Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually

A recent report by Akamai Technologies has found that organisations experienced an average of 86 ransomware-linked events in the past 12 months (successful or not), double the number of annual attacks from 2 years ago.

The most common issues impacting organisations after a ransomware attack were network downtime (44%), data loss (42%) and brand/reputation damage (39%).

Ransomware attackers have increasingly employed tactics like double and triple extortion. These methods combine encryption, data exfiltration, and distributed denial of service (DDoS) attacks to extort money. While these strategies are not new, their prevalence has significantly increased in recent times.

With 81% of companies experiencing ransomware attacks in the previous 12 months this is increasingly something that company Boards are concerned about, not only the organisation’s ability to stop a ransomware attack in the first place, but also the organisation’s ability to recover when an attack happens.

Sources: [TechTarget] [PRNewsWire] [Security Magazine] [InsuranceJournal] [Financial Times]

Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable

A recent report found that of nearly 6,000 small and medium-sized business (SMB) IT professionals surveyed across Europe, a third of those based in the UK have no cyber security in place to protect assets such as their own printers, with 16% suffering a printer breach alone in the past. Despite this, less than a quarter educated their employees about printer (23%) IT security. With hybrid working seen as a security concern for 38% of SMEs, and potentially leading to more remote use of these devices, surprisingly just 4 in 10 (41%) cover hybrid working as part of their current security training.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [TechRadar] [The Recycler]

Cyber Attacks Top Global Risk – 2023 Aon Survey

Aon’s Global Risk Management Survey identified cyber attacks and data breaches as the leading business risk worldwide, followed by business interruption. Aon warned that deficits in talent or specialised skills may exacerbate cyber risks in particular.

Supply chain disruptions were ranked as another area of concern, with risks associated with supply chain failure hitting a 14-year high in the survey. However, less than 40% of organisations have conducted supplier resilience assessments. which contributes to cyber risk when organisations hand data to suppliers without considering whether their suppliers keep that data safe.

Source: [Investing]

To Improve Cyber Defences, Practice for Disaster

If you aren’t already running incident simulations in your organisation, it’s time to start. Such simulations allow employees to understand their roles and responsibilities, as well as providing a great opportunity to educate. Cyber attacks are a matter of when, not if, and no-one wants to be improvising their security response in the event of a real cyber incident.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Meet Your New Cyber Security Auditor: Your Insurer

In the dynamic world of cyber security, cyber insurers are emerging as key players, reshaping the landscape with ever more stringent requirements. With ransomware attacks becoming more complex, cyber insurance premiums have surged by 50%, challenging Chief Information Security Officers (CISOs) to demonstrate their organisation's cyber defence capabilities. Insurers, using detailed risk assessments, are influencing cyber security strategies, compelling organisations to adapt and meet higher standards.

CISOs are now tasked with ensuring their security measures are comprehensive and transparent, as insurers scrutinise everything from multifactor authentication to Active Directory policies. Accurate self-assessment is critical, as any misrepresentation can lead to denied coverage or legal repercussions. In this competitive market, organisations must showcase their cyber maturity, particularly in high-risk industries, to secure coverage. The evolving cyber insurance landscape demands a clear understanding of risk factors and continuous improvement in cyber defence strategies, ultimately aiming to enhance overall protection against cyber threats.

Source: [Dark Reading]

Allen and Overy Suffer Ransomware Attack

Allen & Overy, the “magic circle” law firm, has suffered a cyber attack on its systems, making it the latest large corporation to fall victim to a ransomware hack. A&O confirmed the incident after the infamous ransomware gang LockBit posted on social media platform X, formerly Twitter, claiming to have breached the legal giant and threatening to publish data from the firm’s files on 28 November.

Earlier this year, the UK National Cyber Security Centre reported that law firms of all sizes were at risk from cyber attackers because of the sensitive client information they routinely handle. The importance of reputation to the business also made law firms attractive targets for extortion.

