Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 07 July 2023
Black Arrow Cyber Threat Briefing 07 July 2023:
-Cyber Attacks Against Mobile Devices Growing Fast
-One Third of Security Breaches Go Unnoticed by Security Professionals
-Cyber Security Experts Have Become Targets for Board Seats
-Phishing Attack Prevention as Email Attacks Surge Over 450%
-Outsmarting Business Email Compromise Scammers
-Small Organisations Face Security Threats on a Limited Budget
-Cloud Security: Sometimes the Risks May Outweigh the Rewards
-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
-75% of Consumers Prepared to Ditch Brands Hit by Ransomware
-Scammers Using AI Voice Technology to Commit Crimes
-What are the Causes of Data Loss and What it the Impact on Your Organisation?
-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Against Mobile Devices Growing Fast
A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year. The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.
It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.
https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users
One Third of Security Breaches Go Unnoticed by Security Professionals
While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.
The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.
https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/
Cyber Security Experts Have Become Targets for Board Seats
The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.
The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.
CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.
https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html
Phishing Attack Prevention as Email Attacks Surge Over 450%
A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.
In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.
https://cybersecuritynews.com/phishing-attack-prevention-checklist/
Outsmarting Business Email Compromise (BEC) Scammers
Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.
There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.
https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers
Small Organisations Face Security Threats on a Limited Budget
Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.
The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.
https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/
Cloud Security: Sometimes the Risks May Outweigh the Rewards
Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.
Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.
https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/
https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.
From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.
https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks
75% of Consumers Prepared to Ditch Brands Hit by Ransomware
As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.
While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.
https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/
Scammers Using AI Voice Technology to Commit Crimes
The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.
The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.
https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/
What are the Causes of Data Loss and What it the Impact on Your Organisation?
In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.
It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.
https://securityaffairs.com/148086/security/impacts-of-data-loss.html
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.
One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.
Governance, Risk and Compliance
Cyber Security experts have become targets for board seats (cnbc.com)
The Impacts of Data Loss on Your Organisation -Security Affairs
One third of security breaches go unnoticed by security professionals - Help Net Security
Small organisations face security threats on a limited budget - Help Net Security
How to cultivate a culture of continuous cyber Security improvement - Help Net Security
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of consumers prepared to ditch brands hit by ransomware - Help Net Security
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)
Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)
Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)
The rise in cyber extortion attacks and its impact on business security - Help Net Security
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek
Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs
Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
How ransomware impacts the healthcare industry - Help Net Security
June saw flurry of ransomware attacks on education sector | TechTarget
Decryption tool for Akira ransomware available for free | Tripwire
Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert
Ransomware Victims
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg
UCLA among victims of worldwide cyber attack – NBC Los Angeles
BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg
Chipmaker TSMC says supplier targeted in cyber Attack | Reuters
MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert
Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)
African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Quishing on the rise: How to prevent QR code phishing | TechTarget
Why cyberpsychology is such an important part of effective cyber Security | CSO Online
Artificial Intelligence
Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times
AI-generated attack vectors cyber Security should watch for (fastcompany.com)
OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
GPT-4 is great at infuriating telemarketing scammers • The Register
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Malware
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
CISA: Truebot malware infecting networks in US, Canada | TechTarget
Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
Mobile
Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek
Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)
Android users at risk as banking trojan targets more apps | Fox News
Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert
We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Botnets
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Denial of Service/DoS/DDOS
CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Data Breaches/Leaks
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)
Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
The Impacts of Data Loss on Your Organisation- Security Affairs
Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)
OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop
28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)
Support from British businesses crucial in removing over... - NCSC.GOV.UK
GPT-4 is great at infuriating telemarketing scammers • The Register
Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Deepfakes
Scammers using AI voice technology to commit crimes - Help Net Security
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
AML/CFT/Sanctions
Insurance
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)
Cyber insurance rates drop 10% in June, report says | Reuters
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Dark Web
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Japan rebukes Fujitsu for cloud security fails • The Register
IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security
Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)
11 best practices for securing data in the cloud | Microsoft Security Blog
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Attack Surface Management
Encryption
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)
Social Media
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
European companies slam the EU’s incoming AI regulations in open letter - The Verge
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru
3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)
Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)
CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru
Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)
ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Satellite system used by Russian military is hacked - The Washington Post
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)
China
US authorities warn on China’s new counter-espionage la' • The Register
Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research
Chinese threat actor attacks diplomats across Europe • The Register
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Iran
Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
North Korea
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
North Korean satellite had no military utility for spying • The Register
Misc/Other/Unknown
Vulnerability Management
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Vulnerabilities
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)
Microsoft puts out Outlook fire, downplays Teams flaw • The Register
WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek
Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)
Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)
StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)
Tools and Controls
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Small organisations face security threats on a limited budget - Help Net Security
11 best practices for securing data in the cloud | Microsoft Security Blog
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Reports Published in the Last Week
Other News
Foreign spies hacked government 20 years ago (thetimes.co.uk)
GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)
Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru
Hacks targeting British exam boards raise fears of students cheating (therecord.media)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
Is your browser betraying you? Emerging threats in 2023 - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 February 2023
Black Arrow Cyber Threat Briefing 17 February 2023:
-High Risk Users May be Few, but the Threat They Pose is Huge
-The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously
-Cyber Attacks Worldwide Increased to an All-Time Record Breaking High
-Most Organisations Make Cyber Security Decisions Without Insights
-Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities
-Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think
-Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks
-EU Countries Told to Step up Defence Against State Hackers
-Cyber Criminals Exploit Fear and Urgency to Trick Consumers
-How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore
-Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets
-5 Biggest Risks of Using Third Party Managed Service Providers
-Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
High Risk Users May be Few, but the Threat They Pose is Huge
High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.
https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/
The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously
State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.
Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows
According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.
Most Organisations Make Cyber Security Decisions Without Insights
A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.
Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities
Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities. A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.
Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think
Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.
Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks
Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.
https://www.infosecurity-magazine.com/news/bec-groups-multilingual/
EU Countries Told to Step up Defence Against State Hackers
European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.
Cyber Criminals Exploit Fear and Urgency to Trick Consumers
Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.
https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/
How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore
Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.
https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/
Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets
Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.
5 Biggest Risks of Using Third Party Managed Service Providers
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.
Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands
Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.
https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat
US, UK slap sanctions on Russians linked to Conti and more • The Register
Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)
Members of Russian cyber crime network unmasked by US and UK authorities - The Verge
Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs
New ESXi ransomware strain spreads, foils decryption tools | TechTarget
North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)
Cisco Talos spots new MortalKombat ransomware attacks | TechTarget
Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS
City of Oakland systems offline after ransomware attack (bleepingcomputer.com)
MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)
MTU data appears on dark web after cyber attack – The Irish Times
Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)
Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch
City of Oakland issued state of emergency after ransomware attack-Security Affairs
Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland
No relief in sight for ransomware attacks on hospitals | TechTarget
Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)
Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)
Phishing & Email Based Attacks
NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)
Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)
BEC – Business Email Compromise
2FA/MFA
Malware
Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft OneNote Abuse for Malware Delivery Surges - Security Week
New TA886 group targets companies with Screenshotter malware-Security Affairs
Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)
Great, hackers are now using ChatGPT to generate malware | Digital Trends
Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)
Pepsi distributor blames info-stealing malware for breach • The Register
Malware that can do anything and everything is on the rise - Help Net Security
New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)
Thousands of WordPress sites have been infected by a mystery malware | TechRadar
Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)
Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)
Malware authors leverage more attack techniques that enable lateral movement | CSO Online
Mobile
Botnets
Denial of Service/DoS/DDOS
Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)
87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)
The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs
Internet of Things – IoT
Digital burglaries: The threat from your smart home devices | Fox News
Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs
New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)
Data Breaches
MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News
Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET
Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)
Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI
Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)
Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)
My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)
After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop
Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)
Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica
Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk
A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)
Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)
Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)
Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)
451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Russian IT biz owner made $90M from stolen financial info • The Register
Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)
Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)
Romance scam targets security researcher, hilarity ensues • The Register
10 signs that scammers have you in their sights | WeLiveSecurity
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
How to manage third-party cyber security risks that are too costly to ignore | TechCrunch
5 biggest risks of using third-party services providers | CSO Online
Cloud/SaaS
Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat
Application and cloud security is a shared responsibility - Help Net Security
Attack Surface Management
Open Source
Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)
Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)
New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag
Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)
My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)
Social Media
Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic
Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)
Malvertising
Training, Education and Awareness
High-risk users may be few, but the threat they pose is huge - Help Net Security
Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)
Regulations, Fines and Legislation
The Online Safety Bill: An attack on encryption (element.io)
As regulations skyrocket, is compliance even possible anymore? - Help Net Security
Governance, Risk and Compliance
Security buyers lack insight into threats, attackers, report finds | Computer Weekly
Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert
Actionable intelligence is the key to better security outcomes - Help Net Security
Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)
Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online
As regulations skyrocket, is compliance even possible anymore? - Help Net Security
Storage security for compliance and cyberwar in 2023 • The Register
Backup and Recovery
Careers, Working in Cyber and Information Security
Get hired in cyber security: Expert tips for job seekers - Help Net Security
3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)
Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)
Law Enforcement Action and Take Downs
Members of Russian cyber crime network unmasked by US and UK authorities - The Verge
Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET
Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software
Great, hackers are now using ChatGPT to generate malware | Digital Trends
Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED
A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
EU countries told to step up defence against state hackers | Reuters
Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent
Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop
Google: Russia continues to set cyber sights on NATO nations | TechTarget
US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)
Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week
SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi
US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian
Six companies join US entity list after Chinese spy balloon • The Register
How Alan Turing still casts his genius in the age of cyberwar | Metro News
US warns its citizens in Russia to get out immediately over security fears | Euronews
Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)
Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)
Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED
Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)
A.I. in the military could be a game changer in warfare | Fortune
Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian
China-based cyber espionage actor seen targeting South America | CSO Online
The Lessons From Cyberwar, Cyber-in-War and Ukraine - security Week
Storage security for compliance and cyberwar in 2023 • The Register
Nation State Actors
EU countries told to step up defence against state hackers | Reuters
Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent
Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop
Google: Russia continues to set cyber sights on NATO nations | TechTarget
Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week
MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)
Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET
Six companies join US entity list after Chinese spy balloon • The Register
Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)
Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)
Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)
Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian
China-based cyber espionage actor seen targeting South America | CSO Online
UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)
A new operating system has been released in Russia! (gizchina.com)
Vulnerability Management
Vulnerabilities
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)
Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week
Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week
Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch
Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week
Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)
Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)
Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week
Dozens of Vulnerabilities Patched in Intel Products - Security Week
High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)
Critical Vulnerability Patched in Cisco Security Products - Security Week
Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica
Tools and Controls
A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)
Combining identity and security strategies to mitigate risks - Help Net Security
Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)
Attack surface management (ASM) is not limited to the surface - Help Net Security
How to filter Security log events for signs of trouble | TechTarget
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3