Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Governance, Risk and Compliance

• Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• How to establish a great security awareness culture (att.com)

• More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)

• Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)

• SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

• Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)

• AI-related security fears drive 2024 IT spending - Help Net Security

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Threats

Ransomware, Extortion and Destructive Attacks

• SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)

• Ransomware attacks surge, highlighting need for detection, response tools: Allianz - Reinsurance News

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (darkreading.com)

• Ransomware is threatening more businesses than ever before | TechRadar

• Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)

• Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

• Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)

• Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Five things organisations don’t consider before a ransomware attack | TechRadar

• Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR

• Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)

• BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)

• Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg

• Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)

• Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News

• Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Should Ransom Payments Be Made Illegal | Intel471

• ThreatLabz state of ransomware report | ITPro | ITPro

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Ransomware Victims

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News

• Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week

• US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)

• Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)

• American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)

• Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)

• Volex dented by cyber attack costs but full-year results are on track | AIM:VLX (proactiveinvestors.co.uk)

• Cyber crims leak patient pics in low blow bid to win ransom • The Register

Phishing & Email Based Attacks

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• Over 200 million malicious emails were detected in Q3 2023 | Security Magazine

• Watch out - that QR code could just be a phishing scam | TechRadar

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Email security threats are more dangerous than ever - here's what you need to know | TechRadar

• What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert

• The US released popular phishing techniques | Inquirer Technology

• Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE

• Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru

Other Social Engineering; Smishing, Vishing, etc

• Social engineering: Hacking minds over bytes (att.com)

Artificial Intelligence

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• New Survey From Abnormal Security Reveals 98% Of Security Leaders Worry About the Risks of Generative AI | Business Wire

• AI-related security fears drive 2024 IT spending - Help Net Security

• Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly

• AI-Based Cyber Attacks Target HR Teams (thehrworld.co.uk)

• Governments, firms should spend more on AI safety, top researchers say | Reuters

• Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• AI risk must be treated as seriously as climate crisis, says Google DeepMind chief | Technology | The Guardian

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)

• Businesses ignorant to gen AI security threats suggests research (ship-technology.com)

• Inside the battle to contain – and capitalise on – artificial intelligence | World news | The Guardian

• AI to Create Demand for Digital Trust Professionals, ISACA Survey Find - Infosecurity Magazine (infosecurity-magazine.com)

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Britain’s Big AI Summit Is a Doom-Obsessed Mess | WIRED

• Oops! When tech innovations create new security threats | CSO Online

• UK officials use AI to decide on issues from benefits to marriage licences | Artificial intelligence (AI) | The Guardian

2FA/MFA

• Okta support system breach highlights need for strong MFA policies | CSO Online

Malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• Hackers are using an incredibly sneaky trick to hide malware | Digital Trends

• Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)

• Dangerous new malware can crack encrypted USB drives | TechRadar

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• 'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

Mobile

• Android trojan spotted in the wild can record audio and phone calls | ZDNET

• Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation (thehackernews.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• A huge amount of financial apps contain security flaws - and this is the best scoring industry | TechRadar

• Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News

• Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)

• Android adware apps on Google Play amass two million installs (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

• Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)

Internet of Things – IoT

• How an explosion of 'smart' devices is threatening US households -- and national security (nypost.com)

• UK government finalises IoT cyber security requirements - Lexology

Data Breaches/Leaks

• Okta says hackers breached its support system and viewed customer files | Ars Technica

• Okta support system breach highlights need for strong MFA policies | CSO Online

• 1Password suffers cyber security incident after latest Okta breach - Tech Monitor

• Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)

• Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)

• City of Philadelphia discloses data breach after five months (bleepingcomputer.com)

• 500k Irish National Police records exposed by third party • The Register

• The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)

Organised Crime & Criminal Actors

• More than 500 potential cyber attacks logged every second, BT says | The Independent

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insider Risk and Insider Threats

• Forget the outside hacker, the bigger threat is inside • The Register

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

Fraud, Scams & Financial Crime

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Online scammers target desperate loan seekers using online fraud | TechRadar

• Christmas scams to watch out for this festive season (nationalworld.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Deepfakes

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insurance

• Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)

• Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra

• Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)

Dark Web

• A Look at Key Dark Web Statistics (2023 Data Update) (techreport.com)

Supply Chain and Third Parties

• 500k Irish National Police records exposed by third party • The Register

Software Supply Chain

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

Cloud/SaaS

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)

• Passwords - not all they are cracked up to be | TechRadar

• 'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)