Sources: [Financial Times] [Law Gazette]

Shadow IT Remains a Top Threat, as Shown by Attack on Okta

Shadow IT refers to IT resources used by employees or end users that don’t have IT approval or oversight. This was the case in the recent Okta attack in which an Okta employee signed into their personal Google account on a company-owned device. It is believed that the employee’s personal Google account had been compromised, and unfortunately since the employee had configured it in a way to save credentials of Okta accounts, the attacker now also had these credentials. The result? 134 downstream customers impacted.  

Source: [Computer Weekly]

Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats

Ransomware attacks surged to record highs in 2023 and are expected to escalate further, especially with key 2024 elections approaching, ZeroFox Intelligence's 2024 Key Forecasts report indicates. This trend is driven by evolving cyber threats, including sophisticated social engineering and AI-generated synthetic media, aimed at spreading misinformation and targeting electoral processes.

ZeroFox also highlights a concerning shift towards physical damages from cyber attacks, with critical sectors like finance, energy, and healthcare being vulnerable due to outdated security infrastructures. These sectors are likely targets for nation-state and state-sponsored attacks amidst global geopolitical tensions. To counter these threats, the report suggests enhanced security measures, including encrypted cloud backups, vigilant network monitoring, and a zero-trust cyber security approach to safeguard against the evolving landscape of cyber threats.

Source: [TechRadar]

Cyber Governance: Growing Expectations for Information Security Oversight and Accountability

In today's interconnected digital economy, cyber security is a critical governance issue for businesses, necessitating effective oversight and strategic planning. The SEC's new rules, effective July 2023, require public companies to transparently disclose their cyber security strategies and report significant incidents, highlighting the increasing importance of cyber security in corporate governance. This regulatory development aims to improve transparency and accountability in managing cyber risks.

Corporations are responding by emphasising detailed cyber security disclosures, employee training programmes, and board-level expertise in information security. As the landscape of cyber threats evolves, timely and comprehensive reporting of breaches becomes more crucial, aligning with both regulatory requirements and stakeholder expectations for robust cyber security governance.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Harvard]

Generative AI Will Level Up Cyber Attacks, According to New Google Report

Google's Cloud Cyber Security Forecast 2024 report reveals a growing trend of using generative AI in cyber attacks. The technology, particularly large language models (LLMs), is enhancing phishing and social engineering tactics by producing content that appears more legitimate, making it difficult to spot errors typically associated with such attacks. This advancement allows attackers to mimic natural language effectively and create authentic-looking fake news, phone calls, and deepfake videos, potentially eroding public trust in online information.

On the flip side, the report highlights the potential of AI as a powerful tool for cyber defence. Cyber security professionals can leverage AI for rapid data synthesis, efficient threat detection, and swift response actions. As defenders direct AI development with specific security objectives, its capabilities are expected to significantly bolster cyber security measures in the near future.

Source: [ZDNET]

Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?

New research found that half of UK participants believed they are most at risk of a cyber attack when using public Wi-Fi, which is Wi-Fi that anyone, including an attacker, can connect to. However, in contrast to concerns, the report found that 41% will use unsecured Wi-Fi if given the opportunity. Further, 53% of participants would enter or access sensitive information whilst connected to an unsecured public Wi-Fi network; this includes bring your own devices (BYOD) that have access to corporate data.

Source: [TechRadar]

88% of Security Leaders Think Their Organisation Is Falling Short in Addressing Cyber Security

A recent study by Foundry reveals a trend towards AI-driven security measures and increased reliance on cyber insurance among organisations. Key priorities for security leaders include preparedness for incidents, data protection, and enhancing IT and cloud data security. Despite this, 88% of security leaders feel their organisations are inadequate in addressing cyber security risks, mainly due to budget limitations, talent scarcity, and challenges in stakeholder communication.

To improve the situation, more top security executives are having regular engagements with the board of directors (85% this year compared to 82% in 2022), aiding in better cyber security initiatives. Security budgets are expected to remain stable or increase, with investments focused on authentication, data analytics, and cloud security, complemented by cyber insurance. AI's role is expanding in threat detection, malware identification, and automated responses, showcasing its growing importance in evolving security landscapes.

