Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

• Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

• 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

• UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

• Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

• An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

• Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

• Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

• Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

• Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

• Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

• PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

• Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Threats

Ransomware, Extortion and Destructive Attacks

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

• Bitcoin-demanding cyber criminals use bug from 2021 to initiate global ransomware attack  | TechCrunch

• UK second most targeted nation behind America for Ransomware - IT Security Guru

• Hackers who breached ION say ransom paid; company declines comment | Reuters

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)

• Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs

• Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)

• Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)

• Nevada Ransomware has released upgraded locker - Help Net Security

• Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs

• Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online

• Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• New Linux variant of Clop Ransomware uses a flawed encryption-security affairs

• After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop

• Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)

• Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools (darkreading.com)

• Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley

• MKS Instruments falls victim to ransomware attack | CSO Online

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop

Phishing & Email Based Attacks

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert

• An email attack can end up costing you over $1 million - Help Net Security

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• 'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

BEC – Business Email Compromise

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

Malware

• Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)

• Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)

• GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)

• Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)

• New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)

• Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)

Mobile

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• Android phones from Chinese vendors share private data • The Register

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDOS

• Passion botnet cyber  Attacks hit healthcare, as actors offer threat as DDoS-as-a-service  | SC Media (scmagazine.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

Internet of Things – IoT

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)

• Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Breaches/Leaks

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)

• 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek

• US Cyber Ambassador's Twitter account hacked • The Register

• Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Reddit reveals security incident • The Register

• Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)

Organised Crime & Criminal Actors

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek

• Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security

• Australian Man Sentenced for Scam Related to Optus Hack  - SecurityWeek

• Bungling Optus scammer was no criminal mastermind • Graham Cluley

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Avraham Eisenberg in court accused of crypto exchange crash • The Register

• Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)

• Scammers steal $4 million in crypto during in-person meeting • The Register

• Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)

Insider Risk and Insider Threats

• Another RAC staffer nabbed for sharing road accident data • The Register

• Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Fraud, Scams & Financial Crime

• PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware (darkreading.com)

• As V-Day nears: Romance scams cost victims $1.3B last year • The Register

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• Father killed himself after falling victim to romance scam | News | The Times

• 'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• From ‘hi mum’ to crypto fraud: five of the latest scams to watch out for | Cyber crime | The Guardian

• Criminals use Telegram to recruit 'walkers' as America's big banks see an 84% increase in check fraud (cnbc.com)

• 5 Financial Scams To Watch Out For In 2023 (cnbc.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• Banks leave doors open for scammers with flaws in online security | This is Money

• Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Impersonation Attacks

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online

AML/CFT/Sanctions

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

Insurance

• Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)

• Cyber Insurance, A Must-Have for Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• How to Optimise Your Cyber Insurance Coverage (darkreading.com)

Dark Web

• BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Have we learnt nothing from SolarWinds supply chain attacks? • The Register

• Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek

Software Supply Chain

• Security pros say third parties are increasingly the cause of cyber security incidents | SC Media (scmagazine.com)

Cloud/SaaS

• How the Cloud Is Shifting CISO Priorities (darkreading.com)

• Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)

• Amazon S3 to apply security best practices for all new buckets - Help Net Security

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• 7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)

Hybrid/Remote Working

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Predictions For Securing Today's Hybrid Workforce (darkreading.com)

Identity and Access Management

• 4 identity predictions for 2023 | TechTarget

Encryption

• It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

API

• 10 API Security Best Practices To Protect Your Organisation (informationsecuritybuzz.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

Biometrics

• Novel face swaps emerge as a major threat to biometric security - Help Net Security

Social Media

• Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Malvertising

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

Training, Education and Awareness

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

• Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)

Parental Controls and Child Safety

• It’s never too early to chat to your kids about online safety | Sarah Ayoub | The Guardian

Regulations, Fines and Legislation

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Prioritising Cyber security Regulation Harmonisation (darkreading.com)

Governance, Risk and Compliance

• Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• The dangers of unsupported applications - Help Net Security

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Trends that impact on organisations' 2023 security priorities - Help Net Security

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)

• Surge of swatting attacks targets corporate executives and board members | CSO Online

• Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Models, Frameworks and Standards

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Protection

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• European Police Arrest 42 After Cracking Covert App - SecurityWeek

• Eurocops shut down Exclu encrypted messaging app • The Register

• Vastaamo hacking suspect arrested in France | TechTarget

• Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

Artificial Intelligence

• Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber  Attacks? Here are Some Clues - MSSP Alert

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security

• Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

• Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)

• Generative AI: A benefit and a hazard - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Google's Bard AI bot mistake wipes $100bn off shares - BBC News

• $120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)

• Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• What is hybrid warfare? Inside the centre dealing with modern threats - BBC News

• Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB's warrantless surveillance-security affairs

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek

• US teases new China tech sanctions to deflate balloon-makers • The Register

Nation State Actors

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek

• US Downs Chinese Balloon Off Carolina Coast - SecurityWeek

• How did the US successfully shoot down China's 'spy balloon' with a single missile - and what was on it? | US News | Sky News

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Android phones from Chinese vendors share private data • The Register

• US sources insist Chinese balloon was military - BBC News

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• SNP MP Stewart McDonald's emails hacked by Russian group - BBC News

• Australia to remove Chinese surveillance cameras amid security fears - BBC News

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek

• Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Downed balloon one of a ‘fleet’ of Chinese surveillance devices, US alleges | Surveillance | The Guardian

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

• NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (thehackernews.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

• US teases new China tech sanctions to deflate balloon-makers • The Register

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop

Vulnerability Management

• Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online

• The dangers of unsupported applications - Help Net Security

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• How to fix the top 5 cyber security vulnerabilities | TechTarget

• 20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)

Vulnerabilities

• High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek

• Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)

• Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs

• Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)

• GoAnywhere MFT zero-day flaw actively exploited-security affairs

• Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs

• Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online

• Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)

• Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)

• OpenSSL Ships Patch for High-Severity Flaws - SecurityWeek

• Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)

• SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)

• Chrome 110 Patches 15 Vulnerabilities - SecurityWeek

• OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Tools and Controls

• Growing number of endpoint security tools overwhelm users, leaving devices unprotected | CSO Online

• Poor Endpoint Device Management Trigger Cyber  Attacks, New Report Finds - MSSP Alert

• Implementing Digital Rights Management Systems to Safeguard Against Unauthorised Access Of Protected Content (informationsecuritybuzz.com)

• Endpoint security getting easier, but most organisations lack tool consolidation - Help Net Security

Other News

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)

• Surge of swatting a attacks targets corporate executives and board members | CSO Online

• Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.