Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 74% of Breaches Involve Human Element- Make Employees Your Best Asset

Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.

With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.

https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/

https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/

• Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.

Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.

https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/

https://www.ibtimes.co.uk/british-cybersecurity-agency-urges-vigilance-major-companies-fall-victim-software-hack-1716493

• CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.

In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.

https://www.csoonline.com/article/3698708/cisos-it-lack-confidence-in-executives-cyber-defense-knowledge.html

https://www.computerweekly.com/news/366539293/Cyber-spotlight-falls-on-boardroom-privilege-as-incidents-soar

• Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.

https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says

• BEC Volumes and Ransomware Costs Double in a Year

The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.

Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.

https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/

• Hackers are Targeting C-Suite Executives Through Their Personal Email

As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.

https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity

• Proactive Detection is Crucial as Organisations Lack Effective Threat Research

In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.

https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/

• Number of Vulnerabilities Exploited Rose by 55%

A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.

Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.

https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/

https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/

• Ransomware Behind Most Cyber Attacks, with Record-breaking May

2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.

https://www.msspalert.com/cybersecurity-research/ransomware-hit-new-attack-highs-in-may-2023-blackfog-report-says/

https://www.scmagazine.com/analysis/ransomware/ransomware-attacks-have-room-to-grow-verizon-data-breach-report-shows

• 4 Areas of Cyber Risk That Boards Need to Address

As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.

To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.

https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address

• North Korea Makes 50% of Income from Cyber Attacks

The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.

North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.

They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.

https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/

• Going Beyond “Next Generation” Network Security

Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.

https://blogs.cisco.com/security/going-beyond-next-generation-network-security-cisco-platform-approach

• Worldwide 2022 Email Phishing Statistics and Examples

Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.

https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html

Governance, Risk and Compliance

• Insurers Predict $33bn Bill for Catastrophic "Cyber Event" - Infosecurity Magazine (infosecurity-magazine.com)

• Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element - Help Net Security

• 4 Areas of Cyber Risk That Boards Need to Address (hbr.org)

• CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online

• Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly

• CISOs focus more on business strategy than threat research - Help Net Security

• With SEC Rule Changes on the Horizon, Research Reveals Only 14% of CISOs Have Traits Desired for Cyber Expert Board Positions (darkreading.com)

• Only one in 10 CISOs today are board-ready, study says | CSO Online

• Employee cyber security awareness takes centre stage in defence strategies - Help Net Security

• The Importance of Managing Your Data Security Posture (thehackernews.com)

• How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)

• Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• VeeamON 2023: When Your Nightmare Comes True - The New Stack

• Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)

• UK Organisations lack clear path to achieve threat intelligence - IT Security Guru

• CIOs prioritize new technologies over tech stack optimization - Help Net Security

• Top factors driving enterprise demand for new cyber security technology - Help Net Security

• Why a proactive detection and incident response plan is crucial for your organisation | Microsoft Security Blog

• Factors influencing IT security spending - Help Net Security

• How to Boost Cyber Security Through Better Communication (securityintelligence.com)

• Generative AI's influence on data governance and compliance - Help Net Security

• Essential Cyber security Compliance Standards (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

• Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert

• Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert

• Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg

• Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)

• Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online

• New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)

• Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs

• 0mega ransomware gang changes tactics - Help Net Security

• Firms warned not to give in to blackmail threats after Russia-linked payroll data hack | Evening Standard

• Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)

• Cyber Extortionists Seek Out Fresh Victims in LatAm and Asia - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• Ransomware takes down multiple municipalities in May | TechTarget

• Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek

• Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)

• Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)

• Pharmaceutical Giant Eisai Hit By Ransomware Incident - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)

• Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert

Phishing & Email Based Attacks

• Fixing email security: It's still a rocky road ahead - SiliconANGLE

• Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)

• New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)

• New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)

• Chinese Phishing Gang "PostalFurious" Expands Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)

• Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)

BEC – Business Email Compromise

• BEC Volumes and Ransomware Costs Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

Artificial Intelligence

• AI poses national security threat, warns terror watchdog | Artificial intelligence (AI) | The Guardian

• ChatGPT creates mutating malware that evades detection by EDR | CSO Online

• The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)

• Consumers overestimate their deepfake detection skills - Help Net Security

• Department of Defence AI principles have a place in the CISO’s playbook | CSO Online

• Generative AI's influence on data governance and compliance - Help Net Security

• Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online

• AI drone 'kills' human operator during 'simulation' - which US Air Force says didn't take place | Science & Tech News | Sky News

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters

• New ChatGPT Attack Technique Spreads Malicious Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)

• Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)

2FA/MFA

• PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say (darkreading.com)

• How fraudsters undermine text passcodes - Help Net Security

Malware

• High-profile malware and targeted attacks in Q1 2023 | Securelist

• ChatGPT creates mutating malware that evades detection by EDR | CSO Online

• Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)

