Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 January 2024

Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:

-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

-Cyber Insecurity and Misinformation Top WEF Global Risk List

-Why Effective Cyber Security and Risk Management are Crucial for Business Growth

-The Cost of Dealing with a Cyber Attack Doubled Last Year

-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

-Mandiant, SEC Lose Control of X Accounts Without 2FA

-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

-Cyber Security is the Number One Priority for the Financial Sector Again

-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.

When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.

Sources: [Lexology] [Security Brief]

Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.

Sources: [Data Breaches] [UK mortgage news] [The Hacker News]

Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.

Source: [TechRadar]

Cyber Insecurity and Misinformation Top WEF Global Risk List

In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.

Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.

Source: [Infosecurity Magazine]

Why Effective Cyber Security and Risk Management are Crucial for Business Growth

Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.

Source: [World Economic Forum]

The Cost of Dealing with a Cyber Attack Doubled Last Year

New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.

Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.

Source: [TechRadar]

Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.

The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.

Source: [Security Week] [Dark Reading]

Mandiant, SEC Lose Control of X Accounts Without 2FA

While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.

In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.

Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.

Source: [Dark Reading]

If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling.  Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.

Source: [Help Net Security]

82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.

Sources: [Infosecurity Magazine] [SecurityWeek]

Cyber Security is the Number One Priority for the Financial Sector Again

In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.

Sources: [The Fintech Times] [Islamic Finance News]

Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.

Source: [Security Boulevard]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities



Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28 January 2022

Black Arrow Cyber Threat Briefing 28 January 2022

-UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News

-Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report

-Ransomware Families Becoming More Sophisticated With Newer Attack Methods

-More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyberattacks

-Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks

-Shipment-Delivery Scams Become the Favoured Way to Spread Malware

-Most Ransomware Infections Are Self-Installed

-Staff Negligence Is Now A Major Reason For Insider Security Incidents

-22 Cyber Security Myths Organisations Need To Stop Believing In 2022

-Android Malware Can Factory-Reset Phones After Draining Bank Accounts

-GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

-Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News

UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.

The centre said it was unaware of any specific threats to UK organisations.

It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.

It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."

Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.

https://www.bbc.co.uk/news/uk-60158874

Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report

Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.

Hackers made up for some lost time last year.

After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.

All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.

“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021

Ransomware Families Becoming More Sophisticated With Newer Attack Methods

Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/

More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks

Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.

Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.

Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.

https://www.techrepublic.com/article/more-than-90-of-enterprises-surveyed-have-been-hit-by-successful-cyberattacks/

Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/

Shipment-Delivery Scams Become the Favoured Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.

Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.

The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.

https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Most Ransomware Infections Are Self-Installed

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.

The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.

Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.

The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.

Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.

https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/

Staff Negligence Is Now A Major Reason For Insider Security Incidents

Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.

Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.

When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.

https://www.zdnet.com/article/employee-contractor-negligence-is-now-a-major-reason-for-insider-security-incidents/

22 Cyber Security Myths Organisations Need To Stop Believing In 2022

Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?

Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.

https://www.csoonline.com/article/3648048/22-cybersecurity-myths-organisations-need-to-stop-believing-in-2022.html

Android Malware Can Factory-Reset Phones After Draining Bank Accounts

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

https://arstechnica.com/information-technology/2022/01/android-malware-can-factory-reset-phones-after-draining-bank-accounts/

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows

In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.

Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.

The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.

https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study

Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats

Last year Forbes wrote a couple of articles  that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem.  In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact.  Ransomware came on with a vengeance targeting many small and medium businesses.  

Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past.  Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022.  By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.

https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/

Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

The main areas they are predicting seeing rises in fraud are:

-Buy now, pay never

-Cryptocurrency scams

-Doubling ransomware attacks

-More increases in romance fraud

-Digital elder abuse will rise

https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/


Threats

Ransomware

Phishing

Other Social Engineering

Malware

Mobile

IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Supply Chain

DoS/DDoS

CNI, OT, ICS, IIoT and SCADA

Nation State Actors

Cloud

Privacy

Passwords & Credential Stuffing

Spyware, Espionage & Cyber Warfare

Vulnerabilities




Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More