor • The Register

• RDP honeypot targeted 3.5 million times in brute-force attacks (bleepingcomputer.com)

• Want to be hacked? Just make these password mistakes | Tom's Guide (tomsguide.com)

Training, Education and Awareness

• Top 10 Risky Behaviours of Employees - IT Security Guru

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

Digital Transformation

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

Regulations, Fines and Legislation

• AI is moving too fast to regulate, security minister warns (telegraph.co.uk)

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)

• Yet more direct calling fiends fined by UK's data watchdog • The Register

• How Europe is Leading the World in the Push to Regulate AI - SecurityWeek

• Feds extend deadline for software security attestations • The Register

Models, Frameworks and Standards

• 3 ways we've made the CIS Controls more automation-friendly - Help Net Security

• Use PCI DSS Checklist with Automation (trendmicro.com)

Data Protection

• UK and US Agree Deal to Facilitate Personal Data Flows - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• #InfosecurityEurope: Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Gozi banking malware “IT chief” finally jailed after more than 10 years – Naked Security (sophos.com)

• LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020 (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• Examining the long-term effects of data privacy violations - Help Net Security

• FBI: FISA Section 702 'absolutely critical' • The Register

• Strava heatmap feature can be abused to find home addresses (bleepingcomputer.com)

• US Intelligence Has Admitted Amassed Data on 'Nearly Everyone' (gizmodo.com)

• Feds Say Facial Recognition IDed Bosnian War Criminal Miljkovic (gizmodo.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Putin’s little cyber helpers turn their sights on the UK (telegraph.co.uk)

• Russia-Ukraine war sending shockwaves into cyber-ecosystem • The Register

• Ukrainian hackers take down service provider for Russian banks (bleepingcomputer.com)

• Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC - Security Affairs

• 'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware (darkreading.com)

• RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare (darkreading.com)

• Pro-Russian hackers step up attacks against Swiss targets, authorities say | Reuters

• Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)

• Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)

• Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)

• Pro-Russian Hackers Target Website of Europe’s Largest Port in Rotterdam - Bloomberg

• Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine - Security Affairs

• Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent (thehackernews.com)

• New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organisations (thehackernews.com)

• Russia-backed hackers unleash new USB-based malware on Ukraine’s military | Ars Technica

• Microsoft Names Russian Threat Actor "Cadet Blizzard" - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Iran's 'quantum processor' turned out to be a $600 dev board | PC Gamer

• China-based threat actors target UIDAI, AIIMS, ICMR: Govt advisory (moneycontrol.com)

• Subsea cables: how the US is pushing China out of the internet’s plumbing

• China's cyber now aimed at infrastructure, warns CISA boss

• Cyber security: Americans should prepare for cyber sabotage from Chinese hackers, US official warns - The Economic Times (indiatimes.com)

• Ukraine information sharing a model for countering China, top cyber official says | CyberScoop

• Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs (darkreading.com)

• North Korea created evil twin of South Korea's Naver.com • The Register

• Behind the Scenes Unveiling the Hidden Workings of Earth Preta (trendmicro.com)

• Gloucester: Russian hackers behind cyber-attack on council - BBC News

• Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT (darkreading.com)

• Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

• Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)

Vulnerability Management

• Why Detecting Behaviors Beats Zero-Days | Blumira

Vulnerabilities

• Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack (thehackernews.com)

• Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News

• Fortinet: Patched Critical Flaw May Have Been Exploited (darkreading.com)

• Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News

• CISA orders federal agencies to secure Internet-exposed network devices (bleepingcomputer.com)

• Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs (bleepingcomputer.com)

• Log4J exploits may rise further as Microsoft continues war on phishing | ITPro

• Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry (thehackernews.com)

• New Critical Google Chrome Payments Security Issue Confirmed (forbes.com)

• Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin (thehackernews.com)

• VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) - Help Net Security

• Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

• US energy department, other agencies hit in global hacking spree | Reuters

Tools and Controls

• The Complexities of Hacking: Exploring the thin line between cyber crime and ethical hacking | Euronews

• Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Reports Finds (darkreading.com)

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

• Red teaming can be the ground truth for CISOs and execs - Help Net Security

• How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)

• Secure Sign-in Trends Report | Okta

• What is Dark Web Monitoring and How Does It Work? | Trend Micro News

• New cloud security guidance: it's all about the config - NCSC.GOV.UK

• Why Now? The Rise of Attack Surface Management (thehackernews.com)

• Why Detecting Behaviours Beats Zero-Days | Blumira

• What Is Red Teaming and How Does It Work? (howtogeek.com)

• Exploring the All-Time Best Book for Ethical Hacking – Codelivly

• Beyond MFA: 3 steps to improve security and reduce customer authentication friction - Help Net Security

• Enhancing security team capabilities in tough economic times - Help Net Security

• Small organisations outpace large enterprises in MFA adoption - Help Net Security

• Cyber debt levels reach tipping point - Help Net Security

• MSSQL makes up 93% of all activity on honeypots tracking 10 databases | SC Media (scmagazine.com)

• Attack Surface Management Strategies (trendmicro.com)

• 5 best practices to ensure the security of third-party APIs | CSO Online

• Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert

Reports Published in the Last Week

• Secure Sign-in Trends Report | Okta

• Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat

Other News

• #InfosecurityEurope: What TechUK's New Plan Means for Cyber security - Infosecurity Magazine (infosecurity-magazine.com)

• A Tech Plan to "Build a Better Britain" - IT Security Guru

• German National Security Strategy leaves out cyber counter-attacks – EURACTIV.com

• Moving the Cyber Industry Forward Requires a Novel Approach (darkreading.com)

• (ISC)² and CIISec Release Guide to Inclusive Language in Cyber security - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.