Source: [Foundry]

Governance, Risk and Compliance

• Exec security habits are shockingly bad compared to average workers | ITPro

• Boardroom woes on ransomware intensify (ft.com)

• To Improve Cyber Defences, Practice for Disaster (darkreading.com)

• Cyber attacks top global risks, talent retention surges in Aon 2023 survey By Investing.com

• Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)

• 88% of Security Leaders think their Organisation is Falling Short Addressing Cyber security, but Regular Engagement with the Board is Improving the Situation • Foundry (foundryco.com)

• Use business technology? You’re on the cyber security frontline - Digital Journal

• Cyber Governance: Growing Expectations for Information Security Oversight and Accountability (harvard.edu)

• No, Okta, senior management, not an errant employee, caused you to get hacked | Ars Technica

• Securing data at the intersection of the CISO and CDO - Help Net Security

• UK warned cyber security teams buckling under complexity of threats (emergingrisks.co.uk)

• Enhancing security: The crucial role of incident response plans | Computer Weekly

• Most cyber security investments aren't used to their full advantage - Help Net Security

• Improving cyber resilience to prevent devastating cyber attacks | TechRadar

• Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point - SecurityWeek

• The roadblocks to preventive cyber security success - Help Net Security

• SolarWinds fires back at SEC over fraud charges | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Boardroom woes on ransomware intensify (ft.com)

• Organisations face an average of 86 ransomware attacks annually | Security Magazine

• Ransomware, Extortion Claims See ‘Worrying Resurgence,’ Says Allianz (insurancejournal.com)

• The 3 key stages of ransomware attacks and useful indicators of compromise - Help Net Security

• Ransomware, AI, and social engineering all set to be 2024's biggest security threats | TechRadar

• The ransomware warning sign we should all have on our radar | World Economic Forum (weforum.org)

• Ransomware Attacks Have Doubled Over the Past Two Years, According to Akamai Research (prnewswire.com)

• Critical Confluence flaw exploited in ransomware attacks (securityaffairs.com)

• FBI: Ransomware actors abuse third parties and legitimate system tools for initial access (securityaffairs.com)

• Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs (bleepingcomputer.com)

• Microsegmentation proves its worth in ransomware defence - Help Net Security

• GootBot Implant Heightens Risk of Post-Infection Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Mastermind Uncovered After Oversharing on Dark Web (darkreading.com)

• Ransomware gang behind MOVEit attacks are targeting new zero-day, Microsoft says (therecord.media)

• Ransomware Readiness Assessments: One Size Doesn't Fit All (darkreading.com)

• TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (bleepingcomputer.com)

• FBI: Ransomware gangs hack casinos via 3rd party gaming vendors (bleepingcomputer.com)

• Healthcare Struggles with Impact of Ransomware Attacks | MSSP Alert

• Iranian APT Targets Israeli Education, Tech Sectors With New Wipers - SecurityWeek

• Retail organisations attacked by ransomware increasingly unable to halt an attack in progress - Home of Direct Commerce

• Three-Quarters of Retail Ransomware Attacks End in Encryption - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• Allen & Overy data hit by hackers in ransomware attack (ft.com)

• ICBC hit by ransomware impacting global trades • The Register

• Mr. Cooper Posts Notice of Cyber attack, Indicating Possible Data Breach | Console and Associates, P.C. - JDSupra

• Cyber attack takes down one of the largest mortgage lenders in the US | TechRadar

• American Airlines Pilot Union Recovering After Ransomware Attack - SecurityWeek

• Marina Bay Sands Becomes Latest Hospitality Cyber Victim (darkreading.com)

• Scottish council's computer systems suffer cyber attack | The National

• Dolly.com pays ransom, attackers release data anyway (securityaffairs.com)

• Shimano hit by ransomware attack | Cyclingnews

• Info from 5.6 million patient visits among data stolen in ransomware attack on Ontario hospitals | CBC News

