Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 24 May 2024

Black Arrow Cyber Threat Intelligence Briefing 24 May 2024:

-Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk

-Threat Research Highlights Growing Mobile Security Risks

-The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever

-Family Offices Become Prime Targets for Cyber Hacks and Ransomware

-Ransomware Fallout - 94% Experience Downtime, 40% Face Work Stoppage

-Employee Discontent - Insider Threat No. 1

-Report Reveals 341% Rise in Advanced Phishing Attacks

-Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment

-New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans

-HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report

-80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface

-UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

-UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk

According to a survey of 1,600 CISOs, 70% worry about the risk of a material cyber attack over the next 12 months. Additionally, nearly 31% believe an attack is very likely, compared to 25% in 2023.  Amongst the largest concerns were human error, with 75% of CISOs identifying it as their most significant cyber vulnerability, up from 60% in 2023. Furthermore, 80% anticipate that human risk and employee negligence in particular will be major cyber security issues in the next two years.  Additionally, artificial intelligence was identified as an emerging concern for 54% of CISOs.

Sources: [The Register] [Infosecurity Magazine] [Cryptopolitan]

The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever

A recent report by Check Point reveals that global organisations faced an average of 1,158 weekly cyber attacks in 2023, an increase from 2022. In the UK, 50% of businesses experienced cyber attacks in the past year, with medium and large-sized businesses more affected at 70% and 74%, respectively. A ClubCISO survey found 62% of CISOs believe organisations are ill-equipped for AI-driven attacks, yet 77% haven't increased cyber security spending.

Additionally, a British Foreign Policy Group (BFPG) article highlights cyber threats from geopolitical tensions, with a recent attack on the Ministry of Defence exposing HR and payroll data. The National Cyber Security Centre attributes such attacks to state-affiliated actors like China and Russia. Despite efforts to establish international cyber norms, enforcement remains challenging. Businesses must recognise that cyber security is now deeply intertwined with geopolitics, affecting strategic partnerships and procurement.

Sources: [Verdict] [BFPG]

Threat Research Highlights Growing Mobile Security Risks

A recent report by a cloud security vendor focusing on the mobile threat landscape found that in the first quarter of 2024, the number of phishing, malicious, denylisted and offensive links delivered to their customers’ mobile devices tripled compared to Q1 2023. The report, which bases its data on 220 million devices, 325 million apps and billions of web items, found that the most common misconfiguration in mobiles was out of date operating systems (37%). When it came to the prevalence of attacks, 75% of organisations reported experiencing mobile phishing attempts targeting their employees.

This comes as a representative from the US Cybersecurity and Infrastructure Security Agency told the Federal Communications Commission earlier this year that there had been “numerous incidents of successful, unauthorised attempts” to steal location data, monitor voice and text messages, and deliver spyware.

Sources: [Economist] [Business Wire]

Family Offices Become Prime Targets for Cyber Hacks and Ransomware

A recent Dentons survey reveals that nearly 80% of family offices perceive a dramatic increase in cyber attack threats, with a quarter experiencing an attack in 2023, up from 17% in 2020. Despite their wealth, family offices often lack the staff and technology to manage these risks effectively. Less than a third report well-developed cyber risk management processes, and only 29% believe their cyber training programs are sufficient. This gap between awareness and action highlights the need for family offices to prioritise comprehensive cyber security measures, including better training, updated policies, and secure communication practices.

Source: [CNBC]

Ransomware Fallout: 94% Experience Downtime, 40% Face Work Stoppage

According to a report by cyber security provider Arctic Wolf, within the last 12 months 48% of organisations identified evidence of a successful breach within their environment and 70% of organisations were the targets of attempted Business Email Compromise (BEC) attacks, with 29% of these targets becoming victims of one or more successful BEC occurrences.

In its survey, the company says “45% of the organizations we spoke with admitted to being the victim of a ransomware attack within the last 12 months”,  an increase from the prior year. Of those impacted by ransomware, 86% of attacks including successful data exfiltration and 94% of those impacted by a ransom event experienced a significant downtime and delays. 40% of victims stated they experienced a period of total work stoppage due to ransomware.

Source: [Help Net Security]

Employee Discontent: Insider Threat No. 1

Chief Information Security Officers (CISOs) must integrate human factors into insider risk management (IRM), not just rely on detection technologies. IRM must consider factors such as those raised by recent research where only half of US workers are very satisfied with their jobs, and 28% feel their employers don't care about them. CISOs themselves are affected by job satisfaction; the 2024 IANS/Artico report shows three out of four CISOs are ready to leave their roles. DTEX Systems found 77% of malicious insiders concealed their activities, emphasising the importance of human engagement and feedback in mitigating risks.

Source: [CSO]

Report Reveals 341% Rise in Advanced Phishing Attacks

A recent report has revealed malicious emails increased by 341% over the past 6 months. This included a 217% increase in credential harvesting phishing attacks and a 29% increase in Business Email Compromise (BEC) attacks. The report highlighted the impact of artificial intelligence, noting that since the launch of ChatGPT in November 2022, there has been a 4,151% surge in malicious phishing messages.

Source: [Security Magazine] [ Infosecurity Magazine]

Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment

A recent study by Infosecurity Europe reveals that nearly 40% of cyber security leaders are increasing investments to combat the growing threats of ransomware and AI-generated attacks. A separate survey found 94% of organisations have or plan to implement generative AI use policies, and a third strictly forbid AI tech in their environment. This data highlights the ongoing effort to balance AI benefits with security risks, indicating that there isn’t a one-size-fits-all strategy for formalising AI adoption and usage policies.

Source: [Security Boulevard] [Infosecurity Magazine]

New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans

A recent report reveals that 93% of organisations have re-evaluated their cyber security strategies due to new regulations, with 58% reconsidering their entire approach. The survey, which included 500 cyber security decision-makers from the US and UK, found that 92% reported increased security budgets, with 36% seeing rises of 20-49% and 23% experiencing over 50% increases. Despite this, only 40% feel confident in their resources to comply with regulations, and just one-third believe they can meet all requirements, highlighting significant gaps in preparedness.

Source: [security magazine]

HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report

A recent KnowBe4 report reveals that HR-related phishing emails account for 42% of top-clicked phishing attempts, followed by IT-related emails at 30%. These phishing tactics exploit employees' trust and evoke immediate responses by mimicking legitimate business communications about dress code changes, tax updates, and training notifications. The report also highlights that nearly a third of users are vulnerable to phishing, emphasising the need for robust security awareness training. A well-trained workforce is essential in defending against increasingly sophisticated phishing attacks that leverage AI and emotional manipulation.