• 10 Bad Password Habits You Need to Break (howtogeek.com)

Social Media

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• Threat actor is selling access to Facebook and Instagram's Police Portal (securityaffairs.com)

Malvertising

• Malvertisers Using Google Ads to Target Users Searching for Popular Software (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

Regulations, Fines and Legislation

• Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• UK government finalises IoT cyber security requirements - Lexology

• Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199 | Baker Donelson - JDSupra

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Models, Frameworks and Standards

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• CMMC 2.0: What You Need to Know - ClearanceJobs

Backup and Recovery

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

Law Enforcement Action and Take Downs

• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)

• Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• ‘I’m looking for fewer ways to be traceable, not more’ | Financial Times

• Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)

• ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)

Misinformation, Disinformation and Propaganda

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)

• International Criminal Court attack was targeted and sophisticated (securityaffairs.com)

• Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)

• It's Time to Establish the NATO of Cyber Security (darkreading.com)

• War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360

• International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

Geopolitical Threats/Activity

• Cyber attacks in the Israel-Hamas war (cloudflare.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

China

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)

• Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live

• Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)

Russia

• Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg

• Ukraine's IT army is a world first: here's why it is an important part of the war (theconversation.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International

• Pro-Russia group behind today’s mass cyber attack against Czech institutions - Prague, Czech Republic (expats.cz)

• Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)

• Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)

• Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert

• France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Inside Ukraine's Cyber Army (globelynews.com)

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Ex-NSA techie admits to selling state secrets to Russia • The Register

Iran

• Iran APT Targets the Mediterranean With Watering-Hole Attacks (darkreading.com)

North Korea

• US seizes sites that funnel money from North Korean IT workers for illicit activities | SC Media (scmagazine.com)

• Freelance Market Flooded With North Korean IT Actors (darkreading.com)

Vulnerability Management

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

Vulnerabilities

• Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)

• Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly

• Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• Cisco hackers likely taking steps to avoid identification | Computer Weekly

• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week

• Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)

• Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week

• The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Apple Ships Major iOS, macOS Security Updates - Security Week

• Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica

• ServiceNow quietly fixes 8-year-old data exposure flaw • The Register

Tools and Controls

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Cyber attack response plans need to be in place to avoid chaos - FreightWaves

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• What is Network Segmentation? Virtual & Physical Segmentation | UpGuard

• AI-related security fears drive 2024 IT spending - Help Net Security

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)

• Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

• Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)

• Cyber security concerns grow among physical security professionals | Security Magazine

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Other News

• MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online

• UK Parliament Opens Inquiry into Cyber-Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Strategies to overcome cyber security misconceptions - Help Net Security

• UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

• 5 important cyber security takeaways for law firms - Lawyers Weekly

• How Cyber Security Has Evolved In The Past 20 Years (forbes.com)

• HMRC annual report triggers cyber red alert | AccountingWEB

• Oops! When tech innovations create new security threats | CSO Online

• Spooky Cyber Statistics And Trends You Need To Know (forbes.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

• Proactively preventing your company from becoming the next cyber attack headline (betanews.com)

• Cyber security trends 2023 | Allianz Commercial

• Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon

• Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review

• OT cyber attacks proliferating despite growing cyber security spend - Help Net Security

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)

• What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)

• Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Ransomware Report: Most Organisations Unprepared for an Attack, Lack Incident Playbook, Research Finds

Some organisations have made significant improvements to their ransomware readiness profile in the last year, Axio said in a newly released report. However, a lack of fundamental cyber security practices and controls, inadequate vulnerability patching and employee training continues to leave ransomware defences lacking in potency.

Axio’s report reveals that only 30% of organisations have a ransomware-specific playbook for incident management in place. In 2021’s report Axio, maker of a cloud-based cyber management software platform, identified seven key areas emerged where organisations were deficient in implementing and sustaining basic cyber security practices.

The same patterns showed up in the 2022 report:

• Managing privileged access.

• Improving basic cyber hygiene.

• Reducing exposure to supply chain and third-party risk.

• Monitoring and defending networks.

• Managing ransomware incidents.

• Identifying and addressing vulnerabilities in a timely manner.

• Improving cyber security training and awareness.

Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:

• The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.

• Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.

• Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.

• Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.

• Critical vulnerability patching within 24 hours was reported by only 24% of organisations.

