Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)

Vulnerability Management

• New law could turn UK into a hacker's playground | Computerworld

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• How did Clop get its hands on the MOVEit zero day? (therecord.media)

Vulnerabilities

• Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks (thehackernews.com)

• Microsoft Teams attack exposes collab platform security gaps | TechTarget

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)

• Google Chrome 116's second point update addresses a security issue - gHacks Tech News

• Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)

• Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week

• This WordPress plugin with 5 million users could have a serious security flaw | TechRadar

• Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)

Tools and Controls

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

• Enterprise dark web monitoring: Why it's worth the investment | TechTarget

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• Here's What Your Breach Response Plan Might Be Missing (darkreading.com)

• The Middleware Threats to Microsoft's Monopoly | HackerNoon

• Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)

• Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)

• Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)

• Detecting the Undetected: The Risk to Your Info (securityintelligence.com)

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Other News

• Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)

• Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt

• When lives rely on equipment, cyber security is essential | Healthcare IT News

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Rising cyber incidents challenge healthcare organisations - Help Net Security

• Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)

• Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• 69% of educational organisations suffered cyber attack in the past year - Netwrix survey

• Claroty's 2023 Global Healthcare Cyber Security Study Exposes Widespread Vulnerabilities And Impact (informationsecuritybuzz.com)

• Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)

• Debunking The Top Five Cyber Security Myths (forbes.com)

• Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)

• Cyber Attacks Targeting E-commerce Applications (thehackernews.com)

• Industrial networks need better security as attacks gain scale | ZDNET

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

• Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

• Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

• Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

• Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

• Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

• Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

• 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

• The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

• The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

• SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors

Governance, Risk and Compliance

• Businesses are ignoring third-party security risks - Help Net Security

• Employees worry less about cyber security best practices in the summer - Help Net Security

• Digital-First Economy Has Transformed Role of CISO- IT Security Guru

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Over 130 Organisations, Millions of Individuals Believed to Be Impacted by MOVEit Hack - SecurityWeek

• MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)

• Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek

• UK cyber spies warn ransomware criminals targeting law firms • The Register

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Cl0p in Your Network? Here's How to Find Out (darkreading.com)

• Sixth anniversary of NotPetya - IT Security Guru

• July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert

• LockBit Dominates Ransomware World, New Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• 'Wagner' Ransomware Targets Computers in Russia | PCMag

Ransomware Victims

• Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica

• Manchester University Breach Victims Hit with Triple Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• 8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN

• MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)

• Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews

• UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)

• Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek

• Clop ransomware gang obtained personal data of 45,000 New York City students in MOVEit hack | Engadget

• 10 banks alleged victims of ransomware attacks on file transfer software | American Banker

• Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)

• Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET

• K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)

Phishing & Email Based Attacks

• Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• How a Layered Security Approach Can Minimise Email Threats - MSSP Alert

• Less than half of UK banks implement most secure DMARC level | CSO Online

• Over Half of UK Banks Are Exposing Customers to Email Fraud - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Widespread BEC attacks threaten European organisations - Help Net Security

• The Current State of Business Email Compromise Attacks (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Cyber Crime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering (thehackernews.com)

• How scammers use psychology to create some of the most convincing internet cons – and what to watch out for (theconversation.com)

• Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)

Artificial Intelligence

• Malwarebytes ChatGPT Survey Reveals 81% are Concerned by Generative AI Security Risks (darkreading.com)

• Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert

• ChatGPT users at risk for credential theft | TechTarget

• OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business

• Lawyers who cited fake cases invented by ChatGPT must pay • The Register

• Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)

• How to Deploy Generative AI Safely and Responsibly (trendmicro.com)

• Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)

• Does the world need an arms control treaty for AI? | CyberScoop

• When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)

2FA/MFA

• LastPass users furious after being locked out due to MFA resets (bleepingcomputer.com)

Malware

• SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)

• New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)

• Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online

• NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)

• Chinese state-backed hackers accidentally infected a European hospital with malware (therecord.media)

• Trojanized Super Mario Bros game spreads malware- - Security Affairs

• New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)

• NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)

• Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)

• North Korean Andariel APT used a new malware named EarlyRat - Security Affairs

Mobile

• Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge

• Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own – Naked Security (sophos.com)

• Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)

Denial of Service/DoS/DDOS

• Global rise in DDoS attacks threatens digital infrastructure - Help Net Security

• Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)

• Diablo IV video game hit by DDoS attacks • Graham Cluley

Internet of Things – IoT

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

• The tech flaw that lets hackers control surveillance cameras - BBC News

Data Breaches/Leaks

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• Latitude hit with $1 million lawsuit over data breach (9news.com.au)

• Recruitment portal exposes data of US pilot candidates • The Register

• Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers (darkreading.com)

• 3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)

• Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek

• US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)

Organised Crime & Criminal Actors

• 2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek

• Security analyst wanted by both Russia and the US • The Register

• Former Group-IB manager has been arrested in Kazahstan - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

• JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs

• Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)

Insider Risk and Insider Threats

• Employees worry less about cyber security best practices in the summer - Help Net Security

Fraud, Scams & Financial Crime

• How scammers use psychology to create some of the most convincing internet cons – and what to watch out for (theconversation.com)

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

• Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)

• Safety checks run down and boom time for criminals: this is why the UK is becoming the ‘dustbin of Europe’ | Polly Toynbee | The Guardian

• This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)

• The robotic falcon maker who was targeted by cyber criminals - BBC News

Deepfakes

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)

Insurance

• University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ

• Second Wave of Cyber Insurance | Arctic Wolf

• Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business

• How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)

Dark Web

• Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs

• Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)

Supply Chain and Third Parties

• Businesses are ignoring third-party security risks - Help Net Security

Cloud/SaaS

• 95% fear inadequate cloud security detection and response - Help Net Security

• The unhappy reality of cloud security in 2023 | InfoWorld

• Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online

• 5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert

• Uncovering attacker tactics through cloud honeypots - Help Net Security

• How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security

• Outlook for the web outage impacts users across America (bleepingcomputer.com)

• 3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)

Identity and Access Management

• 10 things every CISO needs to know about identity and access management (IAM) | VentureBeat

• Human vs Machine Identity Risk Management (trendmicro.com)

Encryption

• Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge

• Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer

• How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)

Open Source

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring The Anatomy Of A Linux Kernel Exploit | Hackaday

Passwords, Credential Stuffing & Brute Force Attacks

• A New Era Of Security: Are Passwords No Longer Fit For Purpose? (informationsecuritybuzz.com)

Social Media

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

Travel

• Employees worry less about cyber security best practices in the summer - Help Net Security

Cyber Bullying, Cyber Stalking and Sextortion

• Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek

Regulations, Fines and Legislation

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• US firm 'breached GDPR' by reputation-scoring EU citizens • The Register

• JP Morgan accidentally deletes 47 million comms records • The Register

Models, Frameworks and Standards

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• How to Reach Compliance with HIPAA (trendmicro.com)

Careers, Working in Cyber and Information Security

• SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online

• Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)

• Experts Unconvinced by Upskill in UK Cyber Program - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch

• Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs

• 2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)

• Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)

• What is Cyberwar? - SecurityWeek

• Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)

• Sachkov's Revenge: Jailed On Treason Charges, A Russian Cyber security Exec Goes On The Offensive (rferl.org)

• Microsoft hackers say they work for Sudan, not Russia | Fortune

• 'Chinese spy balloon' was 'crammed' with US hardware • The Register

• 'Wagner' Ransomware Targets Computers in Russia | PCMag

• Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop

China

• Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks (thehackernews.com)

• China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)

• Ministers accused of ‘letting Huawei off the hook’ after scrapping release of security report (telegraph.co.uk)

• Chinese state-backed hackers accidentally infected a European hospital with malware (therecord.media)

• 'Chinese spy balloon' was 'crammed' with US hardware • The Register

Iran

• The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop

• From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)

• Charming Kitten’s PowerStar Malware Evolves with Advanced Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer

North Korea

• New EarlyRAT malware linked to North Korean Andariel hacking group (bleepingcomputer.com)

Misc/Other/Unknown

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

Vulnerability Management

• SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)

• Cyber attackers Still Rely on Decades-Old Security Weaknesses & Tactics, Barracuda Reports - MSSP Alert

• Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)

• Micropatches: What they are and how they work - Help Net Security

• MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk? (thehackernews.com)

• When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)

• It's 2023 and out-of-bounds write bugs are still number one • The Register

Vulnerabilities

• VMware fixed five memory corruption issues in vCenter Server - Security Affairs

• US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)

• CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek

• Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)

• Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs

• Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek

• Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online

• Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs

• Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek

• Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts (thehackernews.com)

• Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)

• The tech flaw that lets hackers control surveillance cameras - BBC News

• Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)

Tools and Controls

• 95% fear inadequate cloud security detection and response - Help Net Security

• How a Layered Security Approach Can Minimize Email Threats - MSSP Alert

• ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)

• How API gateways improve API security | TechTarget

• Uncovering attacker tactics through cloud honeypots - Help Net Security

• How Active Directory Bridging Extends Security Automation to Hybrid IT Environments (darkreading.com)

• Are GPT-Based Models the Right Fit for AI-Powered Cyber security? - Infosecurity Magazine (infosecurity-magazine.com)

• 10 things every CISO needs to know about identity and access management (IAM) | VentureBeat

• FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)

• 3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)

Other News

• Submarine Cables at Growing Risk of Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Businesses count the cost of network downtime - Help Net Security

• Exploring the persistent threat of cyber attacks on healthcare - Help Net Security

• How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)

• Ex-FBI employee jailed for mishandling classified material • The Register

• Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek

• Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.