• Women sue plastic surgery after hack saw their naked photos posted online (bitdefender.com)

• TransForm says ransomware data breach affects 267,000 patients (bleepingcomputer.com)

Phishing & Email Based Attacks

• When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules (thehackernews.com)

Artificial Intelligence

• Ransomware, AI, and social engineering all set to be 2024's biggest security threats | TechRadar

• AI Professionalizes DDoS Attacks: This is Why Critical Infrastructures in NATO Countries are now at Risk – Financial News (financial-news.co.uk)

• Companies have good reasons to be concerned about generative AI - Help Net Security

• Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams (darkreading.com)

• Offensive and Defensive AI: Let's Chat(GPT) About It (thehackernews.com)

• Here's what to know about elections, cyber security and AI | World Economic Forum (weforum.org)

• Microsoft, Meta detail plans to fight election deception • The Register

• Watch out: Generative AI will level up cyber attacks, according to new Google report | ZDNET

• Data protection demands AI-specific security strategies - Help Net Security

• Exploring the global shift towards AI-specific legislation - Help Net Security

2FA/MFA

• Microsoft Authenticator is now blocking suspicious MFA phone notifications by default - Neowin

• Microsoft unhappy with MFA uptake, starts auto-deploying it • The Register

• Suspicious Microsoft Authenticator requests don't trigger notifications anymore - gHacks Tech News

• 23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch

Malware

• Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks (darkreading.com)

• GootBot Implant Heightens Risk of Post-Infection Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems (thehackernews.com)

• New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers (thehackernews.com)

• StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices (thehackernews.com)

• This new macOS malware could leave you severely short-changed | TechRadar

• Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure (securityaffairs.com)

• Even Google Calendar isn't safe from hackers any more | TechRadar

• Hacked proxy service has already infected 10,000 systems worldwide with malware | TechRadar

• Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant (darkreading.com)

• Beware of BlueNoroff: Mac users targeted with new malware variant - 9to5Mac

• How to Outsmart Malware Attacks That Can Fool Antivirus Protection (darkreading.com)

• Malicious Python packages spread BlazeStealer malware | SC Media (scmagazine.com)

• Hackers have found an insidious way to attack you with malware — don’t fall for this | Tom's Guide (tomsguide.com)

Mobile

• Google Play Store Introduces 'Independent Security Review' Badge for Apps (thehackernews.com)

• Apple 'Find My' network can be abused to steal keylogged passwords (bleepingcomputer.com)

• Samsung monthly updates: November 2023 security patch fixes 65 security flaws - SamMobile

• 37 Vulnerabilities Patched in Android With November 2023 Security Updates - SecurityWeek

• Android 14’s storage disaster gets patched, but your data might be gone | Ars Technica

• SIM Box Fraud to Drive 700% Surge in Roaming Scams - Infosecurity Magazine (infosecurity-magazine.com)

• New SecuriDropper Malware Bypasses Android 13 Restrictions, Disguised as Legitimate Applications (techrepublic.com)

Denial of Service/DoS/DDOS

• AI Professionalizes DDoS Attacks: This is Why Critical Infrastructures in NATO Countries are now at Risk – Financial News (financial-news.co.uk)

• OpenAI confirms DDoS attacks behind ongoing ChatGPT outages (bleepingcomputer.com)

• Suspected DDoS attack impacts AP news site | SC Media (scmagazine.com)

• Cloudflare website downed by DDoS attack claimed by Anonymous Sudan (bleepingcomputer.com)

• OpenAI Battles Service Disruption Linked to Russian Hackers - Decrypt

• DDoS attack leads to significant disruption in ChatGPT services (securityaffairs.com)

• Russian state-owned Sberbank hit by 1 million RPS DDoS attack (bleepingcomputer.com)

Internet of Things – IoT

• SIM Box Fraud to Drive 700% Surge in Roaming Scams - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• 2023 Microsoft Data Breach Statistics: A Comprehensive Overview (techreport.com)

