Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (betanews.com)
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Why there’s no one-size-fits all solution to security maturity | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (darkreading.com)
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (therecord.media)
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)
British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)
Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Malware
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)
Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)
Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)
Mobile
16 more infected Android apps you need to delete ASAP (bgr.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)
LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)
UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
Cloud/SaaS
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. - Thurrott.com
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
Malvertising
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (computing.co.uk)
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
China
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Russia
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)
Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)
A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iran
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (darkreading.com)
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)
Vulnerabilities
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)
Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (securityintelligence.com)
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)
ING CISO says data sharing is key to financial cyber security (finextra.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28th July 2023
Black Arrow Cyber Threat Briefing 28 July 2023:
-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions
-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500
-Why Cyber Security Should Be Part of Your ESG Strategy
-Lawyers Take Frontline Role in Business Response to Cyber Attacks
-Organisations Face Record $4.5M Per Data Breach Incident
-Cryptojacking Soars as Cyber Attacks Diversify
-Ransomware Attacks Skyrocket in 2023
-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
-Protect Your Data Like Your Reputation Depends on It (Because it Does)
-Why CISOs Should Get Involved with Cyber Insurance Negotiation
-Companies Must Have Corporate Cyber Security Experts, SEC Says
-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Half of UK Businesses Struggle to Fill Cyber Security Skills Gap
Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.
In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.
With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725
https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/
Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500
The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.
Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.
https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/
https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/
Why Cyber Security Should Be Part of Your ESG Strategy
Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.
Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.
https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy
Lawyers Take Frontline Role in Business Response to Cyber Attacks
Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.
In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.
https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331
Organisations Face Record $4.5M Per Data Breach Incident
In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.
https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident
Cryptojacking Soars as Cyber Attacks Diversify
According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.
Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.
https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/
Ransomware Attacks Skyrocket in 2023
Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.
The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.
https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/
Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.
Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.
https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/
https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt
https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/
Protect Your Data Like Your Reputation Depends on It (Because it Does)
Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.
It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.
Why CISOs Should Get Involved with Cyber Insurance Negotiation
Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.
Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.
Companies Must Have Corporate Cyber Security Experts, SEC Says
A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.
The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.
The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.
Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.
With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.
https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023
Governance, Risk and Compliance
Data Breaches Cost Businesses $4.5M on Average (darkreading.com)
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Companies encounter months-long delays in filling critical security positions - Help Net Security
Enterprises should layer-up security to avoid legal repercussions - Help Net Security
Explaining risk maturity models and how they work | TechTarget
Why cyber security should be part of your ESG strategy | Computer Weekly
The old “trust but verify” adage should be the motto for every CISO | CSO Online
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security
The critical cyber security backup plan too many companies are ignoring (cnbc.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)
Why whistleblowers in cyber security are important and need support | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)
Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Millions of people's healthcare files accessed by Clop gang • The Register
Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek
The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop
Risk & Repeat: Are data extortion attacks ransomware? | TechTarget
ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)
Ransomware: Sophos says most universities pay | Times Higher Education (THE)
Ransomware Victims
PwC has data leaked on the clear web - Cyber Security Connect
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Millions of people's healthcare files accessed by Clop gang • The Register
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek
Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)
Phishing & Email Based Attacks
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
BEC – Business Email Compromise
Artificial Intelligence
Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security
UN Security Council to hold first talks on AI risks | Reuters
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)
Lots of sensitive data is still being posted to ChatGPT | TechRadar
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
The Good, the Bad and the Ugly of Generative AI - SecurityWeek
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Intel's deepfake detector tested on real and fake videos - BBC News
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Malware
Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)
Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)
The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)
Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security
Mobile
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch
Botnets
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Denial of Service/DoS/DDOS
Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
BYOD
Internet of Things – IoT
Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek
Data Breaches/Leaks
Capita breach class action nears 1,000 sign-ups • The Register
VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
NATO investigating apparent breach of unclassified information sharing platform | CyberScoop
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs
Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)
Organised Crime & Criminal Actors