• Active phishing training has improved but is still not practiced by 40% of organisations.

https://www.msspalert.com/cybersecurity-research/most-organizations-unprepared-for-ransomware-attack-lack-incident-playbook-axio-reports/

• LinkedIn Scams, Fake Instagram Accounts Hit Businesses, Execs

Business owners with public social media accounts are easy targets for scammers who lift information to create fake accounts. The arduous process for removing fraudulent accounts leaves victims frustrated and vulnerable to further data privacy issues. Victims say platform providers, particularly Facebook and Instagram, must improve their responses to reports of fraud.

Impersonation of a brand or executive contributed to more than 40% of all phishing and social media incidents in the second quarter, according to the Agari and Phish Labs Quarterly Threat Trends and Intelligence Report released in August. Q2 marks the second quarter that impersonation attacks have represented the majority of threats, despite a 6.1% decrease from Q1.

Executive impersonation has been on the rise over the past four quarters — representing more than 15% of attacks, according to the report — as impersonating a corporate figure or company on social media is simple and effective for threat actors.

Thom Singer, CEO for the Austin Technology Council and a public speaker, was recently impersonated on Instagram. A scammer created a fake Instagram account with his name and photos, creating a handle with an extra "r" at the end of Singer. That account appeared to amass over 2,300 followers – nearly as many as Singer's own account – lending to its appearance of authenticity.

He learned of the fake account from a contact who texted to ask if he'd reached out on Instagram, which wasn't a channel Singer typically uses to communicate. Singer reported the fraudulent account using the platform's report button and asked his followers to do the same.

"You can't reach anyone at these platforms, so it takes days to get a fake account removed," Singer said. "These social media sites have no liability, nothing to lose when fraud is happening. They need to up their game and have a better process to get [fraud] handled in a timely manner."

https://www.techtarget.com/searchsecurity/feature/LinkedIn-scams-fake-Instagram-accounts-hit-businesses-execs

• Study Highlights Surge in Identity Theft and Phishing Attacks

A new study from behavioural risk firm CybSafe and the National Cybersecurity Alliance (NCA) has been launched and it highlights an alarming surge in phishing and identity theft attacks.

The report, titled ‘Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors report’, studied the opinions of 3,000 individuals across the US, the UK and Canada towards cyber security and revealed that nearly half (45%) of users are connected to the internet all the time, however, this has led to a surge in identity theft with almost 1 in 4 people being affected by the attack.

Furthermore, 1 in 3 (36%) respondents revealed they have lost money or data due to a phishing attack. Yet the study also revealed that 70% of respondents feel confident in their ability to identify a malicious email, but only 45% will confirm the authenticity of a suspicious email by reaching out to the apparent sender.

When it comes to implementing cyber security best practices, only 33% of respondents revealed they use a unique password for important online accounts, while only 16% utilise passwords of over 12 characters in length. Furthermore, only 18% of participants have downloaded a stand-alone password manager, while 43% of respondents have not even heard of multi-factor authentication.

https://www.itsecurityguru.org/2022/10/12/study-highlights-surge-in-identity-theft-and-phishing-attacks/

• Increase in Cyber Liability Insurance Claims as Cyber Crime Skyrockets

A cyber insurer, Acuity Insurance, is reporting an increased need for cyber liability insurance across both personal and business policyholders. From June 2021 to June 2022, the insurer saw cyber liability insurance claims on its commercial insurance policies increase by more than 50%. For personal policies, they saw more than a 90% increase in cyber claims being reported in 2021 compared with 2020.

Our lives, homes and businesses are more connected than ever before. Being connected leads to a greater risk of cyber attacks, which aren't covered under standard homeowners or business insurance policies.

The insurance experts caution that everyone is at risk — whether you are a small business owner or an individual — as cyber attacks continue to pose a serious financial threat. From 2019 to 2021, cyber attacks were up 50% from the previous year, according to recent research. Wire fraud and gift card scams are two of the most common types of cyber attacks impacting both businesses and individuals.

Scams involving social engineering are some of the easiest to fall for, as fraudsters exploit a person's trust to obtain money or personal information, which can then be used for unauthorised withdrawals of money. Cyber insurance can protect you from financial loss caused by wire transfer fraud, phishing attacks, cyber extortion, cyberbullying and more, Acuity reported.

While all cyber crimes have a financial impact, fraudulent wire transfers often come with greater losses. Banks are typically not responsible for funds lost as a result of a fraudulent wire transfer inadvertently authorised by the customer. Whether it's a wrongful money transfer by a business or an individual, cyber insurance can help mitigate some of the financial loss caused by these scams.

https://www.darkreading.com/attacks-breaches/acuity-reports-increase-in-cyber-liability-insurance-claims-as-cybercrime-skyrockets

• UK Government Urges Action to Enhance Supply Chain Security

The UK government has warned organisations to take steps to strengthen their supply chain security.