• No, Okta, senior management, not an errant employee, caused you to get hacked | Ars Technica

• Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop - SecurityWeek

• Shadow IT use at Okta behind series of damaging breaches | Computer Weekly

• Okta breach affected 134 customers, company admits • The Register

• Another top casino has been hit with a massive data breach | TechRadar

• Marina Bay Sands Discloses Data Breach Impacting 665k Customers - SecurityWeek

• Hilb fears email crooks stole 81K people's financial data • The Register

• 23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch

Organised Crime & Criminal Actors

• Dutch hacker jailed for extortion, selling stolen data on RaidForums (bleepingcomputer.com)

• How cyber criminals adapt and thrive amidst changing consumer trends - Help Net Security

• Ransomware Mastermind Uncovered After Oversharing on Dark Web (darkreading.com)

• Operation Monopoly: Dubai Police bust cyberfraud, arrest 43 | Crime – Gulf News

• Unraveling cyber crime network's underground operations (crime-research.org)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• The 10 Biggest Crypto Hacks and Scams of 2023 (makeuseof.com)

• Monero Project admits thieves stole $437k in mystery breach • The Register

Insurance

• Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)

• Many SMEs are being left with a gap in coverage for cyber insurance: Cowbell's Cooksley  - Reinsurance News

• Hiscox cyber threat ranking reveals UK's most vulnerable industries (reward-strategy.com)

Supply Chain and Third Parties

• FBI: Ransomware gangs hack casinos via 3rd party gaming vendors (bleepingcomputer.com)

Cloud/SaaS

• The perils of over-reliance on single cloud providers - Help Net Security

• Secure Cloud Infrastructure from New Cyber Threats (trendmicro.com)

• Hackers exploit Looney Tunables Linux bug, steal cloud creds (bleepingcomputer.com)

• What We Can Learn from Major Cloud Cyber attacks (darkreading.com)

Encryption

• UK NCSC issues new guidance on post-quantum cryptography migration | CSO Online

• Outdated cryptographic protocols put vast amounts of network traffic at risk - Help Net Security

• Tech groups fear new powers will allow UK to block encryption (ft.com)

Linux and Open Source

• Hackers exploit Looney Tunables Linux bug, steal cloud creds (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How global password practices are changing - Help Net Security

• Apple 'Find My' network can be abused to steal keylogged passwords (bleepingcomputer.com)

• LEGO urges fans to change passwords after cyber attack - Dexerto

• Global breached accounts down 76% in Q3, study finds (techinformed.com)

Malvertising

• New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers (thehackernews.com)

Training, Education and Awareness

• When Good Security Awareness Programs Go Wrong (darkreading.com)

• Hacking Security Awareness Training: How to Easily Improve Your Security Culture (govinfosecurity.com)

Regulations, Fines and Legislation

• EU Tries To Slip In New Powers To Intercept Encrypted Web Traffic Without Anyone Noticing | Techdirt

• Telecom vendors sound alarm over EU Cyber Resilience Act - Telecoms.com

• What is NIS2, and how can you best prepare for the new cyber security requirements in the EU? (talosintelligence.com)

• Europe is trading security for digital sovereignty | CyberScoop

• Steps to Follow to Comply With the SEC Cyber security Disclosure Rule (darkreading.com)

• Vendors caution on risks of EU cyber security law - Mobile World Live

• Tech groups fear new powers will allow UK to block encryption (ft.com)

• King’s Speech 'missed opportunity' to update cyber laws | Professional Security

• Vulnerabilities in Embedded Systems and The Evolving Cyber security Regulations Landscape (thefastmode.com)

• UK wants prior notice from Big Tech of security rollouts • The Register

• Exploring the global shift towards AI-specific legislation - Help Net Security

• SolarWinds fires back at SEC over fraud charges | TechTarget

• SolarWinds: SEC lacks 'competence' to regulate cyber security • The Register

• Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices

Models, Frameworks and Standards

• MITRE partners with Microsoft to address generative AI security risks - Help Net Security