The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking soars as cyber attacks increase, diversify - Help Net Security
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Consumers demand more from businesses when it comes to security - Help Net Security
CISOs gear up to combat the rising threat of B2B fraud - Help Net Security
MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian
Insurance
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal
Dark Web
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Supply Chain and Third Parties
Capita breach class action nears 1,000 sign-ups • The Register
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
Strengthening the weakest links in the digital supply chain - Help Net Security
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)
Software Supply Chain
Cloud/SaaS
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Shadow IT
Encryption
Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)
Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)
API
Open Source
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Training, Education and Awareness
Travel
Parental Controls and Child Safety
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Regulations, Fines and Legislation
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Data Protection
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Careers, Working in Cyber and Information Security
Companies encounter months-long delays in filling critical security positions - Help Net Security
Bridging the cyber security skills gap through cyber range training - Help Net Security
Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
Russian court jails cyber security executive for 14 years in treason case | Reuters
Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian
69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica
China
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
The Chinese groups accused of hacking the US and others | Reuters
Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek
North Korea
North Korean Cyber spies Target GitHub Developers (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
Misc/Other/Unknown
Vulnerability Management
Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget
CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)
Want to live dangerously? Try running Windows XP in 2023 • The Register
A step-by-step guide for patching software vulnerabilities - Help Net Security
Vulnerabilities
Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek
A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs
Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)
Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)
Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)
Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)
VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)
Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)
Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
Study reveals silent Python package security fixes • The Register
Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)
WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)
Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs
Tools and Controls
Why cyber security should be part of your ESG strategy | Computer Weekly
Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)
Explaining risk maturity models and how they work | TechTarget
Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)
Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)
Zero trust rated as highly effective by businesses worldwide - Help Net Security
50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)
Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)
Why are computer security guidelines so confusing? - Help Net Security
Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)
Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)
Converging networking and security with SASE - Help Net Security
Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)
Key factors for effective security automation - Help Net Security
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
CISOs consider zero trust a hot security ticket - Help Net Security
How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)
Reports Published in the Last Week
Other News
Maritime Cyber attack Database Launched by Dutch University - SecurityWeek
Google’s new security pilot program will ban employee Internet access | Ars Technica
macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)
Why whistleblowers in cyber security are important and need support | CSO Online
World's most internetty firm tries life off the net • The Register
Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 July 2023
Black Arrow Cyber Threat Briefing 21 July 2023:
-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals
-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
-Risk is Driving Medium-Sized Business Decisions
-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security
-Hybrid Work, Digital Transformation can Exploit Security Gaps
-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
-Pro-Russian Hacktivists Increase Focus on Western Targets
-Infosec Doesn't Know What AI Tools Orgs Are Using
-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.
A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.
https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/
MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals
The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.
The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.
https://www.theregister.com/2023/07/20/moveit_victim_count/
IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.
Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.
Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.
A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.
Risk is Driving Medium-Sized Business Decisions
Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.
In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.
Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security
For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.
However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.
This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.
Hybrid Work, Digital Transformation can Exploit Security Gaps
A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.
What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.
https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/
https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html
Pro-Russian Hacktivists Increase Focus on Western Targets
‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.
The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.
https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/
Infosec Doesn't Know What AI Tools Organisations Are Using
With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.
Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.
https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using
Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.
https://www.theregister.com/2023/07/19/google_cuts_internet/
Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.
The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023
Governance, Risk and Compliance
Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert
Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)
Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
CISOs are making cyber security a business problem - Help Net Security
Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)
Best practices for an effective cyber security strategy | CSO Online
Exploring the macro shifts in enterprise security - Help Net Security
Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro
Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)
Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)
SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)
New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek
Google’s Bard poses ransomware risk, say researchers | Cybernews
FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Ransomware Victims
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch
MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)
BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly
Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian
Russian medical lab suspends some services after ransomware attack (therecord.media)
Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Phishing & Email Based Attacks