New National Cyber Security Centre (NCSC) guidance has been issued amid a significant increase in supply chain attacks in recent years, such as the SolarWinds incident in 2020. The NCSC cited official government data showing that just over one in 10 businesses review the risks posed by their immediate suppliers (13%), while the proportion covering the wider supply chain is just 7%.

Aimed at medium-to-large organisations, the document sets out practical steps to better assess cyber security across increasingly complex supply chains. This includes a description of typical supplier relationships and ways that organisations are exposed to vulnerabilities and cyber-attacks via the supply chain, and the expected outcomes and key steps needed to assess suppliers’ approaches to security.

The new guidance followed a government response to a call for views last year which highlighted the need for further advice. Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers. With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place.

https://www.infosecurity-magazine.com/news/uk-government-supply-chain-security/

• For Most Companies Ransomware Is the Scariest Of All Cyber Attacks

SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyber attacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

“No one is safe from cyber attacks — businesses or individuals,” said SonicWall Executive Chairman of the Board Bill Conner. “Today’s business landscape requires persistent digital trust to exist. Supply-chain attacks have dramatically changed the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before.

“It’s likely we’ll see continued acceleration and evolution of ransomware tactics, as well as other advanced persistent threats (APTs), as cyber crime continues to scale the globe seeking both valuable and weak targets.”

Companies are not only losing millions of dollars to unending malware and ransomware strikes, but cyber attacks on essential infrastructure are impacting real-world services. Despite the growing concern of cyber attacks, organisations are struggling to keep pace with the fast-moving threat landscape as they orient their business, networks, data and employees against unwavering cyber attacks.

“The evolving cyber threat landscape has made us train our staff significantly more,” said Stafford Fields, IT Director, Cavett Turner & Wyble. “It’s made us spend more on cyber security. And what scares me is that an end-user can click on something and bring all our systems down — despite being well protected.”

https://www.helpnetsecurity.com/2022/10/12/customers-concerned-ransomware/

• EDR Is Not a Silver Bullet

Old lore held that shooting a werewolf, vampire, or even just your average nasty villain with a silver bullet was a sure-fire takedown: one hit, no more bad guy.

As cyber security professionals, we understand – much like folks in the Old West knew – that there are no panaceas, no actual silver bullets. Yet humans gravitate towards simple solutions to complex challenges, and we are constantly (if unconsciously) seeking silver bullet technology.

Endpoint Detection and Response (EDR) tools have become Standard Operating Procedures for cyber security regimes. They are every CIO’s starting point, and there’s nothing wrong with this. In a recent study by Cymulate of over one million tests conducted by customers in 2021, the most popular testing vector was EDR.

Yet cyber security stakeholders should not assume that EDR is a silver bullet. The fact is that EDR’s efficacy and protective prowess as a standalone solution has been slowly diminished over the decade since the term was first coined by Gartner. Even as it became a mainstay of enterprise and SMB/SME security posture – attacks have skyrocketed in frequency, severity, and success. Today, EDR is facing some of its greatest challenges, including threats laser-targeting EDR systems like the highly-successful Grandoiero banking trojan.

While EDR should not be your only line of defence against advanced threats, including it in a defence solution array is paramount. It should be installed on all organisational servers – including Linux-based ones. Yet installation is not enough. Your organisation is at significant risk if the underlying OS and EDR are not both implemented and fine-tuned.

https://www.helpnetsecurity.com/2022/10/11/edr-is-not-a-silver-bullet/

• Attackers Use Automation to Speed from Exploit to Compromise

A report from Laceworks examines the cloud security threat landscape over the past three months and unveils the new techniques and avenues cyber criminals are exploiting for profit at the expense of businesses. In this latest edition, the Lacework Labs team found a significantly more sophisticated attacker landscape, with an increase in attacks against core networking and virtualisation software, and an unprecedented increase in the speed of attacks following a compromise. Key trends and threats identified include:

• Increased speed from exposure to compromise: Attackers are advancing to keep pace with cloud adoption and response time. Many classes of attacks are now fully automated to capitalise on timing. Additionally, one of the most common targets is credential leakage. In a specific example from the report, a leaked AWS access key was caught and flagged by AWS in record time. Despite the limited exposure, an unknown adversary was able to log in and launch tens of GPU EC2 instances, underscoring just how quickly attackers can take advantage of a single simple mistake.

• Increased focus on infrastructure, specifically attacks against core networking and virtualisation software: Commonly deployed core networking and related infrastructure consistently remains a key target for adversaries. Core flaws in infrastructure often appear suddenly and are shared openly online, creating opportunities for attackers of all kinds to exploit these potential targets.

• Continued Log4j reconnaissance and exploitation: Nearly a year after the initial exploit, the Lacework Labs team is still commonly observing vulnerable software targeted via OAST requests. Analysis of Project Discovery (interact.sh) activity revealed Cloudflare and DigitalOcean as the top originators.

https://www.darkreading.com/cloud/attackers-use-automation-to-speed-from-exploit-to-compromise-according-to-lacework-labs-cloud-threat-report

• Rising Premiums, More Restricted Cyber Insurance Coverage Poses Big Risk for Companies

Among the many consequences of the rising number of costly data breaches, ransomware, and other security attacks are pricier premiums for cyber security insurance. The rise in costs could put many organisations out of the running for this essential coverage, a risky proposition given the current threat landscape.

Cyber insurance is a type of specialty insurance that protects organisations against a variety of risks related to information security attacks such as ransomware and data breaches. Ordinarily, these types of risks aren’t included with traditional commercial general liability policies or are not specifically defined in these insurance plans.

Given the rise in attacks, the growing sophistication of these incidents and the potential financial impact, having cyber insurance coverage has become critical for many organisations. Premiums for these plans have been on the rise because of the increase in security-related losses and rising demand for coverage.

Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021, according to the Council of Insurance Agents & Brokers (CIAB), an association for commercial insurance and employee benefits intermediaries.

Among the primary drivers for the continued price increases were a reduced carrier appetite for the risk and high demand for coverage, CIAB said. The high demand for cyber coverage is in part fueled by greater awareness among companies of the threat cyber risk poses for businesses of all sizes, it said.

https://www.cnbc.com/2022/10/11/companies-are-finding-it-harder-to-get-cyber-insurance-.html

• Why CISO Roles Require Business and Technology Savvy

Listening and communicating to both the technical and business sides is critical to successfully leading IT teams and business leaders to the same end-goal.

Of all the crazy postings that advertise for CISO jobs, the one asking for a CISO to code in Python was probably the most outrageous example of the disconnect about a CISO’s role, says Joe Head, CISO search director at UK-based search firm, Intaso. This was a few years ago, and one can only guess that the role had been created by a technologist who didn’t care about or didn’t understand the business — or, inversely by a businessperson who didn’t understand enough about technology.

In either case, the disconnect is real. However, Head and other experts say that when it comes to achieving the true, executive role and reporting to the CEO and board, business skills rule. That doesn’t mean, however, that most CISOs know nothing about technology, because most still start out with technology backgrounds.

In the 2022 CISO survey by executive placement firm, Heidrick & Struggles, most CISOs come from a functional IT background that reflects the issues of the time. For example, in 2022 10% of CISOs came from software engineering backgrounds, which tracks with the White House directive to protect the software supply chain. The report notes that the majority of CISOs have experience in the financial services industry, which has a low risk tolerance and where more money is spent on security.

The survey also indicates that only a small core of CISOs (working primarily for the Fortune 500) rise to the executive level with the combination of business and technical responsibilities that come with the role. In it, more than two-thirds of CISOs responding to the survey worked for companies worth over $5 billion. So, instead of bashing a CISO’s lack of IT skills, the real need lies in developing business skills for the technologists coming up the ranks.

https://www.csoonline.com/article/3675952/why-ciso-roles-require-business-and-technology-savvy.html#tk.rss_news

• Wi-Fi Spy Drones Used to Snoop on Financial Firm

Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place.

The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe, but now these sort of attacks are actually taking place. A security researcher recently recounted an incident that occurred over the summer at a US East Coast financial firm focused on private investment.

The hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device.

This led the team to the roof, where two modified commercially available consumer drones series were discovered. One drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing. The second drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable.

During their investigation, they determined that the first drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi, and this data was then hard coded into the tools that were deployed on the second drone.

https://www.theregister.com/2022/10/12/drone-roof-attack/

• Magniber Ransomware Attacking Individuals and Home Users

A recent analysis shows that Magniber ransomware has been targeting home users by masquerading as software updates.

Reports have shown a ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims. Magniber was previously primarily spread through MSI and EXE files, but in September 2022 HP Wolf Security began seeing campaigns distributing the ransomware in JavaScript files.

HP Wolf Security reported that some malware families rely exclusively on JavaScript, but have done so for some time. Currently, analysts are also seeing more HTML smuggling, such as with Qakbot and IcedID. This technique also makes use of JavaScript to decode malicious content. The only difference is that the HTML file is executed in the context of the browser and therefore usually requires further user interaction.

Remarkably, HP Wolf Security said, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries.

It appears that with the UAC bypass, the malware deletes the infected system’s shadow copy files and disables backup and recovery features, preventing the victim from recovering their data using Windows tools.

Having recently described the ransomware campaign in a recent interview, HP Wolf noted that the infection chain starts with a web download from an attacker-controlled website.

https://www.itsecurityguru.org/2022/10/14/https-www-infosecurity-magazine-com-news-magniber-ransomware-adopts/

Threats

Ransomware and Extortion

• More and more ransomware is just data theft, no encryption • The Register

• Why paying the ransom is a mistake - Help Net Security

• Ransomware: Undeniably Top of Mind - MSSP Alert

• Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike (trendmicro.com)

• Magniber ransomware now infects Windows users via JavaScript files (bleepingcomputer.com)

• Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)

• It was LockBit that forced NHS tech supplier to shut down • The Register

• Ransomware posing as Windows antivirus update will just empty your wallet | TechRadar

• Microsoft: New Prestige ransomware targets orgs in Ukraine, Poland (bleepingcomputer.com)

• BlackByte ransomware uses new EDR evasion technique (techtarget.com)

• Prevent Ransomware Attacks on Critical Infrastructure (trendmicro.com)

• Microsoft Exchange servers hacked to deploy LockBit ransomware (bleepingcomputer.com)

• Harvard Business Publishing licensee hit by ransomware - Security Affairs

• LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware - Security Affairs

• Police tricks DeadBolt ransomware out of 155 decryption keys (bleepingcomputer.com)

Phishing & Email Based Attacks

• Caffeine service lets anyone launch Microsoft 365 phishing attacks (bleepingcomputer.com)

• Kaspersky Warns Of A New Wave Of Malicious Email Campaign, Spreading The (informationsecuritybuzz.com)

• A whole load of phishing emails make it past Microsoft Defender, researchers say | TechRadar

• Google Forms abused in new COVID-19 phishing wave in the U.S. (bleepingcomputer.com)

• US election workers hit with phishing, malware emails • The Register

• Cyber criminals are having it easy with phishing-as-a-service - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• BazarCall Call Back Phishing Attacks Constantly Evolving Its Social Engineering Tactics (thehackernews.com)

• Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (thehackernews.com)

Malware

• How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

• Banks face their 'darkest hour' as crimeware powers up • The Register

• Emotet Rises Again With More Sophistication, Evasion (darkreading.com)

• QAKBOT Attacks Spike Amid Concerning Cyber Criminal Collaborations (darkreading.com)

• Hackers behind IcedID malware attacks diversify delivery tactics (bleepingcomputer.com)

• Eternity threat group’s LilithBot: A criminal multitool • The Register

• New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks (thehackernews.com)

• Here's another excellent reason not to browse adult websites at work | TechRadar

• Experts analysed the evolution of the Emotet supply chain - Security Affairs

• Mirai Botnet Targeted Wynncraft Minecraft Server, Cloudflare Reports - Infosecurity Magazine (infosecurity-magazine.com)

• New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks (thehackernews.com)

Mobile

• Modified WhatsApp App Caught Infecting Android Devices with Malware (thehackernews.com)

• Meta uncovers 400 malicious apps on Android and iOS apps   | SC Media (scmagazine.com)

• ‘Zero-Click’ Spyware Emerges as a Menacing Mobile Threat - Bloomberg

• Mullvad: Android may leak information when connected to a VPN - gHacks Tech News

• Android Security Updates Patch Critical Vulnerabilities | SecurityWeek.Com

• Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (thehackernews.com)

• Mystery iPhone update patches against iOS 16 mail crash-attack – Naked Security (sophos.com)

Internet of Things – IoT

• Smart buildings may be your cyber security downfall - Help Net Security

Data Breaches/Leaks

• Client data exfiltrated in Advanced NHS cyber attack (digitalhealth.net)

• Mormon Church data stolen in 'state-sponsored' cyber attack • The Register

• Singtel's Australian IT Firm Dialog Suffers Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• 2K Customer Data Stolen, Sold Online After Support Desk Scam (kotaku.com)

• Toyota discloses data leak after access key exposed on GitHub (bleepingcomputer.com)

• Fast Company says Executive Board member info was not stolen in attack (bleepingcomputer.com)

• State Bar of Georgia Confirms Data Breach Following Ransomware Attack | SecurityWeek.Com

• Singtel's second unit faces cyber attack weeks after Optus data breach | Reuters

• Zoetop pays $1.9m to settle customer data theft case • The Register

• CommonSpirit Health IT still suffering after cyber attack • The Register

• Over 80,000 DJI drone IDs exposed in data leak: Report (dronedj.com)

• High-Value Targets: String of Aussie Telco Breaches Continues (darkreading.com)

• Data of 380K patients compromised in hack of 13 anesthesia practices | SC Media (scmagazine.com)

• Australian police secret agents exposed in Colombian data leak (bleepingcomputer.com)

• 64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan? (thehackernews.com)

• Toyota Reveals Data Leak of 300,000 Customers - Infosecurity Magazine (infosecurity-magazine.com)

• Intel Processor UEFI Source Code Leaked (darkreading.com)

Organised Crime & Criminal Actors

• INTERPOL arrests ‘Black Axe’ cyber crime syndicate members (bleepingcomputer.com)

• Caffeine Phishing-as-a-Service toolkit available in the underground - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea's Crypto Hackers Are Paving the Road to Nuclear Armageddon - CNET

• Fake Solana Phantom security updates push crypto-stealing malware (bleepingcomputer.com)

• 'Baby Al Capone' to pay $22m to SIM-swap crypto-heist victim • The Register

Fraud, Scams & Financial Crime

• A New Wave of PayPal Invoice Scams Using Crypto Disguise - Infosecurity Magazine (infosecurity-magazine.com)

• Alternative payment methods are creating new fraud risks - Help Net Security

• Prison inmate charged with $11m fraud via cell phone • The Register

• Mastercard moves to protect ‘risky and frisky’ transactions • The Register

Deepfakes

• DeepFakes Are The Cyber criminal Economy’s Latest Business Line - Security Affairs

AML/CFT/Sanctions

• GCHQ boss: China could use Digital Yuan to swerve sanctions • The Register

Insurance

• Australian insurer takes systems offline over possible hacking | Cybersecurity News | Al Jazeera

Dark Web

• Darkweb market BidenCash gives away 1.2 million credit cards for free (bleepingcomputer.com)

Software Supply Chain

• Novel npm Timing Attack Allows Corporate Targeting (darkreading.com)

Denial of Service DoS/DDoS

• The Nation State Threat — Philip Ingram Discusses DDoS and the Possibilities of Cyber War - IT Security Guru

• US airports' sites taken down in DDoS attacks by pro-Russian hackers (bleepingcomputer.com)

• Russian DDoS attack project pays contributors for more firepower (bleepingcomputer.com)

Cloud/SaaS

• Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics? (darkreading.com)

Encryption

• Microsoft Office 365 uses insecure block ciphers • The Register

• Microsoft Office 365 email encryption could expose message content (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• AI and Residual Finger Heat Could Be a Password Cracker's Latest Tools (darkreading.com)

Social Media

• Young people using TikTok is no problem, GCHQ chief says | TikTok | The Guardian

Training, Education and Awareness

• Phishing Simulations Do Not Give Users Enough Context As To Why They Are (informationsecuritybuzz.com)

• How to improve employees' cyber security behaviour - Help Net Security

Parental Controls and Child Safety

• Client-side scanning to detect child abuse material harmful • The Register

Cyber Bullying and Cyber Stalking

• Student jailed for hacking female classmates’ email, Snapchat accounts (bleepingcomputer.com)

Regulations, Fines and Legislation

• India set to extend deadline for verbose infosec reporting • The Register

Backup and Recovery

• Microsoft Teams: A channel for sensitive business information sharing that needs better backup - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Vladimir Putin’s hybrid war has begun and the West must be ready | Evening Standard

• The Nation State Threat — Philip Ingram Discusses DDoS and the Possibilities of Cyber War - IT Security Guru

• Internet outages hit Ukraine following Russian missile strikes (bitdefender.com)

• Seven 'Creepy' Backdoors Used by Lebanese Cyberspy Group in Israel Attacks | SecurityWeek.Com

• Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers (thehackernews.com)

• We must tackle Europe’s winter cyber threats head-on – POLITICO

• Starlink helped restore energy, communications infrastructure in parts of Ukraine - official | Reuters

• Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky (thehackernews.com)

• Ukraine Enhances Cooperation With EU Cybersecurity Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Zero-Click’ Spyware Emerges as a Menacing Mobile Threat - Bloomberg

• SpaceX’s Starlink terminals in Ukraine back online after outages | Financial Times

Nation State Actors

Nation State Actors – Russia

• German Cyber security Chief Accused of Russian Contact Faces Sacking - IT Security Guru

• Russian DDoS attack project pays contributors for more firepower (bleepingcomputer.com)

• Extreme Networks admits sales to banned Russian arms maker • The Register

Nation State Actors – China

• UK Spy Chief to Warn of 'Huge' China Tech Threat | SecurityWeek.Com

• China’s attack motivations, tactics, and how CISOs can mitigate threats | CSO Online

• China will manipulate new tech for global influence, warns GCHQ boss | Metro News

• UK telcos legally required to remove Huawei equipment • The Register

• Chinese-linked hackers targeted U.S. state legislature, researchers say - CyberScoop

• New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems (thehackernews.com)

• Feature-Rich 'Alchimist' Cyber attack Framework Targets Windows, Mac, Linux Environments (darkreading.com)

• China's cyber assault on Taiwan - 60 Minutes - CBS News

• UK to designate China a ‘threat’ in hawkish foreign policy shift | Foreign policy | The Guardian

• WIP19, a new Chinese APT targets IT Service Providers and Telcos - Security Affairs

• China-linked Budworm APT returns to target a US entity - Security Affairs

• We must tackle China’s satellite-busting technology, says GCHQ chief | News | The Times

• GCHQ boss: China could use Digital Yuan to swerve sanctions • The Register

• Young people using TikTok is no problem, GCHQ chief says | TikTok | The Guardian

Nation State Actors – North Korea

• North Korea's Crypto Hackers Are Paving the Road to Nuclear Armageddon - CNET

Nation State Actors – Misc

• Mormon Church data stolen in 'state-sponsored' cyber attack • The Register

Vulnerability Management

• Apple's Constant Battles Against Zero-Day Exploits (darkreading.com)

Vulnerabilities

• Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows (darkreading.com)

• Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws (bleepingcomputer.com)

• Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched (darkreading.com)

• Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684) - Help Net Security

• Chrome 106 Update Patches Several High-Severity Vulnerabilities | SecurityWeek.Com

• Researchers Detail Windows Zero-Day Vulnerability Patched Last Month (thehackernews.com)

• SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products | SecurityWeek.Com

• Almost 900 servers hacked using Zimbra zero-day flaw (bleepingcomputer.com)

• Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce | SecurityWeek.Com

• Aruba fixes critical RCE and auth bypass flaws in EdgeConnect (bleepingcomputer.com)

• WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites (searchenginejournal.com)

• Critical Open Source vm2 Sandbox Escape Bug Affects Millions (darkreading.com)

• VMware vCenter Server bug disclosed last year still not patched (bleepingcomputer.com)

Other News

• Board members should make CISOs their strategic partners - Help Net Security

• 5 Attack Elements Every Organisations Should Be Monitoring (darkreading.com)

• Ukraine’s Starlink problems show the dangers of digital dependency | Financial Times (ft.com)

• Here's 5 of the world's riskiest connected devices - Help Net Security

• 2FA is over. Long live 3FA! - Help Net Security

• White House to unveil ambitious cyber security labeling effort modeled after Energy Star - CyberScoop

• Older, Stored Data Is Cyber Security Risk, Report Warns - MSSP Alert

• What the Uber Breach Verdict Means for CISOs in the US (darkreading.com)

• Increasing network visibility is critical to improving security posture - Help Net Security

• What the Uber Hack can teach us about navigating IT Security (bleepingcomputer.com)

• Consumers want more transparency on how companies manage their data - Help Net Security

• Gaming Is Booming. That’s Catnip for Cyber criminals. - The New York Times (nytimes.com)

• 91% of Cyber Pros Experience Mental Health Challenges at Work - Infosecurity Magazine (infosecurity-magazine.com)

• Fear of cyber criminals drives cyber security improvements - Help Net Security

• The next Ford Mustang won’t be easy to tune; blame cyber security | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.