Source: [IT Security Guru]

80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface

A recent XM Cyber report highlights a significant gap in cyber security focus with identity and credential misconfigurations accounting for 80% of security exposures. The study, based on hundreds of thousands of attack path assessments, found that 62% of the global attack surface is concentrated in just 15 vendors. Furthermore, 41% of organisations had at least one compromised device, and 11% experienced ransomware incidents. The report underscores the need for a shift from patching all vulnerabilities to addressing high-impact exposures, especially those around identity management and critical asset protection.

Sources: [Security Magazine] [The Hacker News]

UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

A forthcoming proposal in Britain aims to overhaul the response to ransomware by mandating victims to report incidents and obtain a license before making extortion payments. This initiative, part of a public consultation, includes a ban on ransom payments for critical national infrastructure to deter attacks. The National Cyber Security Centre has highlighted concerns over underreporting, with a 2023 increase in ransomware-related data breaches. The plan’s success hinges on replacing the delayed Action Fraud reporting platform. This proposal marks a significant step in global ransomware policy, with Britain leading international efforts against cyber criminals.

Source: [The Record Media]

UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts

One in ten UK data breaches in 2023 occurred in the legal sector, highlighting that UK law firms are attractive targets for cyber criminals. A recent analysis of the UK’s Information Commissioner's Office (ICO) data found that the legal sector is one of the worst performing sectors for data breaches, with nearly 86 per cent of the incidents within the legal sector involving breaches of personal identifiable information, including instances also affecting sensitive economic and financial data.

Sources [CITY AM]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Vulnerability Management

Vulnerabilities

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 May 2024

Black Arrow Cyber Threat Intelligence Briefing 17 May 2024:

-Social Engineering is the Biggest Cyber Threat as Study Finds Most Workers Have Clicked on a Suspicious Email Link

-Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

-ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

-Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

-Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

-China Presents Defining Challenge to Global Cyber Security, Says GCHQ

-Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

-Global Financial Stability at Risk Due to Cyber Threats, IMF warns

-Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

-Santander Data Breach via Third-Party Provider Impacted Customers and Employees

-40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

-Digital Resilience – a Step Up from Cyber Security

-UK Lags Europe on Exploited Vulnerability Remediation

-Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 15 May 2024 – Microsoft, Adobe, Apple, Mozilla Firefox, Google Chrome, SAP and VMware Updates

Black Arrow Cyber Advisory 15 May 2024 – Microsoft, Adobe, Apple, Mozilla Firefox, Google Chrome, SAP and VMware Updates

Executive summary

Microsoft’s May Patch Tuesday provides updates to address 61 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities. The zero-days include a security feature bypass and an elevation of privilege vulnerability. Among the updates provided by Microsoft were 1 critical vulnerability, allowing an attacker remote code execution.

In addition to the Microsoft updates this week also saw Adobe, Apple, Firefox, Google Chrome, SAP and VMware all provide updates for vulnerabilities in a variety of their products, including multiple zero-days and critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an unauthenticated attacker to gain code execution as well as elevating to system privileges, the highest available. Both of which compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have an available patch should be updated as soon as possible.

Technical Summary

Microsoft

CVE-2024-30040 – A security feature bypass, in which an unauthenticated attacker can gain code execution through convincing a user to open a malicious document. It is now known how this flaw was abused in attacks.

CVE-2024-30051- A flaw in Windows DWM Core Library which upon exploitation, allows an attacker to elevate to system privileges, the highest available.

Apple

Apple have addressed multiple vulnerabilities in its products, including 16 vulnerabilities on iPhone and iPads. This includes include one vulnerability which the company say “may have been exploited”.

Adobe

Adobe have addressed 37 vulnerabilities in its products, including 9 critical vulnerabilities in Adobe Acrobat and Reader, ,  2 critical vulnerabilities in Adobe Commerce, Adobe InDesign, Adobe Experience manager, 1 critical vulnerability in Adobe Media Encoder and Adobe Bridge, 3 critical vulnerabilities in Adobe Illustrator and 2 critical vulnerabilities in Adobe Animate. The company said it was not aware of any exploits in the wild for any of the documented issues.

Firefox

Firefox has upgraded to version 126. The new version addresses 16 unique security issues. None of the vulnerabilities are currently under active exploitation. The release also comes with some quality-of-life changes such as search telemetry changes and copy link without site tracking.

Google Chrome

Google Chrome released an emergency update to fix their 6th zero-day exploited this year, just one week after a previous one. Google are aware that an exploit for the vulnerability exists in the wild. Users are recommended to update as soon as possible.

SAP

This month, SAP has released 17 patches, which include 14 new fixes and 3 updates from previous releases. Two patches and one update have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including CSS Injection, Remote Code Execution, File Upload flaws, and Cross-Site Scripting (XSS).

VMWare

Multiple security flaws, including one critical vulnerability, have been addressed by VMware after their exploitation was demonstrated at a security event. Some of the vulnerabilities do not have a fix yet and as such, users are advised to disable Bluetooth support and 3D acceleration as temporary workarounds until patches are applied.

More info:

Microsoft

Further details on other specific updates within Microsoft’s May patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/

https://www.ghacks.net/2024/05/14/microsoft-releases-the-may-2024-security-updates-for-windows/

Apple

Further details of the vulnerabilities in Apple can be found here:

https://support.apple.com/en-gb/HT201222

Adobe

Further details of the vulnerabilities in Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Further details of the vulnerabilities in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities in Adobe Commerce can be found here:

https://helpx.adobe.com/uk/security/products/magento/apsb24-18.html

Further details of the vulnerabilities in Adobe InDesign can be found here:

https://helpx.adobe.com/uk/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities in Adobe Experience Manager can be found here:

https://helpx.adobe.com/uk/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities in Adobe Media Encoder can be found here:

https://helpx.adobe.com/uk/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities in Adobe Bridge can be found here:

https://helpx.adobe.com/uk/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities in Adobe Illustrator can be found here:

https://helpx.adobe.com/uk/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities in Adobe Animate can be found here:

https://helpx.adobe.com/uk/security/products/animate/apsb24-26.html

Firefox

Further details on the vulnerabilities addressed in the Firefox release can be found here:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

Google Chrome

Further details on the vulnerabilities addressed in the Google Chrome update can be found here:

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

SAP

Further details on the vulnerabilities addressed in SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html

VMware

Further details on the vulnerabilities addressed by VMware can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 05 April 2024

Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:

-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

-Ransomware Incidents Reported to UK Financial Regulator Doubled

-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

-AI Abuse and Misinformation Campaigns Threaten Financial Institutions

-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

-AI Makes Phishing Attacks Accessible to Basic Users

-Cyber Attacks Wreaking Physical Disruption on the Rise

-73% Brace for Cyber Security Impact on Business in Next Two Years

-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

-Cyber Security Imperative for Protecting Executives

-The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Tools and Controls

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 07 March 2024 – Apple, Cisco and VMware Security Updates

Black Arrow Cyber Advisory 07 March 2024 – Apple, Cisco and VMware Security Updates

Executive Summary

Apple, Cisco and VMware have addressed multiple vulnerabilities across their product range this week, including two actively exploited zero-days affecting Apple products. These vulnerabilities are reportedly being exploited in the wild and have been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerability (KEV) catalog. The seriousness of the VMware vulnerabilities has led to Vmware releasing patches for end-of-life products.