• Qakbot: The trojan that just won't go away - Help Net Security

• Qbot malware adapts to live another day … and another … • The Register

• Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)

• New ChatGPT Attack Technique Spreads Malicious Packages - Infosecurity Magazine (infosecurity-magazine.com)

• New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)

• Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)

• Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)

• Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)

• Google puts $1M behind its mining-malware detection promise • The Register

Mobile

• Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)

• Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)

• New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)

• New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews

• Apple announces next-level privacy and security innovations - Help Net Security

• How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)

Botnets

• New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)

• Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)

Denial of Service/DoS/DDOS

• Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)

• The evolution of DDoS attacks in 2023 - Help Net Security

• Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)

Internet of Things – IoT             

• Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian

• Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)

• Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)

• High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security

• New York City sues Hyundai, Kia claiming cars easy to steal • The Register

Data Breaches/Leaks

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App (thehackernews.com)

• Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch

• Massive free VPN data breach exposes 360M records | Fox News

• 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)

• Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online

• Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)

• Every Netherlands resident affected by data leak: watchdog | NL Times

• German recruiter Pflegia leaks sensitive job seeker info- Security Affairs

• What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian

Organised Crime & Criminal Actors

• RaidForums: The child hacker facing extradition to the US | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week

• Google puts $1M behind its mining-malware detection promise • The Register

Insider Risk and Insider Threats

• Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element - Help Net Security

• How to Boost Cyber Security Through Better Communication (securityintelligence.com)

Fraud, Scams & Financial Crime

• Scammers publish ads for hacking services on government websites | TechCrunch

• Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)

• A new wave of sophisticated digital fraud hits Europe - Help Net Security

• ID fraud a possibility forever, claims data breach lawsuit • The Register

• How fraudsters undermine text passcodes - Help Net Security

• Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)

• Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)

• Virtual claims raise alarms among insurance carriers and customers - Help Net Security

• UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian

• Interpol: Human Trafficking is Fueling Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• 'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)

• Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)

Deepfakes

• Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)

• Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register

• Consumers overestimate their deepfake detection skills - Help Net Security

• Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)

Insurance

• Insurers Predict $33bn Bill for Catastrophic "Cyber Event" - Infosecurity Magazine (infosecurity-magazine.com)

• Virtual claims raise alarms among insurance carriers and customers - Help Net Security

Dark Web

• New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews

• Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)

• What is the dark web and how do you access it? (androidpolice.com)

Supply Chain and Third Parties

• Firms warned not to give in to blackmail threats after Russia-linked payroll data hack | Evening Standard

• Capita data breach ‘may affect millions’ (thetimes.co.uk)

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App (thehackernews.com)

• Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online

• Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)

• Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg

• data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)

Software Supply Chain

• SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek

• 10 security tool categories needed to shore up software supply chain security | CSO Online

Cloud/SaaS

• Cloud Security Tops Concerns for Cyber Security Leaders: EC-Council's Certified CISO Hall of Fame Report 2023 (thehackernews.com)

• The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)

• Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• Current SaaS security strategies don't go far enough - Help Net Security

Hybrid/Remote Working

• Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)

• Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru

• Surveilling your employees? You could be putting your company at risk of attack - Help Net Security

Shadow IT

• Shadow IT is increasing and so are the associated security risks | CSO Online

Encryption

• UK Government Official Offers Up Nonsensical Defence Of Criminalizing End-To-End Encryption | Techdirt

API

• Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)

• OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

• Watch brute force hacking attempts fail in realtime | Boing Boing

Social Media

• UK mental health charities handed sensitive data to Facebook for targeted ads | Mental health | The Guardian

• Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)

• Hate speech is driving advertisers away from Twitter • Graham Cluley

• US government's TikTok ban extended to include contractors • The Register

Training, Education and Awareness

• Employee cyber security awareness takes center stage in defense strategies - Help Net Security

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)

• How to Boost Cyber security Through Better Communication (securityintelligence.com)

• Embracing realistic simulations in cyber security training programs - Help Net Security

Data Protection

• SEC drops 42 cases after staff bungle data protection • The Register

• Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters

• Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)

• Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)

Careers, Working in Cyber and Information Security

• Governments Need a Cyber Blueprint to Hire, Retain Cyber security Talent, Report Says - MSSP Alert

Privacy, Surveillance and Mass Monitoring

• UK mental health charities handed sensitive data to Facebook for targeted ads | Mental health | The Guardian

• Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• British Army organises major Western European cyber warfare exercise (ibtimes.co.uk)

• Still standing after 260m attacks: inside Ukraine’s cyber warfare squad (thetimes.co.uk)

• Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED

Nation State Actors

• North Korea Makes 50% of Income from Cyber-Attacks: Report - Infosecurity Magazine (infosecurity-magazine.com)

• A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant

• Chinese Phishing Gang "PostalFurious" Expands Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean APT group targets email credentials in social engineering campaign | CSO Online

• UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)

• Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)

• US government's TikTok ban extended to include contractors • The Register

• Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)

• Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs

• Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register

• China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian

• Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)

• Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)

• Hostile states face contract ban amid security concerns (thetimes.co.uk)

• North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek

• Espionage Attacks in North Africa Linked to "Stealth Soldier" Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Exploitation of Vulnerabilities Soared By 55% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• New vulnerabilities increase by 25 percent (betanews.com)

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• Public sector apps show higher rates of security flaws - Help Net Security

Vulnerabilities

• CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog- Security Affairs

• Zyxel vulnerability under 'widespread exploitation' | TechTarget

• Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)

• Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation (thehackernews.com)

• Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)

• High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek

• Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

• Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)

• Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)

• Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)

• Three Vulnerabilities Discovered in Game Dev Tool RenderDoc - Infosecurity Magazine (infosecurity-magazine.com)

• Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug – Naked Security (sophos.com)

• High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security

• Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)

Tools and Controls

• CISOs focus more on business strategy than threat research - Help Net Security

• CIOs prioritize new technologies over tech stack optimization - Help Net Security

• Going Beyond “Next Generation” Network Security - Cisco Blogs

• Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)

• UK Organisations lack clear path to achieve threat intelligence - IT Security Guru

• Why a proactive detection and incident response plan is crucial for your organisation | Microsoft Security Blog

• Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• Factors influencing IT security spending - Help Net Security

• Top factors driving enterprise demand for new cyber security technology - Help Net Security

• How to Boost Cyber security Through Better Communication (securityintelligence.com)

• MoD adopts ‘secure by design’ for cyber security | UKAuthority

• Everyone is selling VPNs, and that's a problem for security | Engadget

• ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)

• Network Security Checklist - 2023 (cybersecuritynews.com)

• Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)

• Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• How to make developers love security - Help Net Security

• Embracing realistic simulations in cyber security training programs - Help Net Security

• The Key to Zero Trust Identity Is Automation (darkreading.com)

• What generative AI's rise means for the cyber security industry | TechTarget

• Cisco spotlights generative AI in security, collaboration | Network World

• 10 security tool categories needed to shore up software supply chain security | CSO Online

• How to Improve Your API Security Posture (thehackernews.com)

• Consolidate Vendors and Products for Better Security - SecurityWeek

Reports Published in the Last Week

• Verizon 2023 DBIR: Ransomware remains steady but complicated | TechTarget

• The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)

• Threat Intelligence report 2023 | Nokia

Other News

• The country with the best cyber security skills may surprise you | TechRadar

• CEO guilty of selling counterfeit Cisco devices to military, govt orgs (bleepingcomputer.com)

• NASA website flaw jeopardizes astrobiology fans- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

• Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

• SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

• IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

• Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

• Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

• Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

• Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

• Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

• Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Governance, Risk and Compliance

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)

• Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times

• Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)

• Cyber Defence: Council conclusions stress the importance of further strengthening the EU resilience to face cyber threats - Consilium (europa.eu)

• 5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)

• Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek

• The biggest threats are always those we fail to predict - Big Think

• How continuous security monitoring is changing the compliance game - Help Net Security

• Forrester predicts 2023's top cyber security threats: From generative AI to geopolitical tensions | VentureBeat

• 50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy - Infosecurity Magazine (infosecurity-magazine.com)

• Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)

Threats

Ransomware, Extortion and Destructive Attacks

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Backup Repositories Targeted in 93% of Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)

• FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs

• Fortinet survey finds 78% of organisations felt prepared for ransomware attacks, yet half still fell victim | ITWeb

• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)

• Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims

• Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget

• The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)

• US saw 45% fewer ransomware victims posted on the dark web | Security Magazine

• BlackCat ransomware takes control of protected computers via new kernel driver | SC Media (scmagazine.com)

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)

• Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)

Ransomware Victims

• Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek

• Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million - Security Affairs

• Iowa hospital discloses breach following Royal ransomware leak | TechTarget

• Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)

• Mazars Group allegedly breached by BlackCat | Cybernews

• Dish Network says February ransomware attack impacted +300K - Security Affairs

• Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register

• Dorchester school IT system held to ransom in cyber attack - BBC News

• BlackByte lists city of Augusta after cyber 'incident' • The Register

Phishing & Email Based Attacks

• Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)

• Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• Threat actors exploit new channels for advanced phishing attacks - Help Net Security

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Phishing campaign targets ChatGPT users - Help Net Security

BEC – Business Email Compromise

• Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog

• Microsoft reports jump in business email compromise activity | CSO Online

• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool (darkreading.com)

Artificial Intelligence

• Employees are banned from using ChatGPT at these companies | Fortune

• When the tech boys start asking for new regulations, you know something’s up | John Naughton | The Guardian

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• 6 ChatGPT risks for legal and compliance leaders - Help Net Security

• 5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

• How to avoid shadow AI in your SOC - Help Net Security

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets ChatGPT users - Help Net Security

• The Security Hole at the Heart of ChatGPT and Bing | WIRED UK

2FA/MFA

• Cyber criminals masquerading as MFA vendors - Help Net Security

Malware

• New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)

• Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)

• Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Threat actors leverage kernel drivers in new attacks | TechTarget

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Google Unveils Bug Bounty Program For Android Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Botnets

• How smart bots are infecting and exploiting the internet - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Denial of Service/DoS/DDOS

• Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry (thehackernews.com)

Internet of Things – IoT

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• How Connected Car Cyber Risk will Evolve (trendmicro.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

Data Breaches/Leaks

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)

• Hackers steal the SSN of nearly 6 million people (pandasecurity.com)

• Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek

Organised Crime & Criminal Actors

• Inside the Mind of a Cyber Attacker | Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know

• IT employee piggybacked on cyber attack for personal gain - Help Net Security

• Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• Cyber criminals masquerading as MFA vendors - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

Insider Risk and Insider Threats

• How to prevent against the 5 main types of insider threats - IT Security Guru

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)

• Uncle Sam tries to wrangle 'money mules' • The Register

• Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Ads for lucrative jobs in Asia may be tech slavery scams • The Register

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Banking, tech and telecoms groups combine to gather intelligence on scammers | Financial Times (ft.com)

Supply Chain and Third Parties

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC

Software Supply Chain

• GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)

Cloud/SaaS

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)

Attack Surface Management

• The Need to Isolate Branch Offices in High-Risk Countries (darkreading.com)

Identity and Access Management

• 7 access management challenges during M&A - Help Net Security

• Think security first when switching from traditional Active Directory to Azure AD | CSO Online

Encryption

• Quantum attack would trigger Great Depression, think tank warns | SC Media (scmagazine.com)

API

• API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• What is API Security? | Definition from TechTarget

• The fragmented nature of API security ownership - Help Net Security

Open Source

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inactive accounts pose significant account takeover security risks | CSO Online

• What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)

• Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)

Biometrics

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Social Media

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

Training, Education and Awareness

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Realistic simulations are transforming cyber security training - Help Net Security

Travel

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Four ways your devices can be hacked in hotels and how to stay safe | This is Money

• Tips to Protect Against Holiday and Airline Scams - IT Security Guru

Parental Controls and Child Safety

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Regulations, Fines and Legislation

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

Models, Frameworks and Standards

• NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)

• New security model launched to eliminate 95% of cyber breaches - IT Security Guru

Backup and Recovery

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

Data Protection

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How to become a bug bounty hunter: Getting started | TechTarget

Law Enforcement Action and Take Downs

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

Privacy, Surveillance and Mass Monitoring

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• UK police to 'embed' facial recog but oversight is at risk • The Register

• Abuse of government spying powers: What's to worry about? • The Register

• Reflections on Ten Years Past The Snowden Revelations (ietf.org)

Misinformation, Disinformation and Propaganda

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Opinion: Cyber war and (no) peace (insuranceinsider.com)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• What’s Russia Planning? (informationsecuritybuzz.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• What’s Russia Planning? (informationsecuritybuzz.com)

• United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Nation State Actors

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)

• SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• GoldenJackal: Threat Risk For Organisations In Middle East & South Asia (informationsecuritybuzz.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (thehackernews.com)

• Fata Morgana Watering Hole Attack Targets Shipping, Logistics Firms - Infosecurity Magazine (infosecurity-magazine.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• Five Eyes and Microsoft accuse China US infrastructure raids • The Register

• Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security

• Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)

• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)

Vulnerability Management

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Fresh perspectives needed to manage growing vulnerabilities - Help Net Security

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• How to check for new exploits in real time? VulnCheck has an answer | CSO Online

Vulnerabilities

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites (searchenginejournal.com)

• Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)

• Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)

• Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)

• Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)

• GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)

• 83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)

• CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs

• Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security

• Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Tools and Controls

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• CMOs & CISOs: Uniting for Stronger Brands (cmswire.com)

• Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• How continuous security monitoring is changing the compliance game - Help Net Security

• Blacklist untrustworthy apps that peek behind your firewall - Help Net Security

• How generative AI is reshaping the identity verification landscape - Help Net Security

• What is API Security? | Definition from TechTarget

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• The fragmented nature of API security ownership - Help Net Security

• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)

• Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• 6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Attributes of a mature cyber-threat intelligence program | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.