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
BEC – Business Email Compromise
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent
Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)
AI models must be reconciled with data protection laws • The Register
1 in 4 Brits play with generative AI and some believe it too • The Register
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
AI must have better security, says top cyber official - BBC News
Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Google’s Bard poses ransomware risk, say researchers | Cybernews
Malware
Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)
Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs
Are Viruses Still a Threat to Cyber security? (makeuseof.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)
Mobile
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)
Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)
Botnets
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Denial of Service/DoS/DDOS
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop
Attackers intensify DDoS attacks with new tactics - Help Net Security
Internet of Things – IoT
How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)
US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)
Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)
Data Breaches/Leaks
MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek
Data compromises on track to set a new record - Help Net Security
Virustotal data leak exposed data of some registered customers - Security Affairs
What to do (and what not to do) after a data breach - Help Net Security
Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
LastPass: The lessons we learnt from our devastating breach | TechRadar
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)
FIA World Endurance Championship driver passports leaked - Security Affairs
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Colorado State University says data breach impacts students, staff (bleepingcomputer.com)
Organised Crime & Criminal Actors
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek
Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Former contractor accused of remotely accessing town's water treatment facility | Tripwire
Insider Risk Management Starts With SaaS Security (darkreading.com)
Fraud, Scams & Financial Crime
Growing scam activity linked to social media and automation - Help Net Security
A fresh look at the current state of financial fraud - Help Net Security
Tech support scammers now accepting cash via snail mail • The Register
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
AML/CFT/Sanctions
Insurance
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Dark Web
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
Supply Chain and Third Parties
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Supply chain executives unaware of growing customer trust issues - Help Net Security
Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)
Cloud/SaaS
Microsoft makes cloud security logs available for free • The Register
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Hybrid/Remote Working
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Securing The Hybrid Workforce Begins With Browsing (forbes.com)
Attack Surface Management
Identity and Access Management
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
The rise of hassle-free and secure authentication | CyberScoop
Encryption
Real-world examples of quantum-based attacks - Help Net Security
EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Signal president rejects ‘mass surveillance’ UK law | Fortune
API
Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)
API keys: Weaknesses and security best practices | TechTarget
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass: The lessons we learnt from our devastating breach | TechRadar
Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Social Media
Growing scam activity linked to social media and automation - Help Net Security
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
Training, Education and Awareness
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)
Digital Transformation
Travel
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
Regulations, Fines and Legislation
AI models must be reconciled with data protection laws • The Register
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Career Benefits of Learning Ethical Hacking (analyticsinsight.net)
Should You Be Using a Cyber security Careers Framework? (darkreading.com)
Law Enforcement Action and Take Downs
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Privacy, Surveillance and Mass Monitoring
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop
Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)
Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)
Ukraine innovates on cyber defence | Financial Times (ft.com)
China
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert
Xi wants to make the Great Firewall of China even greater • The Register
North Korea
JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)
North Korean hackers breached a US tech company to steal crypto | Reuters
Misc/Other/Unknown
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
APT Protection: The Key to Safeguarding Your Business (ts2.space)
How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
What is Vulnerability Assessment In Cyber security? (gbhackers.com)
Vulnerabilities
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)
Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)
OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs
Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)
5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)
Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek
Google says Apple employee found a zero-day but did not report it | TechCrunch
Tools and Controls
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)
A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)
Enterprise communication security a growing risk, priority | TechTarget
MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)
NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft's security roadmap: Protect Azure DevOps secrets • The Register
CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)
What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET
Insider Risk Management Starts With SaaS Security (darkreading.com)
67% of daily security alerts overwhelm SOC analysts - Help Net Security
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Microsoft makes cloud security logs available for free • The Register
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
API keys: Weaknesses and security best practices | TechTarget
Other News
Google restricting internet access to some employees for security (cnbc.com)
Enterprise communication security a growing risk, priority | TechTarget
Healthcare organisations in the crosshairs of cyber attackers - Help Net Security
Broadband consumers demand security and sustainability - Help Net Security
Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)
Cyber security measures SMBs should implement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 August 2022
Black Arrow Cyber Threat Briefing 05 August 2022
-Average Cost of Data Breaches Hits Record High of $4.35 Million: IBM
-Researchers Warns of Large-Scale Adversary-in-the-Middle (AiTM) Attacks Targeting Enterprise Users
-UK NHS Suffers Outage After Cyber Attack on Managed Service Provider
-A Third of Organisations Experience a Ransomware Attack Once a Week
-Ransomware Products, Services Ads on Dark Web Show Clues to Danger
-Wolf In Sheep’s Clothing, How Malware Tricks Users and Antivirus
-Microsoft Accounts Targeted with New MFA-Bypassing Phishing Kit
-Cyber Attack Prevention Is Cost-Effective, So Why Aren’t Businesses Investing to Protect?
-Securing Your Move to the Hybrid Cloud
-Lessons from the Russian Cyber Warfare Attacks
-Four Sneaky Attacker Evasion Techniques You Should Know About
-Zero-Day Defence: Tips for Defusing the Threat
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Average Cost of Data Breaches Hits Record High of $4.35 Million: IBM
The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organisations raised product and services prices due to the breaches.
The annual report, conducted by Ponemon Institute and analysed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022.
According to the report, about 83% of the organisations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.