In addition, CISA has issued a warning about a flaw (CVE-2023-21237) impacting Google Pixel phones. Although Google addressed this vulnerability in June 2023, CISA reports that it is still being actively exploited in the wild and has added it to the KEV catalog.

Apple

Apple have released security updates to address several security flaws including two zero-day vulnerabilities that are being actively exploited in the wild and have been added to the (KEV) catalog. This is the third actively exploited zero-day in its software since the start of the year.

What can I do?

Apple have released security patches to address the vulnerabilities and it is advised to update immediately since it has been reported that the vulnerabilities are being exploited in the wild. The vulnerabilities have been addressed in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.

Technical Summary

CVE-2024-23225 – This is a memory corruption issues in the kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.

CVE-2024-23296 – This is a memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write can exploit to bypass kernel memory protections.

Cisco

Cisco have addressed two high-severity vulnerabilities in it’s VPN application Secure Client, that could lead to remote exploitation without authentication and execution of code with the highest level of privilege.

What can I do?

Organisations using Secure Client should check if they are running vulnerable versions and apply patches immediately. Where a patch is not available, organisations should follow CISCO’s guidance linked below.

Technical Summary

CVE-2024-20337 - A carriage return line feed injection attack that could be caused remotely, by tricking a user in to clicking a maliciously crafted link. According to CISCO, this only impacts Secure Client instances where the VPN headend is configured with the SAML external browser.

CVE-2024-20338 - A vulnerability that can allow an attacker to execute code with root privileges. This vulnerability only Secure Client for Linux and requires authentication prior to exploitation.

The following versions of Secure Client have been impacted:

CVE-2024-20337

versions 4.10.04065 and later - upgrade to version 4.10.08025

version 5.0 - no patch available and users should migrate to a fixed release

Version 5.1 - should apply the patches in version 5.1.2.42

Versions earlier than Earlier than 4.10.04065 are not vulnerable.

CVE-2024-20338

This impacts Linux versions earlier than 5.1.2.42 and requires authentication for successful exploitation. The first fixed release is version 5.1.2.42.

VMware

VMware have released security patches to address four security flaws impacting ESXi, Workstation and Fusing, two of which are critical flaws (CVE-2024-22252 and CVE-2024-22253) which if exploited could lead to code execution.

What can I do?

VMware have released patches for the impacted products and it is recommended to patch immediately, given the severity of the vulnerabilities. Organisations should also check any end-of-life products they may be using as these have also had patches released.

The following versions have been impacted:

ESXi 6.5 – fixed in 6.5U3v

ESXi 6.7 - fixed in 6.7U3u

ESXi 7.0 - fixed in ESXi70U3p-23307199

ESXi 8.0 - fixed in ESXi80U2sb-23305545 and ESXi80U1d-23299997

VMware Cloud Foundation (VCF) 5.x/4.x – fixed in version KB88287

Workstation 17.x - fixed in 17.5.1

Fusion 13.x (macOS) - fixed in 13.5.1

Technical Summary

CVE-2024-22254 – This is an out-of-bounds write vulnerability in ESXi that a malicious actor with privileges within VMX process could exploit to trigger a sandbox escape.

CVE-2024-22255 – This is an information disclosure vulnerability in the UHCI USB controller that a malicious actor with administrative access to a virtual machine may exploit to leak memory from the VMX process.

Further Information

Apple

Further details on the Apple vulnerabilities can be found here:

https://support.apple.com/en-us/HT214081

Cisco

Further details on the Cisco vulnerabilities can be found here:

CVE-2024-20337 - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7

CVE-2024-20338 - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds

CISA KEV catalog

Further details of CISA’s KEV catalog can be found here:
 https://www.cisa.gov/known-exploited-vulnerabilities-catalog

VMware

Further details on the VMware vulnerabilities can be found here:

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity 

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 23 February 2024

Black Arrow Cyber Threat Intelligence Briefing 23 February 2024:

-Despite Recent FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

-The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

-Reevaluating Your Cyber Security Priorities

-Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

-Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

-It’s Not Only Ransomware Seeing Huge Rises, Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise – is Your Business Prepared?

-Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

-Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever — New Report Signals the Threats to Businesses, Supply Chains, and Democracy

-Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

-Rising Cyber Threats Identified Amongst Other Major Business Risks for 2024

-Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

-Fifth of British Kids Have Broken the Law Online

-Over 40% of Firms Struggle with Cyber Security Talent Shortage

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Despite Recent NCA and FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

There has been a lot of high profile coverage this week of the infamous and prolific LockBit gang’s infrastructure having been seized by law enforcement following an international Police operation led by the UK’s National Crime Agency. Whilst the international operation shows the seriousness of the matter, and the success of the operation should be celebrated, those celebrations should be muted and organisations should not become lax. Like the Hydra of Greek mythology, when one head disappears, a few more appear in its place. Ransomware really is a case of if, not when, and your organisation needs to be prepared.

Further, a recent threat report has found that the median ransom demand rose by 20% year on year, hitting an average of $600,000 and it is expected that 2024 will be even more volatile. Ransomware groups are expanding their target lists and exploring new pressure tactics in response to increasingly effective law enforcement efforts, and this is coupled with the increasing regulatory impact on organisations.

Sources: [Sky News] [GOV Infosecurity] [Bleeping Computer] [Infosecurity Magazine] [Cyber Reason]

The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

In the latest IBM X-Force Threat Intelligence Index, it was revealed that basic security issues remain the most significant threat to enterprises. Cyber criminals are increasingly turning to credential stuffing, using and exploiting valid accounts harvested from the darkweb and previous breaches, with a 266% uptick in info-stealing malware. This tactic is harder to detect and elicits a costly response from enterprises. On the other hand, it is also important to adopt an attacker mindset for effective security. Understanding the attacker’s tools, motives, and efforts can help in limiting access, compartmentalising the impact of any successful attack, and minimising the time to attack detection. In essence, while organisations continue to grapple with complex cyber threats, the biggest security problem boils down to the basic and the already known. Therefore, it is crucial to focus on strengthening basic security measures and thinking like an attacker to proactively mitigate the risk for a more secure attack surface.