• The plan for the inevitable cyber attack: Get the gist of NIST | Computer Weekly

• NIST releases revised cyber requirements for controlled unclassified information - Nextgov/FCW

• What is NIS2, and how can you best prepare for the new cyber security requirements in the EU? (talosintelligence.com)

Data Protection

• Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices

Careers, Working in Cyber and Information Security

• UK warned cyber security teams buckling under complexity of threats (emergingrisks.co.uk)

• Cyber security pros are putting everyone at risk by working too much | TechRadar

• 90 Percent of Cyber security Professionals Work on Vacation and Deal with Frequent Interruptions to Daily Life | Business Wire

• A third of cyber security pros report crumbling work-life balance | ITPro

• CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us (darkreading.com)

Law Enforcement Action and Take Downs

• Dutch hacker jailed for extortion, selling stolen data on RaidForums (bleepingcomputer.com)

• Operation Monopoly: Dubai Police bust cyberfraud, arrest 43 | Crime – Gulf News

Misinformation, Disinformation and Propaganda

• Here's what to know about elections, cyber security and AI | World Economic Forum (weforum.org)

• Microsoft, Meta detail plans to fight election deception • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war | SC Media (scmagazine.com)

• Wartime muddies waters for 'hacktivist' threat (synack.com)

• Israeli SMBs Warned to Cut External Comms to Reduce Risks (inforisktoday.com)

• As war continues, Israeli government wants more cyber control | Ctech (calcalistech.com)

• The new ‘Geneva code’ for hackers on the cyber battlefield | The Strategist (aspistrategist.org.au)

Nation State Actors

Russia

• Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• Sandworm Cyber attackers Down Ukrainian Power Grid During Missile Strikes (darkreading.com)

• Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs (bleepingcomputer.com)

• Ransomware gang behind MOVEit attacks are targeting new zero-day, Microsoft says (therecord.media)

• OpenAI Battles Service Disruption Linked to Russian Hackers - Decrypt

• US Treasury Sanctions Russian Money Launderer in Cyber crime Crackdown (thehackernews.com)

• Russian state-owned Sberbank hit by 1 million RPS DDoS attack (bleepingcomputer.com)

Iran

• Inside Iran's cyber war against Israel as it tries to sow dissent and gain military intelligence (inews.co.uk)

• Israel’s cyber defence chief tells CNN he is concerned Iran could increase severity of its cyber attacks | CNN Politics

• Wartime muddies waters for 'hacktivist' threat (synack.com)

• Iranian APT Targets Israeli Education, Tech Sectors With New Wipers - SecurityWeek

• Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort (darkreading.com)

North Korea

• Beware of BlueNoroff: Mac users targeted with new malware variant - 9to5Mac

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Wartime muddies waters for 'hacktivist' threat (synack.com)

• Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war | SC Media (scmagazine.com)

• Israeli SMBs Warned to Cut External Comms to Reduce Risks (inforisktoday.com)

• Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war | SC Media (scmagazine.com)

• As war continues, Israeli government wants more cyber control | Ctech (calcalistech.com)

• Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It (darkreading.com)

Vulnerability Management

• CVSS 4.0 Offers Significantly More Patching Context (darkreading.com)

Vulnerabilities

• New Microsoft Exchange zero-days allow RCE, data theft attacks (bleepingcomputer.com)

• Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable (darkreading.com)

• Critical Confluence flaw exploited in ransomware attacks (securityaffairs.com)

• Cloudflare, Google and AWS Disclose HTTP/2 Zero-Day Vulnerability (infoq.com)

• Microsoft 365 apps have a lot of new security vulnerabilities - here's what we know | TechRadar

• Critical Vulnerabilities Expose Veeam ONE Software to Code Execution - SecurityWeek

• Microsoft is killing off three Windows services because of security concerns (betanews.com)

• 37 Vulnerabilities Patched in Android With November 2023 Security Updates - SecurityWeek

• TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (bleepingcomputer.com)