The report revealed that ransomware and destructive attacks represented 28% of breaches among the critical infrastructure organisations studied, indicating that threat actors are specifically targeting the sector to disrupt global supply chains. The critical infrastructure sector includes financial services, industrial, transportation, and healthcare companies.
Researchers Warns of Large-Scale Adversary-in-the-Middle (AiTM) Attacks Targeting Enterprise Users
A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts.
It uses a technique capable of bypassing multi-factor authentication. The campaign is specifically designed to reach end users in enterprises that use Microsoft's email services.
Prominent targets include fintech, lending, insurance, energy, manufacturing, and federal credit union verticals located in the US, UK, New Zealand, and Australia.
This is not the first time such a phishing attack has come to light. Last month, Microsoft disclosed that over 10,000 organisations had been targeted since September 2021 by means of AitM techniques to breach accounts secured with multi-factor authentication (MFA).
The ongoing campaign, effective June 2022, commences with an invoice-themed email sent to targets containing an HTML attachment, which includes a phishing URL embedded within it.
https://thehackernews.com/2022/08/researchers-warns-of-large-scale-aitm.html
UK NHS Suffers Outage After Cyber Attack on Managed Service Provider
The UK National Health Service (NHS) 111 emergency services were affected by a significant and ongoing outage triggered by a cyber attack that hit the systems of British managed service provider (MSP) Advanced.
Advanced's Adastra client patient management solution, which is used by 85% of NHS 111 services, was hit by a major outage together with several other services provided by the MSP, according to a status page.
"There was a major outage of a computer system that is used to refer patients from NHS 111 Wales to out-of-hours GP providers," the Welsh Ambulance Services said. "This system is used by Local Health Boards to coordinate these services for patients. The ongoing outage is significant and has been far-reaching, impacting each of the four nations in the UK."
The UK public was advised to access the NHS 111 emergency services using the online platform until the incident is resolved.
While no details were provided regarding the nature of the cyber attack, based on the wording, it is likely that this was a ransomware or data extortion attack.
A Third of Organisations Experience a Ransomware Attack Once a Week
Ransomware attacks show no sign of slowing. According to new research published by Menlo Security, a third of organisations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day.
The research, conducted among 500+ IT security decision makers at US and UK organisations with more than 1,000 employees, highlights the impact this is having on security professionals’ own wellbeing. When asked what keeps them awake at night, 41% of respondents say they worry about ransomware attacks evolving beyond their team’s knowledge and skillset, while 39% worry about them evolving beyond their company’s security capabilities.
Their biggest concern, however, is the risk of employees ignoring corporate security advice and clicking on links or attachments containing malware (46%). Respondents worry more about this than they do their own job security, with just a quarter (26%) of respondents worried about losing their job.
According to the report, around half of organisations (61% US and 44% UK) have been the victim of a successful ransomware attack in the last 18 months, with customers and prospects the most likely entry point for an attack.
Partners/suppliers and employees/contractors are also seen as serious security risks, although one in 10 admit they are unable to identify how the attacks got in. The top three ransomware attack vectors are email (54%), web browsers via a desktop or laptop (49%) and mobile devices (39%).
https://www.helpnetsecurity.com/2022/08/04/organizations-experience-ransomware-attack/
Ransomware Products and Services Ads on Dark Web Show Clues to Danger
Why is ransomware’s destructive potential so daunting? Some clues are in the “for sale” ads. In an examination of some 35 million dark web URLs, a provider of machine identity management and a forensic specialist found some 475 web pages peddling sophisticated ransomware products and services with a number of high profile crews hawking ransomware-as-a-service.
The work is a joint effort between the Salt Lake City-based Venafi and Forensic Pathways, which took place between November 2021 and March 2022. Researchers used Forensic’s Dark Search Engine to carry out the investigation.
Here are some of the research findings:
87% of the ransomware found on the dark web has been delivered via malicious macros to infect targeted systems.
30 different “brands” of ransomware were identified within marketplace listings and forum discussions.
Many strains of ransomware being sold — such as Babuk, GoldenEye, Darkside/BlackCat, Egregor, HiddenTear and WannaCry — have been successfully used in high-profile attacks.
Ransomware strains used in high-profile attacks command a higher price for associated services. For example, the most expensive listing was $1,262 for a customised version of Darkside ransomware, which was used in the Colonial Pipeline ransomware attack.
Source code listings for well-known ransomware generally command higher price points. For example, Babuk source code is listed for $950 and Paradise source code is selling for $593.
Ransomware Sold for as Little as $1: In addition to a variety of ransomware at various price points, a wide range of services and tools that help make it easier for attackers with minimal technical skills to launch ransomware attacks are for sale on the dark web, Venafi said. Services with the greatest number of listings include those offering source code, build services, custom development services and ransomware packages that include step-by-step tutorials.
Wolf In Sheep’s Clothing: How Malware Tricks Users and Antivirus
One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks.
Some of these tricks include masquerading malware executables as legitimate applications, signing them with valid certificates, or compromising trustworthy sites to use them as distribution points.
According to VirusTotal, a security platform for scanning uploaded files for malware, some of these tricks are happening on a much larger scale than initially thought.
The platform has compiled a report presenting stats from January 2021 until July 2022, based on the submission of two million files daily, illustrating trends in how malware is distributed.
Abusing legitimate domains: Distributing malware through legitimate, popular, and high-ranking websites allows threat actors to evade IP-based blocklists, enjoy high availability, and provide a greater level of trust.
Using stolen code-signing certificates: Signing malware samples with valid certificates stolen from companies is a reliable way to evade AV detection and security warnings on the host. Of all the malicious samples uploaded to VirusTotal between January 2021 and April 2022, over a million were signed, and 87% used a valid certificate.
Disguised as popular software: Masquerading a malware executable as a legitimate, popular application has seen an upward trend in 2022. Victims download these files thinking they’re getting the applications they need, but upon running the installers, they infect their systems with malware. The most mimicked applications are Skype, Adobe Acrobat, VLC, and 7zip.
Lacing legitimate installers - Finally, there’s the trick of hiding malware inside legitimate application installers and running the infection process in the background while the real apps execute in the foreground. Based on VirusTotal stats, this practice also appears to be on the rise this year, using Google Chrome, Malwarebytes, Windows Updates, Zoom, Brave, Firefox, ProtonVPN, and Telegram as lures.
Microsoft Accounts Targeted with New MFA-Bypassing Phishing Kit
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.
Researchers believe the campaign's goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents.
The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organisations in the US, UK, New Zealand, and Australia.
The campaign was discovered by Zscaler's ThreatLabz researchers, who report that the operation is still ongoing, and the phishing actors register new phishing domains almost daily.
Starting in June 2022, Zscaler's analysts noticed a spike in sophisticated phishing attempts against specific sectors and users of Microsoft email services.
Some of the newly registered domains used in the campaign are typo-squatted versions of legitimate domains.
Notably, many phishing emails originated from the accounts of executives working in these organisations, whom the threat actors most likely compromised earlier.
Cyber Attack Prevention Is Cost-Effective, So Why Aren’t Businesses Investing to Protect?
Cyber attacks like ransomware, BEC scams and data breaches are some of the key issues businesses are facing today, but despite the number of high-profile incidents, many boardrooms are reluctant to free up budget to invest in the cyber security measures necessary to avoid becoming the next victim.
In a Help Net Security interview, Former Pentagon Chief Strategy Officer Jonathan Reiber, VP Cyber security Strategy and Policy, AttackIQ, discusses how now, more than ever, companies need to protect themselves from cyber threat actors. He offers insight for CISOs, from talking to the Board to proper budget allocation.
https://www.helpnetsecurity.com/2022/08/01/cyberattack-prevention-investing/
Securing Your Move to the Hybrid Cloud
The combination of private and public cloud infrastructure, which most organisations are already using, poses unique security challenges. There are many reasons why organisations adopt the public cloud, from enabling rapid growth without the burden of capacity planning to leveraging flexibility and agility in delivering customer-centric services. However, this use can leave companies open to threats.
Since regulatory requirements or other preferences dictate that certain applications remain on private (on-prem) infrastructure, many organisations choose to maintain a mix of private and public infrastructure. Additionally, organisations typically use multiple cloud providers simultaneously or preserve the option to move between providers. However, this hybrid approach presents unique and diverse security challenges. Different cloud providers and private cloud platforms may offer similar capabilities but different ways of implementing security controls, along with disparate management tools.
The question then becomes: How can an organisation maintain consistent governance, policy enforcement and controls across different clouds? And how can it ensure that it maintains its security posture when moving between them? Fortunately, there are steps professionals can take to ensure that applications are continuously secure, starting from the early stages of development and extending throughout the lifecycle.
https://threatpost.com/secure-move-cloud/180335/
Lessons from the Russian Cyber Warfare Attacks
Cyber warfare tactics may not involve tanks and bombs, but they often go hand-in-hand with real combat.
The Russian invasion of Ukraine is a prime example. Before Russian troops crossed the border, Russian hackers had already taken down Ukrainian government websites. And after the conflict started, the hacktivist group Anonymous turned the tables by hacking Russian media to shut down propaganda about the war.
In these unprecedented times of targeted attacks against governments and financial institutions, every organisation should be on heightened alert about protecting their critical infrastructure and digital attack surface.
With the Russia-Ukraine conflict as a backdrop, two Trend Micro security experts recently discussed cyber warfare techniques and how they’re an important reminder for every business to proactively manage cyber risk.
https://www.trendmicro.com/en_us/ciso/22/h/russian-cyber-warfare-attacks.html
Four Sneaky Attacker Evasion Techniques You Should Know About
Remember those portrayals of hackers in the 80s and 90s where you just knew when you got pwned? A blue screen of death, a scary message, a back-and-forth text exchange with a hacker—if you got pwned in a movie in the 80s and 90s, you knew it right off the bat.
What a shame that today’s hackers have learned to be quiet when infiltrating an environment. Sure, “loud” attacks like ransomware still exist, but threat actors have learned that if they keep themselves hidden, they can usually do far more damage. For hackers, a little stealth can go a long way. Some attack tactics are inherently quiet, making them arguably more dangerous as they can be harder to detect. Here are four of these attack tactics you should know about.
Trusted Application Abuse: Attackers know that many people have applications that they inherently trust, making those trusted applications the perfect launchpad for cyber attacks. Threat actors know that defenders and the tools they use are often on the hunt for new malware presenting itself in environments. What isn’t so easy to detect is when the malware masquerades under legitimate applications.
Trusted Infrastructure Abuse: Much like trusted application abuse, trusted infrastructure abuse is the act of using legitimate, publicly hosted services and toolsets (such as Dropbox or Google Drive) as part of the attack infrastructure. Threat actors know that people tend to trust Dropbox and Google Drive. As a result, this makes these tools a prime means for threat actors to carry out malicious activity. Threat actors often find trusted infrastructure abuse easy because these services aren’t usually blocked at an enterprise’s gateway. In turn, outbound communications can hide in plain sight.
Obfuscation: Although cyber security has more than its fair share of tedious acronyms, the good news is that many terms can be broken down by their generic dictionary definitions. According to dictionary.com, this is what obfuscate means: “To make something unclear, obscure or difficult to understand.” And that’s exactly what it means in cyber security: finding ways to conceal malicious behaviour. In turn, this makes it more difficult for analysts and the tools they use to flag suspicious or malicious activity.
Persistence: Imagine writing up documentation using your computer, something you may well do in your role. You’ve spent a ton of time doing the research required, finding the right sources and compiling all your information into a document. Now, imagine not hitting save on that document and losing it as soon as you reboot your computer. Sound like a nightmare—or perhaps a real anxiety-inducing experience you’ve been through before? Threat actors agree. And that’s why they establish persistence. They don’t want all of their hard work to get into your systems in the first place to be in vain just because you restart your computer. They establish persistence to make sure they can still hang around even after you reboot.
Zero-Day Defence: Tips for Defusing the Threat
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multi-layered approach based on zero trust.
The recent Atlassian Confluence remote code execution bug is just the latest example of zero-day threats targeting critical vulnerabilities within major infrastructure providers. The specific threat, an Object-Graph Navigation Language (OGNL) injection, has been around for years but took on new significance given the scope of the Atlassian exploit. And OGNL attacks are on the rise.
Once bad actors find such a vulnerability, proof-of-concept exploits start knocking at the door, seeking unauthenticated access to create new admin accounts, execute remote commands, and take over servers. In the Atlassian case, Akamai's threat research team identified that the number of unique IP addresses attempting these exploits grew to more than 200 within just 24 hours.
Defending against these exploits becomes a race against time worthy of a 007 movie. The clock is ticking and you don't have much time to implement a patch and "defuse" the threat before it's too late. But first you need to know that an exploit is underway. That requires a proactive, multi-layered approach to online security based on zero trust.
What do these layers look like? There are a number of different practices that security teams — and their third-party Web application and infrastructure partners — should be aware of.
https://www.darkreading.com/attacks-breaches/zero-day-defense-tips-for-defusing-the-threat
Threats
Ransomware
Reported ransomware attacks are just the tip of the iceberg. That's a problem for everyone | ZDNet
Initial Access Brokers - Key to Rise In Ransomware Attacks (informationsecuritybuzz.com)
Ransomware gangs are hitting roadblocks, but aren't stopping (yet) - Help Net Security
LockBit Ransomware Abuses Windows Defender for Payload Loading | SecurityWeek.Com
German Chambers of Industry and Commerce hit by 'massive' cyber attack (bleepingcomputer.com)
Ransomware Task Force releases SMB blueprint for defence and mitigation (scmagazine.com)
German semiconductor giant Semikron says hackers encrypted its network | TechCrunch
Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat (darkreading.com)
Luxembourg Energy Company Hit by Ransomware | SecurityWeek.Com
Spanish research agency still recovering after ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Countdown Clock Puts Pressure on Phishing Targets - Infosecurity Magazine
The most impersonated brand in phishing attacks? Microsoft - Help Net Security
Open Redirect Flaw Snags Amex, Snapchat User Data | Threatpost
A new malware threat is spying on users' Gmail inbox — do this before you're next | Laptop Mag
Massive New Phishing Campaign Targets Microsoft Email Service Users (darkreading.com)
North Korean Hackers Use Browser Extension to Spy on Gmail and AOL Accounts - Infosecurity Magazine
Other Social Engineering; SMishing, Vishing, etc
Malware
VirusTotal Reveals Most Impersonated Software in Malware Attacks (thehackernews.com)
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers (thehackernews.com)
Woody RAT: A new feature-rich malware spotted in the wild | Malwarebytes Labs
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack (thehackernews.com)
New Linux malware brute-forces SSH servers to breach networks (bleepingcomputer.com)
Attackers cause Discord discord with malicious npm packages • The Register
Gootkit AaaS malware is still active and uses updated tactics - Security Affairs
Mobile
Facebook finds new Android malware used by APT hackers (bleepingcomputer.com)
Google Patches Critical Android Bluetooth Flaw in August Security Bulletin - Infosecurity Magazine
Banking trojan finds new routes to accounts by infiltrating Google Play Store (scmagazine.com)
Internet of Things – IoT
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Nearly $200 Million Stolen from Cryptocurrency Bridge Nomad | SecurityWeek.Com
Crypto firm that promised security loses $200 million in 'frenzied free-for-all' hack | PC Gamer
Nomad to crooks: Keep 10% as a bounty, return the rest • The Register
Cyber attackers Drain Nearly $6M From Solana Crypto Wallets (darkreading.com)
Man robbed of $800,000 in cryptocurrency sues Google • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
UK Branded Europe’s “Capital of Card Fraud” - Infosecurity Magazine
Huge network of 11,000 fake investment sites targets Europe (bleepingcomputer.com)
Online payment fraud losses accelerate at an alarming rate - Help Net Security
COMMENT: 'Hi Mum, Hi Dad' Scams On The Rise - Britons Already (informationsecuritybuzz.com)
Increase in Fake Tickets Being Sold by Cyber criminals on Social Media - IT Security Guru
AML/CFT/Sanctions
Dark Web
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem (darkreading.com)
The popularity of Dark Utilities 'C2-as-a-Service' rapidly increases - Security Affairs
Software Supply Chain
Cloud/SaaS
Cyber attackers Increasingly Target Cloud IAM as a Weak Link (darkreading.com)
What Worries Security Teams About the Cloud? (darkreading.com)
Who Has Control: The SaaS App Admin Paradox (thehackernews.com)
Enterprises face a multitude of barriers to securing diverse cloud environments - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch
Credential Canaries Create Minefield for Attackers (darkreading.com)
5 reasons why businesses should never use consumer-grade password managers | TechRadar
Social Media
Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts (thehackernews.com)
Parliament shuts down TikTok account over China data security concerns (telegraph.co.uk)
Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks (informationsecuritybuzz.com)
Increase in Fake Tickets Being Sold by Cyber criminals on Social Media - IT Security Guru
Privacy
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Most companies are unprepared for CCPA and GDPR compliance - Help Net Security
Data privacy: Collect what you need, protect what you collect | CSO Online
India scraps data protection law, promises better successor • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine takes down 1,000,000 bots used for disinformation (bleepingcomputer.com)
Nancy Pelosi ties Chinese cyber-attacks to Taiwan visit • The Register
Spanish Research Center Suffers Cyber attack Linked to Russia | SecurityWeek.Com
Russian organisations attacked with new Woody RAT malware (bleepingcomputer.com)
Greek intelligence spied on journalist with a surveillance spyware - Security Affairs
Rare Pegasus screenshots depict NSO Group's spyware capabilities | AppleInsider
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Chinese hackers use new Cobalt Strike-like attack framework (bleepingcomputer.com)
Massive China-Linked Disinformation Campaign Taps PR Firm for Help (darkreading.com)
Parliament shuts down TikTok account over China data security concerns (telegraph.co.uk)
Global network of fake news sites push Chinese propaganda, researchers find - CyberScoop
Taiwanese military reports DDoS in wake of US Speaker visit • The Register
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerabilities
VMware urges admins to patch critical auth bypass bug immediately (bleepingcomputer.com)
Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks (darkreading.com)
Cisco fixes critical remote code execution bug in VPN routers (bleepingcomputer.com)
F5 Fixes 21 Vulnerabilities With Quarterly Security Patches | SecurityWeek.Com
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover (darkreading.com)
Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users (thehackernews.com)
VMware Releases Patches for Several New Flaws Affecting Multiple Products (thehackernews.com)
Hackers are actively exploiting password-stealing flaw in Zimbra (bleepingcomputer.com)
Google fixed Critical Remote Code Execution flaw in Android - Security Affairs
CISA adds Zimbra bug to Known Exploited Vulnerabilities Catalogue - Security Affairs
Warning! Critical flaws found in US Emergency Alert System • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Other News
APIs attacked in 94% of companies in past year - IT Security Guru
Over 60% of Organisations Expose SSH to the Internet - Infosecurity Magazine
How IT and security teams can work together to improve endpoint security - Microsoft Security Blog
Burnout and attrition impact tech teams sustaining modern digital systems - Help Net Security
Machine learning creates a new attack surface requiring specialized defences - Help Net Security
Cyber security lessons learned from COVID-19 pandemic (techtarget.com)
10 enterprise database security best practices (techtarget.com)
Resolving Availability vs. Security, a Constant Conflict in IT (thehackernews.com)
Tips to prevent RDP and other remote attacks on Microsoft networks | CSO Online
The Myth of Protection Online — and What Comes Next (darkreading.com)
The Importance of Data Security in the Enterprise (techtarget.com)
How IT Teams Can Use 'Harm Reduction' for Better Cyber security Outcomes (darkreading.com)
Businesses lack visibility into run-time threats against mobile apps and APIs - Help Net Security
Browser synchronization abuse: Bookmarks as a covert data exfiltration channel - Help Net Security
Threats emanating from digital ecosystems can be a blind spot for businesses - Help Net Security
Busting the Myths of Hardware Based Security - Security Affairs
New Traffic Light Protocol standard released after five years (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 July 2021
Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit
Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers.
In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn.
The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS.
The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example.
Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately.
https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1
71% Of Organisations Experienced BEC Attacks Over The Past Year
Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.
https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/
Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers
Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.
LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries
A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/
Users Clueless About Cyber Security Risks
Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.
https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/
Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief
Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.
Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.
https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/
Cyber Crime Never Sleeps
When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.
https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901
IT, Healthcare And Manufacturing Facing Most Phishing Attacks
Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.
https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/
Classified Ministry Of Defence Documents Found At Bus Stop
Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.
Cabinet Office Increases Cyber Security Training Budget By Almost 500%
The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.
Threats
Ransomware
Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says
Ransomware Gangs Now Creating Websites To Recruit Affiliates
New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers
This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It
Using VMs To Hide Ransomware Attacks Is Becoming More Popular
Phishing
Malware
Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco
The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools
Mobile
IoT
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
OT, ICS, IIoT and SCADA
Nation State Actors
Russian Hackers Had Months-Long Access To Denmark's Central Bank
Russian Hackers Are Trying To Brute-Force Hundreds Of Networks
US And UK Agencies Accuse Russia Of Political Cyber Campaign
Cloud
Privacy
Vulnerabilities
Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches
Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory
Critical VMware Carbon Black Bug Allows Authentication Bypass
My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks
Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack
Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices
A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga
Microsoft Adds Second CVE For PrintNightmare Remote Code Execution
Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.