Source: [Help Net Security] [Forbes]

Reevaluating Your Cyber Security Priorities

Both technology and cyber criminals are evolving, yet many companies and organisations are not. For many corporate leaders, they may not know where to begin. Organisations looking to evolve their cyber security posture should look to elevate cyber to the C-suite and board, conduct audits of their sensitive information, create or update and test their incident response plan and finally, revisit their cyber hygiene training to ensure it is doing more than just ticking boxes. Organisations doing the above will find themselves improving their cyber security posture, and mitigating their risk to threats.

Source: [Dark Reading]

Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

A new study has found that extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are amongst the greatest threats to cyber security defences currently. The report, conducted by Mimecast, highlights how individual ransom groups have claimed over 1,000 victims and over $300 million in payments. Regarding SMBs, the report found that these businesses encountered twice the normal number of threats, at over 30 threats per user, as compared to larger companies who saw approximately 15. Not only are SMBs at more risk, but they also do not have the same resources a large company would have to mitigate such threats. SMBs must be efficient in the way they prioritise and address their cyber risk as part of their larger risk management strategy.

Sources: [Emerging Risks] [The HR Director]

Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

A new report has found that the number of reported cyber breaches on UK law firms has increased 30% from the previous year, as attackers increasingly target the profession. As a note, this does not include firms who may be unaware that they have been breached. Law firms are an attractive target to attackers due to the sensitive information such as M&A activity, divorce information and big ticket litigation; many attackers believe that law firms will pay handsomely to have this data back.

Sources: [Emerging Risks] [Legal Cheek]

It’s Not Only Ransomware Seeing Huge Rises: Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise. Is Your Business Prepared?

A recent report found that business email compromise (BEC) saw a staggering increase of 10 time the amount compared to the previous year. BEC involves a genuine business email account being compromised by a threat actor; this could be your supplier, a client, or anyone you have legitimate contact with. With such an increase, organisations must consider if they would be able to spot and mitigate BEC in their corporate environment through robust operational controls such as callback procedures for example. Due to the rise in deep fake fraud with voice cloning and video, the efficacy of traditional safeguards such as callbacks are not providing the assurance they once did. Firms and employees need to be on their guard to these changing tactics to safeguard the business.

Source: [TechRadar]

Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

Phishing remains one of the most prevalent cyber security threats, and with the emergence of artificial intelligence it is only going to carry on getting worse. According to a recent report, the number of deepfake fraud attempts rose by 3,000%. In one instance, the CEO of an energy enterprise sent €220,000 to a supplier after getting a call from the parent company’s leader requesting the exchange; the call was a deepfake.

Source: [HackerNoon]

Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever. New Report Signals the Threats to Businesses, Supply Chains, and Democracy

A recent report from CrowdStrike sheds light on the increasing speed and sophistication of cyber attacks. Breakout times have plummeted to an average of 62 minutes, with a record time of just two minutes and seven seconds observed. Hackers are now targeting the cloud, exploiting its vulnerabilities and leveraging AI assistance to escalate attacks. The human factor remains a primary entry point for threat actors, with social engineering and phishing campaigns on the rise. As organisations transition to the cloud, threat actors follow suit, with cloud intrusions soaring by 75%. CrowdStrike warns of state-sponsored adversaries targeting critical elections, emphasising the need for a platform-based approach bolstered by threat intelligence to safeguard against evolving threats.

Source: [TechRadar]

Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

A report by Cofense has found a 105% increase in malicious emails that successfully bypassed Secure Email Gateways (SEGs), with approximately one malicious email navigating their way past SEGs every 57 seconds. The report suggests that phishing efforts are outpacing that of SEGs, and such phishing efforts are responsible for 90% of data breaches. Whilst SEGs may be filtering out a number of malicious emails, they, like everything in cyber security, are not a silver bullet. Organisations should not fall foul of believing that they are impenetrable because they have a SEG.

Sources: [SiliconANGLE] [Security Magazine] [Help Net Security]

Rising Cyber Threats Identified as Major Business Risk for 2024

In the latest Allianz risk barometer, cyber incidents have been identified as the most significant concern for companies globally in 2024. This is particularly true for remote desktop connections, which have become a prime target for cyber attacks since the shift to a work-from-home environment. The report also highlights that the risk landscape is being shaped by digitalisation, climate change, and geopolitical uncertainties. Meanwhile, a report from Coalition reveals that the cyber attack surface has expanded due to new ways of working. The report found that smaller businesses often lack the resources to prepare for a wide range of risk scenarios, which can lead to longer recovery times after an unexpected incident. These findings underscore the importance of robust cyber security measures and the need for continuous monitoring and improvement of an organisation’s digital defences.

Sources: [Reinsurance News] [Allianz]

Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

A huge leak of data from a Chinese cyber security firm, iSoon, has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including the likes of foreign governments, and the leak shows this has been going on for years. Since the release, CrowdStrike has drawn overlaps between the firm and multiple known Chinese threat actors who are well resourced and conduct attacks over an extended period (referred to as advanced persistent threats, APTs). Among some of the 500 leaked documents are product manuals, lists of clients and employees, and WeChat instant messages. The leaks show over 14 governments have been attacked, as well as gambling and telecommunications companies.

Sources: [Dark Reading] [The Guardian]

Fifth of British Kids Have Broken the Law Online

In a recent study by the UK National Crime Agency (NCA), one in five children aged 10 to 16 have engaged in online offences with the figure rising to 25% among online gamers. These "low-level" cyber crimes, such as attempting to access protected servers or launching distributed denial of service (DDoS) attacks, may not be perceived by young individuals as violating the Computer Misuse Act. The consequences, however, are severe, including potential arrest, criminal records, and restrictions on future opportunities. The NCA stresses the importance of educating both children and adults about the legal and ethical implications of such actions, highlighting the transition from minor offences to more serious cyber crimes. With a significant shortage of cyber security professionals globally, fostering positive digital skills among young individuals is crucial for meeting industry demands and deterring cyber crime. Parents, teachers, and children are encouraged to explore resources provided by the NCA's Cyber Choices website to prevent inadvertent involvement in illegal online activities.

Source: [Infosecurity Magazine]

Over 40% of Firms Struggle with Cyber Security Talent Shortage

A recent report from Kaspersky has unveiled a critical global challenge: over 40% of companies are struggling to fill essential cyber security roles, with information security research and malware analysis roles particularly affected. This scarcity is felt most acutely in Europe and Latin America. Roles within security operations centres (SOCs) and network security are also understaffed, with figures around 35% and 33% respectively. The government sector faces the most significant demand for cyber security experts, followed closely by the telecoms and media sectors. While efforts like offering competitive salaries and enhanced training are underway, the gap persists due to the rapid pace of technological advancement outstripping educational initiatives. The report emphasises the need for innovative solutions to bridge this shortfall, highlighting recruitment, training, and technological advancements as key components of a comprehensive strategy to bolster cyber security resilience in the face of evolving threats.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Cyber Crime General & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Careers, Working in Cyber and Information Security

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 09 February 2024

Black Arrow Cyber Threat Intelligence Briefing 09 February 2024:

-Over Half of Companies Experienced Cyber Security Incidents Last Year

-Deepfake Video Conference Costs Business $25 Million

-Watershed Year for Ransomware as Victims Rose by Almost 50% and Payments Hit $1 Billion All-Time High

-Malware-as-a-Service Now the Top Threat to Organisations

-Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances

-Chinese State Hackers Hid in National Infrastructure for at Least 5 Years

-Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor

-Security Leaders, C-Suite Unite to Tackle Cyber Threats

-UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons

-What Does a ‘Cyber Security Culture’ Actually Entail?

-Beyond Checkboxes: Security Compliance as a Business Enabler

-No One in Cyber Security Is Ready for the SolarWinds Prosecution

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Over Half of Companies Experienced Cyber Security Incidents Last Year

According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.

Sources: [Beta News] [Verdict]

Deepfake Video Conference Costs Business $25 Million

There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.

Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]

Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High

Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.

Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]

Malware-as-a-Service Now the Top Threat to Organisations

Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.

Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]

Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances

A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.

Sources: [The FinTech Times] [ Help Net Security]

Chinese State Hackers Hid in National Infrastructure for at Least 5 Years

US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.

Sources: [NTD] [Washington Times]

Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor

Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.

The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.

Sources: [New Electronics] [TechRadar]

Security Leaders, C-Suite Unite to Tackle Cyber Threats

A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.

Source: [Security Boulevard]

UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons

UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.

Source: [The Guardian]

What Does a ‘Cyber Security Culture’ Actually Entail?

Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.

Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.

Source: [ITPro Today]

Beyond Checkboxes: Security Compliance as a Business Enabler

In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.

Source: [Forbes]

No One in Cyber Security Is Ready for the SolarWinds Prosecution

The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.

Source:[Council on Foreign Relations]

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 09 February 2024 – Cisco, Fortinet, Ivanti and VMware Security Updates

Black Arrow Cyber Advisory 09 February 2024 – Cisco, Fortinet, Ivanti and VMware Security Updates

Executive Summary

Cisco, Fortinet, Ivanti and VMware have addressed multiple vulnerabilities across their product range. All of the vendors have a security patch available to address the vulnerabilities and due to the active exploitation of some of the vulnerabilities, it is recommended to apply them immediately.

Cisco

Cisco have released security updates for three flaws affecting the Cisco Expressway Series that could allow an unauthenticated remote attacker to conduct cross-site request forgery attacks. Two of the flaws are rated critical (CVE-2024-20252 and CVE-2024-20254) and can be exploited in the impacted devices default configuration, however the third flaw (CVE-2024-20255) can only be exploited if the cluster database API feature has been enabled, which is disabled by default.

Cisco have released patches for the affected products and are available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.

Fortinet
Fortinet have released a second round of updates addressing two previously disclosed critical flaws in the FortiSIEM supervisor. The two flaws (CVE-2024-23108 and CVE-02024-23109) allows a remote unauthenticated attacker to perform arbitrary code execution.

Impacted products are:
FortiSIEM version 7.1.0 through 7.1.1 fixed in 7.1.2
FortiSIEM version 7.0.0 through 7.0.2 fixed in 7.0.3
FortiSIEM version 6.7.0 through 6.7.8 fixed in 6.7.9
FortiSIEM version 6.6.0 through 6.6.3 fixed in 6.6.5
FortiSIEM version 6.5.0 through 6.5.2 fixed in 6.5.3
FortiSIEM version 6.4.0 through 6.4.2 fixed in 6.4.4

Ivanti
Another critical security patch has been released by Ivanti for their Connect Secure product, Policy Secure and ZTA gateways. The flaw (CVE-2024-22024) allows remote attackers to gain access to restricted resources without requiring user interaction or authentication. While Ivanti have stated that this vulnerability is not currently being actively exploited they urge affected users to patch immediately.

To mitigate the risks, it is recommended that all users of the impacted devices running version 6.x upgrade to version 6.12.0.

VMware
VMware have warned of five vulnerabilities in the Aria Operations for Networks. The vulnerabilities encompass a range of issues, including local privilege escalation, cross-site scripting and local file read (requires admin privileges).

To mitigate the risks, it is recommended that all users of the impacted devices running version 6.x upgrade to version 6.12.0

Further Information

Cisco
Further details on the Cisco vulnerabilities can be found here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

Fortinet

Further details on the Fortinet vulnerabilities can be found here:

https://www.fortiguard.com/psirt/FG-IR-23-130

Ivanti

Further details on the Ivanti vulnerabilities can be found here:

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

VMware

Further details on the VMware vulnerabilities can be found here:

https://kb.vmware.com/s/article/96450

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 26 January 2024

Black Arrow Cyber Threat Intelligence Briefing 26 January 2024:

-Russian Hackers' Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

-94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

-Cyber Risks Needs to be Prioritised as a Key Business Risk Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

-81% of Security Professionals Say Phishing Is Top Threat

-Ransomware Attacks Cause Significant Psychological Harm

-Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

-NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

-Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

-Historic Data Leak Reveals 26 billion Records: Check What is Exposed

-Boardroom Cyber Expertise Comes Under Scrutiny

-“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

-Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

Black Arrow Cyber Threat Briefing 26 January 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.

Sources: [Help Net Security] [Security Boulevard]

94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

A recent study found that while 94% of CISOs are concerned with third-party cyber security threats,  including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.

Sources: [Dark Reading]

Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.

Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]

81% of Security Professionals Say Phishing Is Top Threat

A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.

Sources: [ITPro] [Beta News] [Security Magazine]

Ransomware Attacks Cause Significant Psychological Harm

One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.

Sources: [The Record Media] [TechRadar]

Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.

Sources: [ITPro] [Business Wire] [Security Magazine]

NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.

Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]

Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.

One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations;  in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.

Sources: [ITPro] [Help Net Security] [ITPro]

Historic Data Leak Reveals 26 billion Records: Check What is Exposed

In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com

Source: [Security Affairs]

Boardroom Cyber Expertise Comes Under Scrutiny

Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.

Source: [Security Intelligence]

“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.

These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.

Source: [The Currency]

Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.

Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Russia

Iran

North Korea

Vulnerability Management

Vulnerabilities

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 23 January 2024 – Apple, Atlassian, Ivanti and VMware Vulnerabilities Under Active Exploitation

Black Arrow Cyber Advisory 23 January 2024 – Apple, Atlassian, Ivanti and VMware Security Updates

Executive Summary

Vulnerabilities in Apple, Atlassian, Ivanti and VMware are currently being actively exploited in the wild. All of the vendors have a security patch available to address the vulnerabilities and due to the active exploitation of the vulnerabilities, it is recommended to apply them immediately.

Apple

Following  a report that Chinese authorities revealed they have used previously known vulnerabilities in Apple's AirDrop functionality to help law enforcement, Apple have released a patch for an actively exploited critical Zero-day in iOS, iPadOS, macOS, tvOS and Safari web browser,. The zero-day vulnerability is a type confusion exploit that allows an attacker to perform arbitrary code execution.

Impacted Versions:

iOS 17.3 and iPadOS 17.3 - iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

iOS 16.7.5 and iPadOS 16.7.5 - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

macOS Sonoma 14.3 - Macs running macOS Sonoma

macOS Ventura 13.6.4 - Macs running macOS Ventura

macOS Monterey 12.7.3 - Macs running macOS Monterey

Safari 17.3 - Macs running macOS Monterey and macOS Ventura

What can I do?

Updates to vulnerable devices should be applied immediately due to this vulnerability being under active exploitation.

Atlassian

Following the disclosure of the Atlassian Confluence vulnerability, it has become a target for active exploitation. Researchers have observed attackers attempting to exploit this vulnerability. At present, there are 11,000 Confluence instances exposed on the internet, and Shadowserver has recorded nearly 40,000 exploitation attempts. For further information on the vulnerability see our advisory posted linked below.

Ivanti

Following the public disclosure of two Ivanti vulnerabilities being actively exploited, a third vulnerability has now been added to the CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

CVE-2023-35082 - This vulnerability enables a remote unauthorised attacker to access users’ personally identifiable information and make limited modifications to the server.

Impacted versions:

his vulnerability impacts all versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9, and 11.8. MobileIron Core 11.7 and earlier versions are also affected by this vulnerability.

What can I do?

Ivanti released a patch for this vulnerability in August 2023. It is recommended to update any impacted products to version 11.11.0.0 or later to safeguard them from this vulnerability.

VMware

A critical vulnerability in VMware vCenter Server Management has been exploited in the wild by a Chinese hacking group since 2021. The vulnerability (CVE-2023-34048) allows an attacker to write out of bounds potentially leading to remote code execution. VMware released a patch in October 2023 stating that it was not under active exploitation. VMware have recommend customers update to the latest version, which is 9.0U2.

Further Information

For further information on Ivanti and Atlassian see our previous advisory:

https://www.blackarrowcyber.com/blog/advisory-17-january-2024-citrix-ivanti-atlassian-oracle-sonicwall-vmware-security-updates

Apple

Further details on the Apple vulnerabilities can be found here:

https://support.apple.com/en-gb/HT201222

Ivanti

Further details on the Ivanti vulnerabilities can be found here:

https://forums.ivanti.com/s/article/KB-Remote-Unauthenticated-API-Access-Vulnerability-CVE-2023-35082?language=en_US

https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog

VMware

Further details on the VMware  vCenter Server Management vulnerability can be found here:

https://www.vmware.com/security/advisories/VMSA-2023-0023.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity 

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 17 January 2024 – Citrix and Ivanti Vulnerabilities Under Active Exploitation - Atlassian, Oracle, SonicWall, and VMware also Address Security Flaws

Black Arrow Cyber Advisory 17 January 2024 – Citrix and Ivanti Vulnerabilities Under Active Exploitation - Atlassian, Oracle, SonicWall, and VMware Also Address Security Flaws

This week Atlassian, Citrix, Ivanti, Oracle, SonicWall and VMware have addressed multiple vulnerabilities across their product range. Included in the vulnerabilities addressed are two actively exploited 0-days, impacting Ivanti and Citrix products. At the time of writing, over 1700 Ivanti devices have been compromised and over 15,000 devices remain exposed.

Executive Summary

This week Atlassian, Citrix, Ivanti, Oracle, SonicWall and VMware have addressed multiple vulnerabilities across their product range. Included in the vulnerabilities addressed are two actively exploited 0-days, impacting Ivanti and Citrix products. At the time of writing, over 1700 Ivanti devices have been compromised and over 15,000 devices remain exposed.

Atlassian

CVE-2023-22527 - This exploit is a template injection vulnerability which if successfully exploited, allows an unauthenticated attacker to perform remote code execution on an affected instance.

Impacted Versions:

This vulnerability affects versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3.

What can I do?

Atlassian has released patches for the affected products, and it is advised to patch immediately. The listed Fixed Versions are no longer the most up-to-date and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin.

Citrix NetScaler

CVE-2023-6548 – Allows authenticated (low privileged user) remote code execution on Management interface. Requires access to NSIP, CLIP or SNIP with management interface.

CVE-2023-6549 - If exploited allows an attacker to perform a denial of service attack. Appliance must be configured as a gateway or AAA virtual server.

Impacted Versions:

NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35

NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15

NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21

NetScaler ADC 13.1-FIPS before 13.1-37.176

NetScaler ADC 12.1-FIPS before 12.1-55.302

NetScaler ADC 12.1-NDcPP before 12.1-55.302

NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)

What can I do?

Citrix have released patches for the impacted products. Citrix have reported that this is being actively exploited and seen in the wild so it is advised that the patches are applied immediately.

Ivanti

CVE-2023-46805 - This is an authentication bypass which enables an attacker to access restricted resources by circumventing control checks.

CVE-2024-21887 - This is a command injection that lets authenticated admins execute arbitrary commands on vulnerable appliances.

Impacted Versions:

These vulnerabilities impact all supported versions, 9.x and 22.x

What can I do?

Ivanti have released mitigation files which can be found below, it is advised to install immediately. Patches are being developed however they are being staggered with the first patches being released on January 22nd and the final patches released on February the 19th.

Oracle

In their first Critical Patch Update of 2024, Oracle hae released 389 security patches, addressing 200 vulnerabilities. Financial Services Applications were the most impacted, with 71 new security patches. Oracle have urged all customers to apply the patches as soon as possible, warning that it periodically receives reports of in-the-wild exploitation of issues for which it has released fixes.

SonicWall

CVE-2022-22274 - This is a buffer overflow which if exploited successfully allows a remote unauthenticated attacker to cause a denial of service or potentially result in a code execution in the firewall.

CVE-2023-0656 - This is a buffer overflow which if exploited successfully allows a remote unauthenticated attacker to cause a denial of service attack which could cause the impacted firewall to crash.

What can I do?

SonicWall have released patches for affected products and it is advised to update to the latest available version.

VMware

CVE-2023-34063 – The affected products contain a missing access control vulnerability, which if successfully exploited, this vulnerability may lead to unauthorised access to remote organisations and workflows.

VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x)

VMware Cloud Foundation (4.x and 5.x)

What can I do?

VMware have released patches which can be found in the Security Advisory. It is advised to update as soon as possible. There are no current workarounds.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 15 November 2023 – Microsoft Patch Tuesday fixes five zero days, three actively exploited; Adobe, FortiGuard, VMware and WordPress Updates Summary

Black Arrow Cyber Advisory 15 November 2023 – Microsoft Patch Tuesday fixes five zero days, three actively exploited; Adobe, Fortinet, VMware and WordPress Updates Summary

Executive summary

Microsoft’s November Patch Tuesday provides updates to address 58 security issues across its product range, including three actively exploited zero-day vulnerabilities. The exploited zero-day vulnerabilities include two privilege escalation vulnerabilities and a security bypass. These have been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Also among the updates provided by Microsoft were 3 critical vulnerabilities.

In addition to the Microsoft updates this week Adobe, FortiGuard, VMware and WordPress also provided updates for vulnerabilities in their products. An addressed vulnerability in Citrix known as Citrix Bleed continues to remain a threat, with ransomware gang LockBit actively exploiting publicly known exploits for unpatched versions.

What’s the risk to me or my business?

The actively exploited vulnerability could allow an attacker with access, to bypass security, gain SYSTEM privileges and compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.

Technical Summary

CVE-2023-36036: An actively exploited elevation of privilege vulnerability in Windows Cloud Files Mini Filter.

CVE-2023-36033: An actively exploited elevation of privilege vulnerability in Windows DWM Core Library that could allow an attacker to gain the highest privileges.

CVE-2023-36025: An actively exploited vulnerability in Windows SmartScreen which allows a malicious internet shortcut to bypass security.

CVE-2023-36413: A Microsoft Office security feature bypass.

CVE-2023-36038: A denial of service vulnerability in ASP.NET Core.

Adobe

This month, Adobe released fixes for 25 vulnerabilities, of which 13 were rated critical, across Adobe Acrobat and Reader (17), ColdFusion (6), InCopy (1), and Dimension(1). At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include remote code execution, memory leak, privilege escalation and security bypass.

Citrix

The LockBit ransomware group are using the publicly available exploits for the Citrix bleed Vulnerability. There are currently thousands of publicly available endpoints which are running and still vulnerable.

FortiGuard

This month, Fortiguard released three advisories for vulnerabilities, including one critical vulnerability, impacting FortiOS, FortiProxy-DOS and FortiProxyVM.

VMware

VMware has patched one critical authentication bypass vulnerability, tracked as CVE-2023-34060 which impacts Cloud Director Appliances. There are no available workarounds.

WordPress

A WordPress plugin, WP Fastest Cache, is vulnerable to an SQL injection vulnerability tracked as CVE-2023-6063, which could allow unauthenticated attackers to read the contents of the site’s database. At current, more than 600,000 websites run a vulnerable version of WP Fastest Cache. A software patch has been made available by the developer.

Further details on other specific updates within this month’s Microsoft Patch Tuesday can be found here: https://www.ghacks.net/2023/04/11/microsoft-windows-security-updates-april-2023-what-you-need-to-know-before-installation/

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/

Adobe

Further details of the vulnerabilities addressed in Adobe Acrobat and Reader can be found here: https://helpx.adobe.com/security/products/acrobat/apsb23-54.html

Further details of the vulnerabilities addressed in Adobe ColdFusion can be found here:

https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

Further details of the vulnerabilities addressed in Adobe Dimension can be found here: https://helpx.adobe.com/security/products/dimension/apsb23-62.html

Further details of the vulnerabilities addressed in Adobe InCopy can be found here: https://helpx.adobe.com/security/products/incopy/apsb23-60.html

Citrix

Further details about the Citrix Bleed vulnerability can be found here:

https://www.blackarrowcyber.com/blog/advisory-26-october-2023-citrix-bleed-vulnerability

FortiGuard

Further details on the FortiGuard advisories can be found here:

https://www.fortiguard.com/psirt

VMware

Further information of the vulnerability address by VMware can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0026.html

WordPress

Further information on the WordPress vulnerability can be found here:

https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

 

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 27 October 2023

Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:

-More Companies Adopt Board-Level Cyber Security Committees

-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

-More Than 46 Million Potential Cyber Attacks Logged Every Day

-Fighting Cyber Attacks Requires Top-Down Approach

-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023

-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

-How Cyber Security Has Evolved in The Past 20 Years

-Rising Global Tensions Could Portend Destructive Hacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

Geopolitical Threats/Activity

China

Russia

Iran

North Korea

Vulnerability Management

Vulnerabilities

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 26 October 2023 – High Severity Vulnerability in VMware vCenter Patched, Including End-of-Life Products

Black Arrow Cyber Advisory 26 October 2023 – High Severity Vulnerability in VMware vCenter Patched, Including End-of-Life Products

Executive summary

VMware have released a security advisory addressing a vulnerability which could allow an attacker to perform to perform remote code execution via VMware vCenter Server. Patches have been released, even for previously end-of-life versions of VMware vCenter Server due to the severity of the vulnerability. VMware have also addressed a vulnerability in which information can be partially disclosed.

What’s the risk to me or my business?

Organisations with a vulnerable server are leaving themselves at risk of allowing an attacker to perform remote code execution, impacting the confidentiality, integrity and availability of data.

The following versions are vulnerable, with patches detailed in VMware’s response matrix: 8.0, 7.0, 5.x, 4.x. Additionally, VMware have noted that whilst VMware does not mention end-of-life products in VMware Security Advisories, due to the critical severity of this vulnerability and lack of workaround VMware has made a patch generally available for vCenter Server 6.7U3, 6.5U3, and VCF 3.x. For the same reasons, VMware has made additional patches available for vCenter Server 8.0U1.

What can I do?

Black Arrow recommends applying the patches for the critical vulnerability immediately due to the severity of the vulnerability; there is no workaround available. Fixes for the other vulnerability are addressed in the patches for the critical vulnerability. Further information can be found in the security advisory by VMware.

Technical Summary

CVE-2023-34048- A critical out-of-bounds write vulnerability which can lead to remote code execution.

CVE-2023-34056- a vulnerability which can allow threat actors without administrator privileges to access sensitive data.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Further information can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0023.html

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 13 October 2023

Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:

-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year

-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation

-Ransomware Infection Times Fall from 5 Days to 5 Hours

-80% of Security Leaders See AI as the Biggest Threat to Business

-Is Your Board Cyber-Ready?

-Cyber Security Should Be a Business Priority for CEOs

-The Looming Threat of a Single Phishing Click to Your Business

-40% of Organisations Leave Ransomware to IT

-Auditors Growing Concern About Cyber Security

-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game

-Preparing for the Unexpected: A Proactive Approach to Operational Resilience

-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone

-Organisations Grapple with Detection and Response Despite Rising Security Budgets

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

API

Open Source and Linux

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

Russia

China

Iran

North Korea

Vulnerability Management

Vulnerabilities

Reports Published in the Last Week

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 29 September 2023

Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:

-Ransomware Groups Are Shifting Their Focus Away From Larger Targets

-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

-Attacks on SME’s Surged in The First Half of 2023

-The CISO Carousel and Its Effect on Enterprise Cyber Security

-Bermuda Struggles to Recover from Ransomware Attack

-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations

-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

-Boards Still Lack Cyber Security Expertise

-4 Legal Surprises You May Encounter After a Cyber Security Incident

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Groups Are Shifting Their Focus Away from Larger Targets

Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.

Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.

Sources: [Techcentral] [Helpnet Security]

Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.

The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.

Sources: [Computer Weekly] [InfoSecurity Magazine]

Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.

Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.

Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]

Attacks on SME’s Surged in The First Half of 2023

According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.

An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices.  Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.

Sources: [Inquirer] [HelpNet Security] [Insurance Times]

The CISO Carousel and Its Effect on Enterprise Cyber Security

The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.

In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.

Source: [Security Week]

Bermuda Struggles to Recover from Ransomware Attack

The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.

The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.

Sources: [Duo] [GovInfo Security] [Bleeping Computer]

Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.

Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.

Source: [Reinsurance News]

Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations

According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.

Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]

Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.

With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.

Sources: [BleepingComputer] [Inforsecurity Magazine]

Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.

AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.

Source: [Management Issues]

Boards Still Lack Cyber Security Expertise

A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]

4 Legal Surprises You May Encounter After a Cyber Security Incident

In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.

Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Containers

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Malvertising

Training, Education and Awareness

Travel

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Misc Nation State/Cyber Warfare

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28th July 2023

Black Arrow Cyber Threat Briefing 28 July 2023:

-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions

-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500

-Why Cyber Security Should Be Part of Your ESG Strategy

-Lawyers Take Frontline Role in Business Response to Cyber Attacks

-Organisations Face Record $4.5M Per Data Breach Incident

-Cryptojacking Soars as Cyber Attacks Diversify

-Ransomware Attacks Skyrocket in 2023

-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

-Protect Your Data Like Your Reputation Depends on It (Because it Does)

-Why CISOs Should Get Involved with Cyber Insurance Negotiation

-Companies Must Have Corporate Cyber Security Experts, SEC Says

-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

  • Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

  • Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

  • Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

  • Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

  • Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

  • Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

  • Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

  • Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

  • Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

  • Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

  • Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Shadow IT

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Travel

Parental Controls and Child Safety

Regulations, Fines and Legislation

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea

Misc/Other/Unknown

Vulnerability Management

Vulnerabilities

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 July 2023

Black Arrow Cyber Threat Briefing 14 July 2023:

-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves

-Helping Boards Understand Cyber Risks

-Enterprise Risk Management Should Inform Cyber Risk Strategies

-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

-20% of Malware Attacks Bypass Antivirus Protection

-Ransomware Payments and Extortion Spiked Compared to 2022

-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

-Scam Page Volumes Surge 304% Annually

-Financial Industry Faces Soaring Ransomware Threat

-The Need for Risk-Based Vulnerability Management to Combat Threats

-Government Agencies Breached in Microsoft 365 Email Attacks

-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

  • Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

  • Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

  • Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

  • 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

  • Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

  • AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

  • Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

  • Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

  • Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

  • The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

  • Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

  • Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

  • Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Travel

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Vulnerability Management

Vulnerabilities

OT/ICS Vulnerabilities

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 July 2023

Black Arrow Cyber Threat Briefing 07 July 2023:

-Cyber Attacks Against Mobile Devices Growing Fast

-One Third of Security Breaches Go Unnoticed by Security Professionals

-Cyber Security Experts Have Become Targets for Board Seats

-Phishing Attack Prevention as Email Attacks Surge Over 450%

-Outsmarting Business Email Compromise Scammers

-Small Organisations Face Security Threats on a Limited Budget

-Cloud Security: Sometimes the Risks May Outweigh the Rewards

-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

-75% of Consumers Prepared to Ditch Brands Hit by Ransomware

-Scammers Using AI Voice Technology to Commit Crimes

-What are the Causes of Data Loss and What it the Impact on Your Organisation?

-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

  • One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

  • Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

  • Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

  • Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

  • Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

  • Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

  • Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

  • 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

  • Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

  • What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

  • Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 23rd June 2023

Black Arrow Cyber Threat Briefing 23 June 2023:

-How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

-Attackers Discovering Exposed Cloud Assets Within Minutes

-Majority of Users Neglect Best Password Practices

-One in Three Workers Susceptible to Phishing

-Ransomware Misconceptions Abound, to the Benefit of Attackers

-Threat Actors Scale and Commoditise Uncommon Tools and Techniques

-Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

-Security Budget Hikes are Missing the Mark, CISOs Say

-Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

-Emerging Ransomware Group 8Base Releasing Data on SMBs Globally

-Cyber Security Industry Still Fighting to Recruit and Retain Talent

-Financial Firms to Build Resilience in Face of Growing Cyber-Threats

-Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Security Industry Still Fighting to Recruit and Retain Talent

Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.

https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/

  • How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.

Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.

https://www.reuters.com/technology/how-moveit-breach-shows-hackers-interest-corporate-file-transfer-tools-2023-06-16/

  • Attackers Discovering Exposed Cloud Assets within Minutes

The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.

https://www.techtarget.com/searchsecurity/news/366542352/Attackers-discovering-exposed-cloud-assets-within-minutes

https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface

  • Majority of Users Neglect Best Password Practices

The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.

https://www.infosecurity-magazine.com/news/users-neglect-best-password/

  • One in Three Workers Susceptible to Phishing

More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.

Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.

https://www.infosecurity-magazine.com/news/one-in-three-phishing/

  • Ransomware Misconceptions Abound, to the Benefit of Attackers

There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.

Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.

https://www.darkreading.com/vulnerabilities-threats/ransomware-misconceptions-abound-to-the-benefit-of-attackers

  • Threat Actors Scale and Commoditise Uncommon Tools and Techniques

Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.

Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.

https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2023-human-factor-report-threat-actors-scale-and-commoditise

  • Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.

https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/

  • Security Budget Hikes are Missing the Mark, CISOs Say

Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.

The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.

https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html

https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/

  • Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.

Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.

https://informationsecuritybuzz.com/understanding-cyber-resilience-building-a-holistic-approach-to-cybersecurity/

  • Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally

A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.

Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.

https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally

  • Financial Firms to Build Resilience in Face of Growing Cyber-Threats

Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.

Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.

https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/

  • Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.

https://www.securityweek.com/fulfilling-expected-sec-requirements-for-cybersecurity-expertise-at-board-level/

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Digital Transformation

Regulations, Fines and Legislation

Models, Frameworks and Standards

Secure Disposal

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More