• Android 14’s storage disaster gets patched, but your data might be gone | Ars Technica

Tools and Controls

• To Improve Cyber Defences, Practice for Disaster (darkreading.com)

• Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)

• Start with Passwords When Incorporating the 5 Pillars of Zero Trust | EdTech Magazine

• How global password practices are changing - Help Net Security

• Is Cyber security A Line Or A Circle? The Shape Of Incident Response (forbes.com)

• The roadblocks to preventive cyber security success - Help Net Security

• Microsegmentation proves its worth in ransomware defence - Help Net Security

• Microsoft Authenticator is now blocking suspicious MFA phone notifications by default - Neowin

• Microsoft unhappy with MFA uptake, starts auto-deploying it • The Register

• Suspicious Microsoft Authenticator requests don't trigger notifications anymore - gHacks Tech News

• 23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch

• Offensive and Defensive AI: Let's Chat(GPT) About It (thehackernews.com)

• Enhancing security: The crucial role of incident response plans | Computer Weekly

• Most cyber security investments aren't used to their full advantage - Help Net Security

• Improving cyber resilience to prevent devastating cyber attacks | TechRadar

• Data protection demands AI-specific security strategies - Help Net Security

• Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point - SecurityWeek

• 7 free cyber threat maps showing attack intensity and frequency - Help Net Security

• What is threat detection and response (TDR)? (techtarget.com)

Reports Published in the Last Week

• Hiscox cyber threat ranking reveals UK's most vulnerable industries (reward-strategy.com)

Other News

• Is OT the ‘soft underbelly’ of your company? - Utility Week

• US calls for unity against cyber-threats to finance (globalcapital.com)

• US Urges Critical Infrastructure Firms to Get “Shields Ready” - Infosecurity Magazine (infosecurity-magazine.com)

• Royal Mail jeopardizes users with open redirect flaw (securityaffairs.com)

• Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices

• Cyber attacks 'constantly happening' - warning from intelligence expert (securitybrief.co.nz)

• Startling Cyber security Statistics for 2023 You Need to Know (techreport.com)S

• Study: Companies aren't keeping up with cybersecurity needs (iapp.org)

• How to avoid cyber security nightmares (networkingplus.co.uk)

• The Million-Dollar Cyber Security Question (forbes.com)

• Forecasting the future without falling for the hype | TechRadar

• Elevate Your School’s Security Posture as 2024 Approaches | EdTech Magazine

• Optus loses court bid to keep report into cause of cyber-attack secret (yahoo.com)

• The Dirty 'Big' Secret Of Cybersecurity (forbes.com)

• What are Kerberoasting attacks? | ITPro

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Veeam has released patches to fix four vulnerabilities including two critical rated vulnerabilities. If exploited the critical vulnerabilities could allow an unauthenticated attacker to steal NTLM hashes to accounts and perform remote code execution on their server hosting the product database.

What’s the risk to me or my business?

There is a risk that organisations with vulnerable products are leaving themselves at risk of allowing an attacker to perform remote code execution and stealing NTLM Hashes. This allows an attacker to log in as the stolen users credentials and perform remote code execution impacting the confidentiality, integrity and availability of data.

The following products affected:

·       Veeam ONE 11 – this is fixed in version (11.0.0.1379)

·       Veeam ONE 11a – this is fixed in version (11.0.1.1880)

·       Veeam ONE 12 – this is fixed in version (12.0.1.2591)

What can I do?

Black Arrow recommends applying the patches for the vulnerabilities immediately due to the severity of the vulnerability; there is no workaround available. Further information can be found in the Veeam security update below.

Technical Summary

CVE-2023-38547 – If exploited this allows an unauthenticated attacker to gain information from the SQL server to access its configuration database. This can lead to an attacker to perform remote code execution.

CVE-2023-38548 – If exploited this allows an unprivileged user who has access to the Veeam One Web client to acquire NTLM hash of the account user, allowing them to obtain the users password.

Further information can be found here: https://www.veeam.com/kb4508  

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity